sepolicy: Resolve wifi denials the proper way

Change-Id: Ic816a114fa1fe59a869b070b3a8676c550e999e9
AdrianDC · Aug 18, 2020 · 5832c4f · 5832c4f
1 parent d85f6ed
commit 5832c4f
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 0 deletions.
diff --git a/sepolicy/file.te b/sepolicy/file.te
@@ -24,3 +24,4 @@ type debugfs_asoc, debugfs_type, fs_type;
 
 # /dev/socket
 type tad_socket, file_type;
+type wifihal_socket, file_type, data_file_type;
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
@@ -18,6 +18,7 @@
 /dev/smd([0-9])+                                                                  u:object_r:smd_device:s0
 /dev/smdcntl[0-7]                                                                 u:object_r:radio_device:s0
 /dev/socket/tad                                                                   u:object_r:tad_socket:s0
+/dev/socket/wifihal(/.*)?                                                         u:object_r:wifihal_socket:s0
 /dev/stune(/.*)?                                                                  u:object_r:cgroup:s0
 
 # /system
@@ -36,6 +37,7 @@
 /(vendor|system/vendor)/bin/hw/android\.hardware\.light@2\.0-service\..*          u:object_r:hal_light_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.power@1\.[0-9]+-service\..*     u:object_r:hal_power_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.vibrator@1\.0-service\..*       u:object_r:hal_vibrator_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.wifi@1\.0-service\..*           u:object_r:hal_wifi_default_exec:s0
 /(vendor|system/vendor)/bin/macaddrsetup                                          u:object_r:macaddrsetup_exec:s0
 /(vendor|system/vendor)/bin/tad_static                                            u:object_r:tad_exec:s0
 /(vendor|system/vendor)/bin/thermanager                                           u:object_r:thermanager_exec:s0

diff --git a/sepolicy/hal_wifi_default.te b/sepolicy/hal_wifi_default.te
@@ -0,0 +1,4 @@
+#============= hal_wifi_default ==============
+allow hal_wifi_default wifihal_socket:dir rw_dir_perms;
+allow hal_wifi_default wifihal_socket:sock_file create_file_perms;
+allow hal_wifi_default proc_net:file w_file_perms;
Original file line number	Diff line number	Diff line change
Expand Up		@@ -24,3 +24,4 @@ type debugfs_asoc, debugfs_type, fs_type;

		# /dev/socket
		type tad_socket, file_type;
		type wifihal_socket, file_type, data_file_type;