Merge "Add selinux policy for legacy Wifi HAL"

10960aec · Treehugger Robot · Gerrit Code Review · 60c436cb · a18b41e7 · 10960aec
Commit 10960aec authored 8 years ago by Treehugger Robot Committed by Gerrit Code Review 8 years ago
--- a/file_contexts
+++ b/file_contexts
@@ -215,6 +215,8 @@
 /system/bin/idmap u:object_r:idmap_exec:s0
 /system/bin/update_engine        u:object_r:update_engine_exec:s0
 /system/bin/bspatch              u:object_r:update_engine_exec:s0
+/system/bin/hw/wifi_hal_legacy   u:object_r:wifi_hal_legacy_exec:s0
+

 #############################
 # Vendor files

--- a/wifi_hal_legacy.te
+++ b/wifi_hal_legacy.te
+# wifi legacy hal
+type wifi_hal_legacy, domain;
+type wifi_hal_legacy_exec, exec_type, file_type;
+
+# may be started by init
+init_daemon_domain(wifi_hal_legacy)
+
+## hwbinder access
+hwbinder_use(wifi_hal_legacy)
+
+## call into wificond process (callbacks)
+binder_call(wifi_hal_legacy, wificond)
+
+r_dir_file(wifi_hal_legacy, proc_net)
+r_dir_file(wifi_hal_legacy, sysfs_type)
+
+allow wifi_hal_legacy self:udp_socket create_socket_perms;
+allow wifi_hal_legacy self:capability { net_admin net_raw };
+# allow wifi_hal_legacy to speak to nl80211 in the kernel
+allow wifi_hal_legacy self:netlink_socket create_socket_perms_no_ioctl;
+# newer kernels (e.g. 4.4 but not 4.1) have a new class for sockets
+allow wifi_hal_legacy self:netlink_generic_socket create_socket_perms_no_ioctl;
--- a/wificond.te
+++ b/wificond.te
@@ -8,6 +8,9 @@ binder_use(wificond)
 binder_call(wificond, system_server)
 binder_call(wificond, wpa)

+hwbinder_use(wificond)
+binder_call(wificond, wifi_hal_legacy)
+
 allow wificond wificond_service:service_manager { add find };

 # wificond writes firmware paths to this file.