platform_device_qcom_sepoli.../legacy/vendor/common/hostapd.te
Jaihind Yadav 78f021fe6a sepolicy: moving qssi supported legacy target here.
Change-Id: Ife7e851823afc1dcbf2f561c8079795e909544bc
2019-02-18 21:49:10 -08:00

71 lines
3.1 KiB
Text

# Copyright (c) 2015,2017, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of The Linux Foundation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
# Allow hostapd_cli to work. hostapd_cli creates a socket in
# /data/misc/wifi/sockets which hostapd communicates with.
#
# userspace wifi access points
type hostapd, domain;
type hostapd_exec, exec_type, vendor_file_type, file_type;
userdebug_or_eng(`
unix_socket_send(hostapd, wifi_vendor_wpa, su)
')
binder_call(hostapd, cnd)
unix_socket_connect(hostapd, cnd, cnd)
unix_socket_send(hostapd, cnd, cnd)
allow hostapd cnd:{
fifo_file
netlink_route_socket
netlink_tcpdiag_socket
unix_stream_socket
unix_dgram_socket} { read write };
allow hostapd cnd:fifo_file r_file_perms;
allow hostapd smem_log_device:chr_file rw_file_perms;
allow hostapd fstman:unix_dgram_socket sendto;
allow hostapd wifi_vendor_data_file:dir w_dir_perms;
allow hostapd wifi_vendor_data_file:file create_file_perms;
allow hostapd hostapd_data_file:dir w_dir_perms;
allow hostapd hostapd_data_file:sock_file create_file_perms;
# wigig_hostapd has its own directory for sockets,
# in order to prevent conflicts with wifi hostapd
# allow wigig_hostapd to create the directory holding its control socket
allow hostapd wigig_hostapd_socket:dir create_dir_perms;
# wigig_hostapd needs to create, bind to, read and write its control socket
allow hostapd wigig_hostapd_socket:sock_file create_file_perms;
# allow wigig_hostapd to send replies to wigighalsvc
allow hostapd wigighalsvc:unix_dgram_socket sendto;
# allow hostapd to attach to fstman socket
allow hostapd wifi_vendor_wpa_socket:dir r_dir_perms;
allow hostapd wifi_vendor_wpa_socket:sock_file rw_file_perms;
#diag
userdebug_or_eng(`
diag_use(hostapd)
')