From 4a0673e3694c1e68a62c8a6e7e1c77198d1ee885 Mon Sep 17 00:00:00 2001
From: Gabriel Biren <gbiren@google.com>
Date: Wed, 6 Oct 2021 00:16:21 +0000
Subject: [PATCH] Add SeLinux policy for supplicant AIDL service.

Bug: 196235436
Test: Manual - connect to WiFi
Change-Id: I613a2e7eac620543872a1af7ed477b8d36713b45
---
 private/compat/31.0/31.0.ignore.cil | 1 +
 private/service_contexts            | 1 +
 public/hal_wifi_supplicant.te       | 3 +++
 public/service.te                   | 1 +
 4 files changed, 6 insertions(+)

diff --git a/private/compat/31.0/31.0.ignore.cil b/private/compat/31.0/31.0.ignore.cil
index 3183ff1e2..b1cbc540e 100644
--- a/private/compat/31.0/31.0.ignore.cil
+++ b/private/compat/31.0/31.0.ignore.cil
@@ -20,6 +20,7 @@
     hal_uwb_service
     hal_uwb_vendor_service
     hal_wifi_hostapd_service
+    hal_wifi_supplicant_service
     hal_nlinterceptor_service
     hypervisor_prop
     locale_service
diff --git a/private/service_contexts b/private/service_contexts
index 82660d757..d1d9e5257 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -27,6 +27,7 @@ android.hardware.vibrator.IVibrator/default                          u:object_r:
 android.hardware.vibrator.IVibratorManager/default                   u:object_r:hal_vibrator_service:s0
 android.hardware.weaver.IWeaver/default                              u:object_r:hal_weaver_service:s0
 android.hardware.wifi.hostapd.IHostapd/default                       u:object_r:hal_wifi_hostapd_service:s0
+android.hardware.wifi.supplicant.ISupplicant/default                 u:object_r:hal_wifi_supplicant_service:s0
 android.frameworks.stats.IStats/default                              u:object_r:fwk_stats_service:s0
 android.system.keystore2.IKeystoreService/default                    u:object_r:keystore_service:s0
 android.system.suspend.ISystemSuspend/default                        u:object_r:hal_system_suspend_service:s0
diff --git a/public/hal_wifi_supplicant.te b/public/hal_wifi_supplicant.te
index f7c444e72..b4ff7aa51 100644
--- a/public/hal_wifi_supplicant.te
+++ b/public/hal_wifi_supplicant.te
@@ -3,6 +3,9 @@ binder_call(hal_wifi_supplicant_client, hal_wifi_supplicant_server)
 binder_call(hal_wifi_supplicant_server, hal_wifi_supplicant_client)
 
 hal_attribute_hwservice(hal_wifi_supplicant, hal_wifi_supplicant_hwservice)
+hal_attribute_service(hal_wifi_supplicant, hal_wifi_supplicant_service)
+
+binder_call(hal_wifi_supplicant_server, servicemanager)
 
 # in addition to ioctls allowlisted for all domains, grant hal_wifi_supplicant priv_sock_ioctls.
 allowxperm hal_wifi_supplicant self:udp_socket ioctl priv_sock_ioctls;
diff --git a/public/service.te b/public/service.te
index ae2ae1f71..ec5782908 100644
--- a/public/service.te
+++ b/public/service.te
@@ -249,6 +249,7 @@ type wpantund_service, system_api_service, service_manager_type;
 type tethering_service, app_api_service, ephemeral_app_api_service, system_server_service, service_manager_type;
 type emergency_affordance_service, system_server_service, service_manager_type;
 type hal_wifi_hostapd_service, vendor_service, protected_service, service_manager_type;
+type hal_wifi_supplicant_service, vendor_service, protected_service, service_manager_type;
 
 ###
 ### HAL Services