From 3dd460ba2b5bae2a1b206c81b4284af72cf0a3d8 Mon Sep 17 00:00:00 2001 From: Sohani Rao <sohanirao@google.com> Date: Wed, 1 Mar 2017 10:25:44 -0800 Subject: [PATCH] SE Policy for Wifi Offload HAL Update SE Policy to allow calls to and callbacks from Wifi Offload HAL HIDL binderized service. Cherry pick from d56aa1982d15acfc2408271138dac43f1e5dc987 Bug: 32842314 Test: Unit tests, Mannual test to ensure Wifi can be brought up and connected to an AP, ensure that Offload HAL service is running and that that wificond can get the service handle by calling hwservicemanager. Change-Id: I0fc51a4152f1891c8d88967e75d45ded115e766e --- private/system_server.te | 1 + private/wificond.te | 1 + public/attributes | 3 +++ public/hal_wifi_offload.te | 6 ++++++ vendor/file_contexts | 1 + vendor/hal_wifi_offload_default.te | 5 +++++ 6 files changed, 17 insertions(+) create mode 100644 public/hal_wifi_offload.te create mode 100644 vendor/hal_wifi_offload_default.te diff --git a/private/system_server.te b/private/system_server.te index e9ffa82b8..aa4c18a36 100644 --- a/private/system_server.te +++ b/private/system_server.te @@ -191,6 +191,7 @@ hal_client_domain(system_server, hal_vibrator) binder_call(system_server, hal_vr) hal_client_domain(system_server, hal_vr) hal_client_domain(system_server, hal_wifi) +hal_client_domain(system_server, hal_wifi_offload) # TODO(b/34274385): Remove this once Wi-Fi Supplicant HAL is guaranteed to be binderized on full # Treble devices. Passthrough Wi-Fi Supplicant HAL makes system_server touch wpa_socket which is a diff --git a/private/wificond.te b/private/wificond.te index 5476e3385..cc7644745 100644 --- a/private/wificond.te +++ b/private/wificond.te @@ -1,3 +1,4 @@ typeattribute wificond coredomain; init_daemon_domain(wificond) +hal_client_domain(wificond, hal_wifi_offload) diff --git a/public/attributes b/public/attributes index b7f0701ce..0c533ced5 100644 --- a/public/attributes +++ b/public/attributes @@ -236,6 +236,9 @@ attribute hal_wifi_server; attribute hal_wifi_keystore; attribute hal_wifi_keystore_client; attribute hal_wifi_keystore_server; +attribute hal_wifi_offload; +attribute hal_wifi_offload_client; +attribute hal_wifi_offload_server; attribute hal_wifi_supplicant; attribute hal_wifi_supplicant_client; attribute hal_wifi_supplicant_server; diff --git a/public/hal_wifi_offload.te b/public/hal_wifi_offload.te new file mode 100644 index 000000000..dac5171b1 --- /dev/null +++ b/public/hal_wifi_offload.te @@ -0,0 +1,6 @@ +## HwBinder IPC from client to server, and callbacks +binder_call(hal_wifi_offload_client, hal_wifi_offload_server) +binder_call(hal_wifi_offload_server, hal_wifi_offload_client) + +r_dir_file(hal_wifi_offload, proc_net) +r_dir_file(hal_wifi_offload, sysfs_type) diff --git a/vendor/file_contexts b/vendor/file_contexts index ea0ef29f6..c160e0af0 100644 --- a/vendor/file_contexts +++ b/vendor/file_contexts @@ -29,6 +29,7 @@ /(vendor|system/vendor)/bin/hw/android\.hardware\.usb@1\.0-service u:object_r:hal_usb_default_exec:s0 /(vendor|system/vendor)/bin/hw/android\.hardware\.vibrator@1\.0-service u:object_r:hal_vibrator_default_exec:s0 /(vendor|system/vendor)/bin/hw/android\.hardware\.vr@1\.0-service u:object_r:hal_vr_default_exec:s0 +/(vendor|system/vendor)/bin/hw/android\.hardware\.wifi\.offload@1\.0-service u:object_r:hal_wifi_offload_default_exec:s0 /(vendor|system/vendor)/bin/hw/android\.hardware\.wifi@1\.0-service u:object_r:hal_wifi_default_exec:s0 /(vendor|system/vendor)/bin/hw/wpa_supplicant u:object_r:hal_wifi_supplicant_default_exec:s0 /(vendor|system/vendor)/bin/hostapd u:object_r:hostapd_exec:s0 diff --git a/vendor/hal_wifi_offload_default.te b/vendor/hal_wifi_offload_default.te new file mode 100644 index 000000000..95478626a --- /dev/null +++ b/vendor/hal_wifi_offload_default.te @@ -0,0 +1,5 @@ +type hal_wifi_offload_default, domain; +hal_server_domain(hal_wifi_offload_default, hal_wifi_offload) + +type hal_wifi_offload_default_exec, exec_type, file_type; +init_daemon_domain(hal_wifi_offload_default) -- GitLab