sepolicy(hal_wifi): Allow wifi HAL to access persist.vendor.debug properties

We want to tweak some device params at runtime via shell (alleviates the need to recompile HAL for changing device configuration). This will help us test/teamfood couple of new features under development. Bug: 173044646 Test: Wifi HAL can read persist.vendor.debug.wifi properties. Change-Id: Iabd07e72aa5f0d97519a37d0ebb1e0a3458b6d06
2020-11-12 14:21:41 -08:00 · 2020-11-12 14:21:41 -08:00 · a5a81002c8
commit a5a81002c8
parent 593c3b5c2f
5 changed files with 7 additions and 0 deletions
--- a/private/compat/30.0/30.0.ignore.cil
+++ b/private/compat/30.0/30.0.ignore.cil
@ -30,6 +30,7 @@
    music_recognition_service
    nfc_logs_data_file
    people_service
+    persist_vendor_debug_wifi_prop
    power_debug_prop
    power_stats_service
    proc_kallsyms
--- a/private/property_contexts
+++ b/private/property_contexts
@ -78,6 +78,7 @@ persist.traced.enable   u:object_r:traced_enabled_prop:s0
 traced.lazy.            u:object_r:traced_lazy_prop:s0
 persist.heapprofd.enable u:object_r:heapprofd_enabled_prop:s0
 persist.traced_perf.enable u:object_r:traced_perf_enabled_prop:s0
+persist.vendor.debug.wifi. u:object_r:persist_vendor_debug_wifi_prop:s0
 persist.vendor.overlay.  u:object_r:overlay_prop:s0
 ro.boot.vendor.overlay.  u:object_r:overlay_prop:s0
 ro.boottime.             u:object_r:boottime_prop:s0
--- a/public/hal_wifi.te
+++ b/public/hal_wifi.te
@ -9,6 +9,7 @@ r_dir_file(hal_wifi, sysfs_type)

 set_prop(hal_wifi, wifi_hal_prop)
 set_prop(hal_wifi, wifi_prop)
+userdebug_or_eng(`get_prop(hal_wifi, persist_vendor_debug_wifi_prop)')

 # allow hal wifi set interfaces up and down and get the factory MAC
 allow hal_wifi self:udp_socket create_socket_perms;
--- a/public/property.te
+++ b/public/property.te
@ -203,6 +203,8 @@ system_public_prop(zram_control_prop)
 # Properties used in default HAL implementations
 vendor_internal_prop(rebootescrow_hal_prop)

+vendor_public_prop(persist_vendor_debug_wifi_prop)
+
 # Properties which are public for devices launching with Android O or earlier
 # This should not be used for any new properties.
 not_compatible_property(`
--- a/public/vendor_shell.te
+++ b/public/vendor_shell.te
@ -17,3 +17,5 @@ allow vendor_shell tty_device:chr_file rw_file_perms;
 allow vendor_shell console_device:chr_file rw_file_perms;
 allow vendor_shell input_device:dir r_dir_perms;
 allow vendor_shell input_device:chr_file rw_file_perms;
+
+userdebug_or_eng(`set_prop(vendor_shell, persist_vendor_debug_wifi_prop)')