private · d7b34a48ff17a7c2f7f938718525fa51c70c5686 · CodeLinaro / public-release-test / platform / system / sepolicy

An error occurred while fetching folder content.

sepolicy(hostapd): Add a HIDL interface for hostapd

Roshan Pius authored 7 years ago

* Note on cherry-pick: Some of the dependent changes are not in AOSP.
In order to keep hostapd running correctly in AOSP, I've modified this
change to only include policy additions.

Change sepolicy permissions to now classify hostapd as a HAL exposing
HIDL interface.

Sepolicy denial for accessing /data/vendor/misc/wifi/hostapd:
12-27 23:40:55.913  4952  4952 W hostapd : type=1400 audit(0.0:19): avc:
denied { write } for name="hostapd" dev="sda13" ino=4587601
scontext=u:r:hal_wifi_hostapd_default:s0
tcontext=u:object_r:system_data_file:s0 tclass=dir permissive=0

01-02 19:07:16.938  5791  5791 W hostapd : type=1400 audit(0.0:31): avc:
denied { search } for name="net" dev="sysfs" ino=30521
scontext=u:r:hal_wifi_hostapd_default:s0
tcontext=u:object_r:sysfs_net:s0 tclass=dir permissive=0

Bug: 36646171
Test: Device boots up and able to turn on SoftAp.
Change-Id: Ibacfcc938deab40096b54b8d0e608d53ca91b947
Merged-In: Ibacfcc938deab40096b54b8d0e608d53ca91b947
(cherry picked from commit 5bca3e86)

d7b34a48

Name	Last commit	Last update
..
compat
access_vectors
adbd.te
app.te
app_neverallows.te
asan_extract.te
atrace.te
audioserver.te
binder_in_vendor_violators.te
binderservicedomain.te
blank_screen.te
blkid.te
blkid_untrusted.te
bluetooth.te
bluetoothdomain.te
bootanim.te
bootstat.te
bpfloader.te
bufferhubd.te
bug_map
cameraserver.te
charger.te
clatd.te
coredomain.te
cppreopts.te
crash_dump.te
dex2oat.te
dexoptanalyzer.te
dhcp.te
dnsmasq.te
domain.te
drmserver.te
dumpstate.te
ephemeral_app.te
file.te
file_contexts
file_contexts_asan
fingerprintd.te
fs_use
fsck.te
fsck_untrusted.te
gatekeeperd.te
genfs_contexts
hal_allocator_default.te
halclientdomain.te
halserverdomain.te
healthd.te
hwservice_contexts
hwservicemanager.te
idmap.te
incident.te
incident_helper.te
incidentd.te
init.te
initial_sid_contexts
initial_sids
inputflinger.te
install_recovery.te
installd.te
isolated_app.te
kernel.te
keys.conf
keystore.te
lmkd.te
logd.te
logpersist.te
mac_permissions.xml
mdnsd.te
mediadrmserver.te
mediaextractor.te
mediametrics.te
mediaprovider.te
mediaserver.te
mls
mls_decl
mls_macros
modprobe.te
mtp.te
net.te
netd.te
netutils_wrapper.te
nfc.te
otapreopt_chroot.te
otapreopt_slot.te
perfetto.te
performanced.te
perfprofd.te
platform_app.te
policy_capabilities
port_contexts
postinstall.te
postinstall_dexopt.te
ppp.te
preopt2cachename.te
priv_app.te
profman.te
property_contexts
racoon.te
radio.te
recovery.te