wifi_supplicant: refactor permissions

1. remove some duplicate permissions. 2. Grant permissions to su for dgram sockets in a way that is consistent to how we grant permissions to stream_sockets. Bug: 34980020 Test: build Change-Id: I50e01d51444a70ead3ef40b52eda8eb29732b46c

wifi_supplicant: refactor permissions
1. remove some duplicate permissions. 2. Grant permissions to su for dgram sockets in a way that is consistent to how we grant permissions to stream_sockets. Bug: 34980020 Test: build Change-Id: I50e01d51444a70ead3ef40b52eda8eb29732b46c
f6375971 · Jeff Vander Stoep · dd7e36c0 · f6375971 · f6375971
Commit f6375971 authored 7 years ago by Jeff Vander Stoep
--- a/public/domain.te
+++ b/public/domain.te
@@ -33,10 +33,9 @@ allow domain self:unix_stream_socket { create_stream_socket_perms connectto };
 allow domain init:fd use;
 userdebug_or_eng(`
-  # Same as adbd rules above, except allow su to do the same thing
-  allow domain su:unix_stream_socket connectto;
  allow domain su:fd use;
-  allow domain su:unix_stream_socket { getattr getopt read write shutdown };
+  allow domain su:unix_stream_socket { connectto getattr getopt read write shutdown };
+  allow domain su:unix_dgram_socket sendto;
  allow { domain -init } su:binder { call transfer };

--- a/public/hal_wifi_supplicant.te
+++ b/public/hal_wifi_supplicant.te
@@ -26,12 +26,6 @@ allow hal_wifi_supplicant wifi_data_file:file create_file_perms;
 allow hal_wifi_supplicant wpa_socket:dir create_dir_perms;
 allow hal_wifi_supplicant wpa_socket:sock_file create_file_perms;
-# Allow wpa_cli to work. wpa_cli creates a socket in
-# /data/misc/wifi/sockets which hal_wifi_supplicant supplicant communicates with.
-userdebug_or_eng(`
-  unix_socket_send(hal_wifi_supplicant, wpa, su)
-')
 ###
 ### neverallow rules
 ###