sepolicy: add sys_module capability for hal_wifi_default

When enable AP with wlan2, wifi@1.0-service needs to create wlan2 iface if it is not exists. An avc denied message arises that warns wifi@1.0-service lacks sys_module capability, but finally wlan2 iface is still created. Fix the avc denied message by adding sys_module capability for hal_wifi_default. CRs-Fixed: 3138698 Change-Id: I24fe42a77c135b9a11710c530904eec34e2b5daf
2022-03-04 15:04:53 +08:00 · 2022-03-04 15:04:53 +08:00 · 12aff57648
commit 12aff57648
parent 94ca800262
1 changed files with 3 additions and 0 deletions
--- a/generic/vendor/common/hal_wifi.te
+++ b/generic/vendor/common/hal_wifi.te
@ -30,6 +30,9 @@
 # allow hal_wifi to write into /proc/debugdriver/driverdump
 r_dir_file(hal_wifi_default, vendor_proc_wifi_dbg)

+# allow hal_wifi_default sys_module capability
+allow hal_wifi_default self:capability sys_module;
+
 # write to files owned by location daemon
 allow hal_wifi_default vendor_location_socket:dir rw_dir_perms;
 allow hal_wifi_default vendor_location_socket: {sock_file lnk_file } create_file_perms;