platform_system_sepolicy/vendor/hal_wifi_default.te

type hal_wifi_default, domain;
hal_server_domain(hal_wifi_default, hal_wifi)

type hal_wifi_default_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(hal_wifi_default)
Group all HAL impls using haldomain attribute This marks all HAL domain implementations with the haldomain attribute so that rules can be written which apply to all HAL implementations. This follows the pattern used for appdomain, netdomain and bluetoothdomain. Test: No change to policy according to sesearch. Bug: 34180936 Change-Id: I0cfe599b0d49feed36538503c226dfce41eb65f6 2017-01-11 00:54:25 +01:00			`type hal_wifi_default, domain;`
Switch Wi-Fi HAL policy to _client/_server This switches Wi-Fi HAL policy to the design which enables us to conditionally remove unnecessary rules from domains which are clients of Wi-Fi HAL. Domains which are clients of Wi-Fi HAL, such as system_server domain, are granted rules targeting hal_wifi only when the Wi-Fi HAL runs in passthrough mode (i.e., inside the client's process). When the HAL runs in binderized mode (i.e., in another process/domain, with clients talking to the HAL over HwBinder IPC), rules targeting hal_wifi are not granted to client domains. Domains which offer a binderized implementation of Wi-Fi HAL, such as hal_wifi_default domain, are always granted rules targeting hal_wifi. Test: Setup Wizard (incl. adding a Google Account) completes fine with Wi-Fi connectivity only Test: Toggle Wi-Fi off, on, off, on Test: Use System UI to see list of WLANs and connect to one which does not require a password, and to one which requries a PSK Test: ip6.me loads fine in Chrome over Wi-Fi Bug: 34170079 Change-Id: I7a216a06727c88b7f2c23d529f67307e83bed17f 2017-02-23 00:12:19 +01:00			`hal_server_domain(hal_wifi_default, hal_wifi)`
All hal policies expressed as attributes. Bug: 32123421 Bug: 32905206 Test: compiles, nfc works Change-Id: Ibf72ef70255573e4df0863ea640354b3c37eb47d 2016-12-13 21:17:09 +01:00
sepolicy: make exec_types in /vendor a subset of vendor_file_type We install all default hal implementations in /vendor/bin/hw along with a few domains that are defined in vendor policy and installed in /vendor. These files MUST be a subset of the global 'vendor_file_type' which is used to address all files installed in /vendor throughout the policy. Bug: 36463595 Test: Boot sailfish without any new denials Change-Id: I3d26778f9a26f9095f49d8ecc12f2ec9d2f4cb41 Signed-off-by: Sandeep Patil <sspatil@google.com> 2017-04-10 22:03:28 +02:00			`type hal_wifi_default_exec, exec_type, vendor_file_type, file_type;`
All hal policies expressed as attributes. Bug: 32123421 Bug: 32905206 Test: compiles, nfc works Change-Id: Ibf72ef70255573e4df0863ea640354b3c37eb47d 2016-12-13 21:17:09 +01:00			`init_daemon_domain(hal_wifi_default)`