78 lines
2.1 KiB
Plaintext
78 lines
2.1 KiB
Plaintext
policy_module(eg25manager)
|
|
|
|
########################################
|
|
#
|
|
# eg25-manager (Debian package eg25-manager) is a daemon aimed at configuring
|
|
# and monitoring the Quectel EG25 modem on a running system. It is used on the
|
|
# PinePhone (Pro) and performs the
|
|
# following functions:
|
|
# * power on/off
|
|
# * startup configuration using AT commands
|
|
# * AGPS data upload
|
|
# * status monitoring (and restart if it becomes unavailable)
|
|
# Homepage: https://gitlab.com/mobian1/eg25-manager
|
|
|
|
########################################
|
|
#
|
|
# Declarations
|
|
#
|
|
|
|
type eg25manager_t;
|
|
type eg25manager_exec_t;
|
|
init_daemon_domain(eg25manager_t, eg25manager_exec_t)
|
|
|
|
type eg25manager_tmp_t;
|
|
files_tmp_file(eg25manager_tmp_t)
|
|
|
|
########################################
|
|
#
|
|
# Local policy
|
|
#
|
|
|
|
allow eg25manager_t self:netlink_route_socket { bind create getattr nlmsg_read read write };
|
|
allow eg25manager_t self:process { signal getsched setsched };
|
|
allow eg25manager_t self:tcp_socket { connect create getattr getopt read setopt write };
|
|
allow eg25manager_t self:udp_socket { connect create getattr read setopt write };
|
|
allow eg25manager_t self:unix_dgram_socket { create write };
|
|
|
|
files_tmp_filetrans(eg25manager_t, eg25manager_tmp_t, { file })
|
|
allow eg25manager_t eg25manager_tmp_t:file manage_file_perms;
|
|
|
|
kernel_read_system_state(eg25manager_t)
|
|
|
|
# for devicetree
|
|
dev_read_sysfs(eg25manager_t)
|
|
|
|
dev_read_urand(eg25manager_t)
|
|
dev_rw_gpiochip(eg25manager_t)
|
|
|
|
corenet_tcp_connect_http_port(eg25manager_t)
|
|
|
|
dbus_system_bus_client(eg25manager_t)
|
|
|
|
files_read_etc_files(eg25manager_t)
|
|
files_read_etc_symlinks(eg25manager_t)
|
|
files_read_usr_files(eg25manager_t)
|
|
|
|
logging_send_syslog_msg(eg25manager_t)
|
|
|
|
miscfiles_read_generic_certs(eg25manager_t)
|
|
miscfiles_read_localization(eg25manager_t)
|
|
|
|
# will not upload to pinephone modem without this
|
|
selinux_get_fs_mount(eg25manager_t)
|
|
|
|
sysnet_read_config(eg25manager_t)
|
|
|
|
systemd_dbus_chat_logind(eg25manager_t)
|
|
systemd_read_resolved_runtime(eg25manager_t)
|
|
systemd_use_logind_fds(eg25manager_t)
|
|
systemd_write_inherited_logind_inhibit_pipes(eg25manager_t)
|
|
|
|
term_use_unallocated_ttys(eg25manager_t)
|
|
|
|
optional_policy(`
|
|
modemmanager_dbus_chat(eg25manager_t)
|
|
')
|
|
|