From 02ed21e85102dc71c8b01d6f2c4e0a3cea1af862 Mon Sep 17 00:00:00 2001
From: Roshan Pius <rpius@google.com>
Date: Tue, 6 Dec 2016 17:17:41 -0800
Subject: [PATCH] hal_wifi: Allow system_server to access wifi HIDL services

We're going to be using Android framework directly to invoke Wifi HIDL
calls. So, change permissions appropriately.

Bug: 33398154
Test: Verfied that framework is able to make HIDL calls using
go/aog/310610.

Change-Id: I4d0d88961753ad73f3876aec58b26b89486cc02a
---
 public/hal_wifi.te      |  4 ++--
 public/system_server.te | 19 ++++++++++++-------
 public/wificond.te      |  4 ----
 public/wpa.te           |  2 +-
 4 files changed, 15 insertions(+), 14 deletions(-)

diff --git a/public/hal_wifi.te b/public/hal_wifi.te
index 1f117d22d..a883d7907 100644
--- a/public/hal_wifi.te
+++ b/public/hal_wifi.te
@@ -5,8 +5,8 @@ type hal_wifi_exec, exec_type, file_type;
 ## hwbinder access
 hwbinder_use(hal_wifi)
 
-## call into wificond process (callbacks)
-binder_call(hal_wifi, wificond)
+## call into system_server process (for invoking callbacks)
+binder_call(hal_wifi, system_server)
 
 r_dir_file(hal_wifi, proc_net)
 r_dir_file(hal_wifi, sysfs_type)
diff --git a/public/system_server.te b/public/system_server.te
index 36e95ab8b..146e55735 100644
--- a/public/system_server.te
+++ b/public/system_server.te
@@ -146,13 +146,6 @@ allow system_server surfaceflinger:unix_stream_socket { read write setopt };
 
 # Perform Binder IPC.
 binder_use(system_server)
-binder_call(system_server, hal_boot)
-binder_call(system_server, hal_light)
-binder_call(system_server, hal_memtrack)
-binder_call(system_server, hal_power)
-binder_call(system_server, hal_thermal)
-binder_call(system_server, hal_vibrator)
-binder_call(system_server, hal_vr)
 binder_call(system_server, { appdomain ephemeral_app })
 binder_call(system_server, binderservicedomain)
 binder_call(system_server, dumpstate)
@@ -163,6 +156,18 @@ binder_call(system_server, netd)
 binder_call(system_server, wificond)
 binder_service(system_server)
 
+# Perform HwBinder IPC.
+hwbinder_use(system_server)
+binder_call(system_server, hal_boot)
+binder_call(system_server, hal_light)
+binder_call(system_server, hal_memtrack)
+binder_call(system_server, hal_power)
+binder_call(system_server, hal_thermal)
+binder_call(system_server, hal_vibrator)
+binder_call(system_server, hal_vr)
+binder_call(system_server, hal_wifi)
+binder_call(system_server, wpa)
+
 # Ask debuggerd to dump backtraces for native stacks of interest.
 #
 # This is derived from the list that system server defines as interesting native processes
diff --git a/public/wificond.te b/public/wificond.te
index c6b85fccf..0fcc3ae9b 100644
--- a/public/wificond.te
+++ b/public/wificond.te
@@ -5,10 +5,6 @@ type wificond_exec, exec_type, file_type;
 binder_use(wificond)
 binder_call(wificond, system_server)
 
-hwbinder_use(wificond)
-binder_call(wificond, hal_wifi)
-binder_call(wificond, wpa)
-
 allow wificond wificond_service:service_manager { add find };
 
 # wificond writes firmware paths to this file.
diff --git a/public/wpa.te b/public/wpa.te
index 83276c80c..20fcd5368 100644
--- a/public/wpa.te
+++ b/public/wpa.te
@@ -26,7 +26,7 @@ binder_use(wpa)
 
 # HIDL interface exposed by WPA.
 hwbinder_use(wpa)
-binder_call(wpa, wificond)
+binder_call(wpa, system_server)
 
 # Create a socket for receiving info from wpa
 allow wpa wpa_socket:dir create_dir_perms;
-- 
GitLab