From 325bf7259227b15a6b356051d90d5a89ad739a4d Mon Sep 17 00:00:00 2001 From: Sohani Rao Date: Wed, 1 Mar 2017 10:25:44 -0800 Subject: [PATCH] SE Policy for Wifi Offload HAL Update SE Policy to allow calls to and callbacks from Wifi Offload HAL HIDL binderized service. Combined cherry pick from d56aa1982d15acfc2408271138dac43f1e5dc987 and 66e27bf502246c8e8870b7b3e2573a8c87e89fe1 Bug: 32842314 Test: Unit tests, Mannual test to ensure Wifi can be brought up and connected to an AP, ensure that Offload HAL service is running and that that wificond can get the service handle by calling hwservicemanager. Change-Id: I0fc51a4152f1891c8d88967e75d45ded115e766e --- private/system_server.te | 1 + private/wificond.te | 1 + public/attributes | 3 +++ public/hal_wifi_offload.te | 6 ++++++ vendor/file_contexts | 1 + vendor/hal_wifi_offload_default.te | 5 +++++ 6 files changed, 17 insertions(+) create mode 100644 public/hal_wifi_offload.te create mode 100644 vendor/hal_wifi_offload_default.te diff --git a/private/system_server.te b/private/system_server.te index 925c82d8d..634101769 100644 --- a/private/system_server.te +++ b/private/system_server.te @@ -194,6 +194,7 @@ hal_client_domain(system_server, hal_vibrator) hal_client_domain(system_server, hal_vr) hal_client_domain(system_server, hal_weaver) hal_client_domain(system_server, hal_wifi) +hal_client_domain(system_server, hal_wifi_offload) hal_client_domain(system_server, hal_wifi_supplicant) binder_call(system_server, mediacodec) diff --git a/private/wificond.te b/private/wificond.te index 5476e3385..cc7644745 100644 --- a/private/wificond.te +++ b/private/wificond.te @@ -1,3 +1,4 @@ typeattribute wificond coredomain; init_daemon_domain(wificond) +hal_client_domain(wificond, hal_wifi_offload) diff --git a/public/attributes b/public/attributes index 66c3a14e2..b13f75c41 100644 --- a/public/attributes +++ b/public/attributes @@ -261,6 +261,9 @@ attribute hal_wifi_server; attribute hal_wifi_keystore; attribute hal_wifi_keystore_client; attribute hal_wifi_keystore_server; +attribute hal_wifi_offload; +attribute hal_wifi_offload_client; +attribute hal_wifi_offload_server; attribute hal_wifi_supplicant; attribute hal_wifi_supplicant_client; attribute hal_wifi_supplicant_server; diff --git a/public/hal_wifi_offload.te b/public/hal_wifi_offload.te new file mode 100644 index 000000000..dac5171b1 --- /dev/null +++ b/public/hal_wifi_offload.te @@ -0,0 +1,6 @@ +## HwBinder IPC from client to server, and callbacks +binder_call(hal_wifi_offload_client, hal_wifi_offload_server) +binder_call(hal_wifi_offload_server, hal_wifi_offload_client) + +r_dir_file(hal_wifi_offload, proc_net) +r_dir_file(hal_wifi_offload, sysfs_type) diff --git a/vendor/file_contexts b/vendor/file_contexts index ac5d1d0d9..e7a371a06 100644 --- a/vendor/file_contexts +++ b/vendor/file_contexts @@ -30,6 +30,7 @@ /(vendor|system/vendor)/bin/hw/android\.hardware\.usb@1\.0-service u:object_r:hal_usb_default_exec:s0 /(vendor|system/vendor)/bin/hw/android\.hardware\.vibrator@1\.0-service u:object_r:hal_vibrator_default_exec:s0 /(vendor|system/vendor)/bin/hw/android\.hardware\.vr@1\.0-service u:object_r:hal_vr_default_exec:s0 +/(vendor|system/vendor)/bin/hw/android\.hardware\.wifi\.offload@1\.0-service u:object_r:hal_wifi_offload_default_exec:s0 /(vendor|system/vendor)/bin/hw/android\.hardware\.wifi@1\.0-service u:object_r:hal_wifi_default_exec:s0 /(vendor|system/vendor)/bin/hw/wpa_supplicant u:object_r:hal_wifi_supplicant_default_exec:s0 /(vendor|system/vendor)/bin/hostapd u:object_r:hostapd_exec:s0 diff --git a/vendor/hal_wifi_offload_default.te b/vendor/hal_wifi_offload_default.te new file mode 100644 index 000000000..44bd3063b --- /dev/null +++ b/vendor/hal_wifi_offload_default.te @@ -0,0 +1,5 @@ +type hal_wifi_offload_default, domain; +hal_server_domain(hal_wifi_offload_default, hal_wifi_offload) + +type hal_wifi_offload_default_exec, exec_type, vendor_file_type, file_type; +init_daemon_domain(hal_wifi_offload_default)