type hostapd_nohidl, domain;
type hostapd_nohidl_exec, exec_type, vendor_file_type, file_type;

init_daemon_domain(hostapd_nohidl)
net_domain(hostapd_nohidl)

allow hostapd_nohidl execns:fd use;

allow hostapd_nohidl kernel:system module_request;

allow hostapd_nohidl hostapd_data_file:file r_file_perms;
allow hostapd_nohidl hostapd_data_file:dir r_dir_perms;
allow hostapd_nohidl self:capability { net_admin net_raw setgid setuid };
allow hostapd_nohidl self:netlink_generic_socket { bind create getattr read setopt write };
allow hostapd_nohidl self:netlink_route_socket nlmsg_write;
allow hostapd_nohidl self:packet_socket { create setopt read write };
allowxperm hostapd_nohidl self:udp_socket ioctl priv_sock_ioctls;

# hostapd will attempt to search sysfs but it's not needed and will spam the log
dontaudit hostapd_nohidl sysfs_net:dir search;