wpa_supplicant: Remove unnecessary permissions from system_server

Now that the android wifi framework has fully switched over to HIDL,
remove the sepolicy permissions for accessing wpa_supplicant using
socket control interface.

While there, also removed the redundant |hwbinder_use|.

Bug: 35707797
Test: Device boots up and able to connect to wifi networks.
Test: Wifi integration tests passed.
Change-Id: I55e24b852558d1a905b189116879179d62bdc76c
This commit is contained in:
Roshan Pius 2017-03-21 15:03:43 -07:00
parent d32665584b
commit f27e8f09c2
2 changed files with 0 additions and 19 deletions

View file

@ -14,10 +14,6 @@ type_transition system_server system_data_file:sock_file system_ndebug_socket "n
allow system_server zygote_tmpfs:file read; allow system_server zygote_tmpfs:file read;
# Create a socket for receiving info from wpa.
type_transition system_server wifi_data_file:sock_file system_wpa_socket;
type_transition system_server wpa_socket:sock_file system_wpa_socket;
# For art. # For art.
allow system_server dalvikcache_data_file:dir r_dir_perms; allow system_server dalvikcache_data_file:dir r_dir_perms;
allow system_server dalvikcache_data_file:file { r_file_perms execute }; allow system_server dalvikcache_data_file:file { r_file_perms execute };
@ -151,8 +147,6 @@ unix_socket_connect(system_server, vold, vold)
unix_socket_connect(system_server, webview_zygote, webview_zygote) unix_socket_connect(system_server, webview_zygote, webview_zygote)
unix_socket_connect(system_server, zygote, zygote) unix_socket_connect(system_server, zygote, zygote)
unix_socket_connect(system_server, racoon, racoon) unix_socket_connect(system_server, racoon, racoon)
# TODO(b/35707797): Remove this socket access.
unix_socket_send(system_server, wpa, hal_wifi_supplicant_server)
unix_socket_connect(system_server, uncrypt, uncrypt) unix_socket_connect(system_server, uncrypt, uncrypt)
# Communicate over a socket created by surfaceflinger. # Communicate over a socket created by surfaceflinger.
@ -423,13 +417,6 @@ get_prop(system_server, serialno_prop)
# Read/write the property which keeps track of whether this is the first start of system_server # Read/write the property which keeps track of whether this is the first start of system_server
set_prop(system_server, firstboot_prop) set_prop(system_server, firstboot_prop)
# Create a socket for receiving info from wpa.
allow system_server wpa_socket:dir rw_dir_perms;
allow system_server system_wpa_socket:sock_file create_file_perms;
# Remove sockets created by wpa_supplicant
allow system_server wpa_socket:sock_file unlink;
# Create a socket for connections from debuggerd. # Create a socket for connections from debuggerd.
allow system_server system_ndebug_socket:sock_file create_file_perms; allow system_server system_ndebug_socket:sock_file create_file_perms;

View file

@ -18,12 +18,6 @@ allow hal_wifi_supplicant self:packet_socket create_socket_perms;
allowxperm hal_wifi_supplicant self:packet_socket ioctl { unpriv_sock_ioctls priv_sock_ioctls unpriv_tty_ioctls }; allowxperm hal_wifi_supplicant self:packet_socket ioctl { unpriv_sock_ioctls priv_sock_ioctls unpriv_tty_ioctls };
allow hal_wifi_supplicant wifi_data_file:dir create_dir_perms; allow hal_wifi_supplicant wifi_data_file:dir create_dir_perms;
allow hal_wifi_supplicant wifi_data_file:file create_file_perms; allow hal_wifi_supplicant wifi_data_file:file create_file_perms;
# TODO(b/35707797): Remove this socket access.
unix_socket_send(hal_wifi_supplicant, system_wpa, system_server)
# HIDL interface exposed by WPA.
hwbinder_use(hal_wifi_supplicant)
binder_call(hal_wifi_supplicant, system_server)
# Create a socket for receiving info from wpa # Create a socket for receiving info from wpa
allow hal_wifi_supplicant wpa_socket:dir create_dir_perms; allow hal_wifi_supplicant wpa_socket:dir create_dir_perms;