Keystore 2.0: Add wifi namespace to sepolicy.

Add the wifi namespace to sepolicy and allow system_app (Settings) and
wifi_supplicant to manage/use the keys in that namespace

Test: N/A
Bug: 171305388
Change-Id: Ib6af8656b18288a1116c241c2e76d9aea421a889

private/compat/30.0/30.0.ignore.cil

@@ -99,4 +99,5 @@
     vibrator_manager_service
     vpn_management_service
     watchdog_metadata_file
+    wifi_key
     zygote_config_prop))

private/keystore2_key_contexts

@@ -15,3 +15,8 @@
 
 # odsign_key is a keystore2_key namespace for the on-device signing daemon.
 101            u:object_r:odsign_key:s0
+
+# wifi_key is a keystore2_key namspace for the WI-FI subsystem. It replaces the WIFI_UID
+# namespace in keystore.
+102            u:object_r:wifi_key:s0
+

private/system_app.te

@@ -142,6 +142,16 @@ allow system_app keystore:keystore2_key {
     use
 };
 
+# Allow Settings to manage WI-FI keys.
+allow system_app wifi_key:keystore2_key {
+    delete
+    get_info
+    grant
+    rebind
+    update
+    use
+};
+
 # settings app reads /proc/version
 allow system_app {
   proc_version

public/hal_wifi_supplicant.te

@@ -19,6 +19,14 @@ allow hal_wifi_supplicant self:netlink_generic_socket create_socket_perms_no_ioc
 allow hal_wifi_supplicant self:packet_socket create_socket_perms;
 allowxperm hal_wifi_supplicant self:packet_socket ioctl { unpriv_sock_ioctls priv_sock_ioctls unpriv_tty_ioctls };
 
+use_keystore(hal_wifi_supplicant)
+
+# Allow the WI-FI HAL to use keys in the keystore namespace wifi_key.
+allow hal_wifi_supplicant wifi_key:keystore2_key {
+    get_info
+    use
+};
+
 ###
 ### neverallow rules
 ###

public/keystore_keys.te

@@ -0,0 +1,2 @@
+# A keystore2 namespace for WI-FI.
+type wifi_key, keystore2_key_type;