policy_module(hostapd, 1.1.0) ######################################## # # Declarations # type hostapd_t; type hostapd_exec_t; init_daemon_domain(hostapd_t, hostapd_exec_t) type hostapd_conf_t; files_type(hostapd_conf_t) type hostapd_runtime_t alias hostapd_var_run_t; files_runtime_file(hostapd_runtime_t) ######################################## # # hostapd local policy # allow hostapd_t self:capability { fsetid chown net_admin net_raw dac_read_search dac_override }; allow hostapd_t self:fifo_file rw_fifo_file_perms; allow hostapd_t self:unix_stream_socket create_stream_socket_perms; allow hostapd_t self:netlink_socket create_socket_perms; allow hostapd_t self:netlink_generic_socket create_socket_perms; allow hostapd_t self:netlink_route_socket create_netlink_socket_perms; allow hostapd_t self:packet_socket create_socket_perms; read_files_pattern(hostapd_t, hostapd_conf_t, hostapd_conf_t) manage_dirs_pattern(hostapd_t, hostapd_runtime_t, hostapd_runtime_t) manage_files_pattern(hostapd_t, hostapd_runtime_t, hostapd_runtime_t) manage_lnk_files_pattern(hostapd_t, hostapd_runtime_t, hostapd_runtime_t) manage_sock_files_pattern(hostapd_t, hostapd_runtime_t, hostapd_runtime_t) files_runtime_filetrans(hostapd_t, hostapd_runtime_t, { dir file lnk_file sock_file }) kernel_read_system_state(hostapd_t) kernel_read_network_state(hostapd_t) kernel_request_load_module(hostapd_t) kernel_rw_net_sysctls(hostapd_t) dev_rw_sysfs(hostapd_t) dev_read_rand(hostapd_t) dev_read_urand(hostapd_t) dev_read_sysfs(hostapd_t) dev_rw_wireless(hostapd_t) domain_use_interactive_fds(hostapd_t) auth_use_nsswitch(hostapd_t) logging_send_syslog_msg(hostapd_t) miscfiles_read_localization(hostapd_t)