From 97db27d8c535b8ffc704c62f2c0b65e57001649b Mon Sep 17 00:00:00 2001
From: Christopher Wiley <wiley@google.com>
Date: Thu, 30 Jun 2016 14:23:12 -0700
Subject: [PATCH] Define explicit label for wlan sysfs fwpath

avc: denied { write } for name="fwpath" dev="sysfs" ino=6863
scontext=u:r:wificond:s0 tcontext=u:object_r:sysfs_wlan_fwpath:s0
tclass=file permissive=0

Test: wificond and netd can write to this path, wifi works
Test: `runtest frameworks-wifi` passes

Bug: 29579539

Change-Id: Ia21c654b00b09b9fe3e50d564b82966c9c8e6994
(cherry picked from commit 7d13dd806f37523ba8164325fef9b000d6eacd7c)
---
 file.te       | 2 ++
 file_contexts | 1 +
 netd.te       | 8 ++++++--
 wificond.te   | 2 ++
 4 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/file.te b/file.te
index 235ac77ed..693d513c2 100644
--- a/file.te
+++ b/file.te
@@ -39,6 +39,8 @@ type configfs, fs_type;
 type sysfs_devices_system_cpu, fs_type, sysfs_type;
 # /sys/module/lowmemorykiller
 type sysfs_lowmemorykiller, fs_type, sysfs_type;
+# /sys/module/wlan/parameters/fwpath
+type sysfs_wlan_fwpath, fs_type, sysfs_type;
 
 type sysfs_thermal, sysfs_type, fs_type;
 
diff --git a/file_contexts b/file_contexts
index 5eec7616a..7d55abe69 100644
--- a/file_contexts
+++ b/file_contexts
@@ -369,6 +369,7 @@
 /sys/power/wake_unlock -- u:object_r:sysfs_wake_lock:s0
 /sys/kernel/uevent_helper --	u:object_r:usermodehelper:s0
 /sys/module/lowmemorykiller(/.*)? -- u:object_r:sysfs_lowmemorykiller:s0
+/sys/module/wlan/parameters/fwpath u:object_r:sysfs_wlan_fwpath:s0
 
 #############################
 # debugfs files
diff --git a/netd.te b/netd.te
index 9b44e4bdf..98da0122b 100644
--- a/netd.te
+++ b/netd.te
@@ -28,10 +28,14 @@ allow netd devpts:chr_file rw_file_perms;
 # For /proc/sys/net/ipv[46]/route/flush.
 allow netd proc_net:file write;
 
-# For /sys/modules/bcmdhd/parameters/firmware_path
-# XXX Split into its own type.
+# Enables PppController and interface enumeration (among others)
+r_dir_file(netd, sysfs_type)
+# Allows setting interface MTU
 allow netd sysfs:file write;
 
+# For /sys/modules/bcmdhd/parameters/firmware_path
+allow netd sysfs_wlan_fwpath:file w_file_perms;
+
 # TODO: added to match above sysfs rule. Remove me?
 allow netd sysfs_usb:file write;
 
diff --git a/wificond.te b/wificond.te
index 0da5f380b..2f100dbae 100644
--- a/wificond.te
+++ b/wificond.te
@@ -9,3 +9,5 @@ binder_call(wificond, system_server)
 binder_call(wificond, wpa)
 
 allow wificond wificond_service:service_manager { add find };
+
+allow wificond sysfs_wlan_fwpath:file w_file_perms;
-- 
GitLab