platform_system_sepolicy/vendor/hal_wifi_supplicant_default.te

# wpa supplicant or equivalent
type hal_wifi_supplicant_default, domain;
hal_server_domain(hal_wifi_supplicant_default, hal_wifi_supplicant)
type hal_wifi_supplicant_default_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(hal_wifi_supplicant_default)

net_domain(hal_wifi_supplicant_default)
# Create a socket for receiving info from wpa
type_transition hal_wifi_supplicant_default wifi_data_file:dir wpa_socket "sockets";

# Allow wpa_supplicant to configure nl80211
allow hal_wifi_supplicant_default proc_net:file write;

# Allow wpa_supplicant to talk to Wifi Keystore HwBinder service.
hwbinder_use(hal_wifi_supplicant_default)
allow hal_wifi_supplicant_default system_wifi_keystore_hwservice:hwservice_manager find;
binder_call(hal_wifi_supplicant_default, wifi_keystore_service_server)

# Write to security logs for audit.
get_prop(hal_wifi_supplicant_default, device_logging_prop)

# Devices upgrading to P may grant this permission in device-specific
# policy along with the data_between_core_and_vendor_violators
# attribute needed for an exemption.  However, devices that launch with
# P should use /data/vendor/wifi, which is already granted in core
# policy.  This is dontaudited here to avoid conditional
# device-specific behavior in wpa_supplicant.
dontaudit hal_wifi_supplicant_default wifi_data_file:dir search;
sepolicy: Make wpa_supplicant a HIDL service Note: The existing rules allowing socket communication will be removed once we migrate over to HIDL completely. (cherry-pick of 2a9595ede2c9a224686e619c2ee5c976dd324ac0) Bug: 34603782 Test: Able to connect to wifi networks. Test: Will be sending for full wifi integration tests (go/wifi-test-request) Change-Id: I9ee238fd0017ec330f6eb67ef9049211f7bd4615 2017-02-19 06:32:32 +01:00			`# wpa supplicant or equivalent`
			`type hal_wifi_supplicant_default, domain;`
			`hal_server_domain(hal_wifi_supplicant_default, hal_wifi_supplicant)`
sepolicy: make exec_types in /vendor a subset of vendor_file_type We install all default hal implementations in /vendor/bin/hw along with a few domains that are defined in vendor policy and installed in /vendor. These files MUST be a subset of the global 'vendor_file_type' which is used to address all files installed in /vendor throughout the policy. Bug: 36463595 Test: Boot sailfish without any new denials Change-Id: I3d26778f9a26f9095f49d8ecc12f2ec9d2f4cb41 Signed-off-by: Sandeep Patil <sspatil@google.com> 2017-04-10 22:03:28 +02:00			`type hal_wifi_supplicant_default_exec, exec_type, vendor_file_type, file_type;`
sepolicy: Make wpa_supplicant a HIDL service Note: The existing rules allowing socket communication will be removed once we migrate over to HIDL completely. (cherry-pick of 2a9595ede2c9a224686e619c2ee5c976dd324ac0) Bug: 34603782 Test: Able to connect to wifi networks. Test: Will be sending for full wifi integration tests (go/wifi-test-request) Change-Id: I9ee238fd0017ec330f6eb67ef9049211f7bd4615 2017-02-19 06:32:32 +01:00			`init_daemon_domain(hal_wifi_supplicant_default)`

			`net_domain(hal_wifi_supplicant_default)`
			`# Create a socket for receiving info from wpa`
			`type_transition hal_wifi_supplicant_default wifi_data_file:dir wpa_socket "sockets";`
Vendor domains must not use Binder On PRODUCT_FULL_TREBLE devices, non-vendor domains (except vendor apps) are not permitted to use Binder. This commit thus: * groups non-vendor domains using the new "coredomain" attribute, * adds neverallow rules restricting Binder use to coredomain and appdomain only, and * temporarily exempts the domains which are currently violating this rule from this restriction. These domains are grouped using the new "binder_in_vendor_violators" attribute. The attribute is needed because the types corresponding to violators are not exposed to the public policy where the neverallow rules are. Test: mmm system/sepolicy Test: Device boots, no new denials Test: In Chrome, navigate to ip6.me, play a YouTube video Test: YouTube: play a video Test: Netflix: play a movie Test: Google Camera: take a photo, take an HDR+ photo, record video with sound, record slow motion video with sound. Confirm videos play back fine and with sound. Bug: 35870313 Change-Id: I0cd1a80b60bcbde358ce0f7a47b90f4435a45c95 2017-03-23 22:27:32 +01:00
Allow wpa_supplicant to write to files in /proc/net. This is needed for interface configuration - see e.g. nl80211_configure_data_frame_filters. Bug: 77903086 Test: WiFi still working Change-Id: I4b5e2b59eeeb6d0ac19dbcbcf0e7e80942247893 2018-04-18 18:46:53 +02:00			`# Allow wpa_supplicant to configure nl80211`
			`allow hal_wifi_supplicant_default proc_net:file write;`

Wifi Keystore HAL is not a HAL Wifi Keystore HAL is a HwBinder service (currently offered by keystore daemon) which is used by Wifi Supplicant HAL. This commit thus switches the SELinux policy of Wifi Keystore HAL to the approach used for non-HAL HwBinder services. The basic idea is simimilar to how we express Binder services in the policy, with two tweaks: (1) we don't have 'hwservicemanager find' and thus there's no add_hwservice macro, and (2) we need loosen the coupling between core and vendor components. For example, it should be possible to move a HwBinder service offered by a core component into another core component, without having to update the SELinux policy of the vendor image. We thus annotate all components offering HwBinder service x across the core-vendor boundary with x_server, which enables the policy of clients to contain rules of the form: binder_call(mydomain, x_server), and, if the service uses IPC callbacks, also binder_call(x_server, mydomain). Test: mmm system/sepolicy Test: sesearch indicates to changes to binder { call transfer} between keystore and hal_wifi_supplicant_default domains Bug: 36896667 Change-Id: I45c4ce8159b63869d7bb6df5c812c5291776d892 2017-04-04 23:56:31 +02:00			`# Allow wpa_supplicant to talk to Wifi Keystore HwBinder service.`
			`hwbinder_use(hal_wifi_supplicant_default)`
Restrict access to hwservicemanager This adds fine-grained policy about who can register and find which HwBinder services in hwservicemanager. Test: Play movie in Netflix and Google Play Movies Test: Play video in YouTube app and YouTube web page Test: In Google Camera app, take photo (HDR+ and conventional), record video (slow motion and normal), and check that photos look fine and videos play back with sound. Test: Cast screen to a Google Cast device Test: Get location fix in Google Maps Test: Make and receive a phone call, check that sound works both ways and that disconnecting the call frome either end works fine. Test: Run RsHelloCompute RenderScript demo app Test: Run fast subset of media CTS tests: make and install CtsMediaTestCases.apk adb shell am instrument -e size small \ -w 'android.media.cts/android.support.test.runner.AndroidJUnitRunner' Test: Play music using Google Play music Test: Adjust screen brightness via the slider in Quick Settings Test: adb bugreport Test: Enroll in fingerprint screen unlock, unlock screen using fingerprint Test: Apply OTA update: Make some visible change, e.g., rename Settings app. make otatools && \ make dist Ensure device has network connectivity ota_call.py -s <serial here> --file out/dist/sailfish-ota-*.zip Confirm the change is now live on the device Bug: 34454312 (cherry picked from commit 632bc494f199d9d85c37c1751667fe41f4b094cb) Merged-In: Iecf74000e6c68f01299667486f3c767912c076d3 Change-Id: I7a9a487beaf6f30c52ce08e04d415624da49dd31 2017-04-14 04:05:27 +02:00			`allow hal_wifi_supplicant_default system_wifi_keystore_hwservice:hwservice_manager find;`
Wifi Keystore HAL is not a HAL Wifi Keystore HAL is a HwBinder service (currently offered by keystore daemon) which is used by Wifi Supplicant HAL. This commit thus switches the SELinux policy of Wifi Keystore HAL to the approach used for non-HAL HwBinder services. The basic idea is simimilar to how we express Binder services in the policy, with two tweaks: (1) we don't have 'hwservicemanager find' and thus there's no add_hwservice macro, and (2) we need loosen the coupling between core and vendor components. For example, it should be possible to move a HwBinder service offered by a core component into another core component, without having to update the SELinux policy of the vendor image. We thus annotate all components offering HwBinder service x across the core-vendor boundary with x_server, which enables the policy of clients to contain rules of the form: binder_call(mydomain, x_server), and, if the service uses IPC callbacks, also binder_call(x_server, mydomain). Test: mmm system/sepolicy Test: sesearch indicates to changes to binder { call transfer} between keystore and hal_wifi_supplicant_default domains Bug: 36896667 Change-Id: I45c4ce8159b63869d7bb6df5c812c5291776d892 2017-04-04 23:56:31 +02:00			`binder_call(hal_wifi_supplicant_default, wifi_keystore_service_server)`
Allow wpa_supplicant to read security logging property. This is needed to allow it to log audit events, e.g. cert validation failure. Bug: 70886042 Test: manual, attempt connecting to EAP-TLS wifi with bad cert. Merged-In: Ia1b0f3c6e02697fdb5018082d5c851f116013fb1 Change-Id: Ia1b0f3c6e02697fdb5018082d5c851f116013fb1 2018-02-13 17:35:10 +01:00
			`# Write to security logs for audit.`
			`get_prop(hal_wifi_supplicant_default, device_logging_prop)`
Hide denial for wpa_supplicant writing to /data/misc/wifi. It should instead write to /data/vendor/wifi. Bug: 36645291 Test: Built policy. Change-Id: Ib7ba3477fbc03ebf07b886c60bcf4a64b954934a 2018-03-10 00:47:47 +01:00
			`# Devices upgrading to P may grant this permission in device-specific`
			`# policy along with the data_between_core_and_vendor_violators`
			`# attribute needed for an exemption. However, devices that launch with`
			`# P should use /data/vendor/wifi, which is already granted in core`
			`# policy. This is dontaudited here to avoid conditional`
			`# device-specific behavior in wpa_supplicant.`
			`dontaudit hal_wifi_supplicant_default wifi_data_file:dir search;`