wpa_supplicant: Remove unnecessary permissions from system_server
Now that the android wifi framework has fully switched over to HIDL, remove the sepolicy permissions for accessing wpa_supplicant using socket control interface. While there, also removed the redundant |hwbinder_use|. Bug: 35707797 Test: Device boots up and able to connect to wifi networks. Test: Wifi integration tests passed. Change-Id: I55e24b852558d1a905b189116879179d62bdc76c
This commit is contained in:
parent
d32665584b
commit
f27e8f09c2
2 changed files with 0 additions and 19 deletions
|
@ -14,10 +14,6 @@ type_transition system_server system_data_file:sock_file system_ndebug_socket "n
|
||||||
|
|
||||||
allow system_server zygote_tmpfs:file read;
|
allow system_server zygote_tmpfs:file read;
|
||||||
|
|
||||||
# Create a socket for receiving info from wpa.
|
|
||||||
type_transition system_server wifi_data_file:sock_file system_wpa_socket;
|
|
||||||
type_transition system_server wpa_socket:sock_file system_wpa_socket;
|
|
||||||
|
|
||||||
# For art.
|
# For art.
|
||||||
allow system_server dalvikcache_data_file:dir r_dir_perms;
|
allow system_server dalvikcache_data_file:dir r_dir_perms;
|
||||||
allow system_server dalvikcache_data_file:file { r_file_perms execute };
|
allow system_server dalvikcache_data_file:file { r_file_perms execute };
|
||||||
|
@ -151,8 +147,6 @@ unix_socket_connect(system_server, vold, vold)
|
||||||
unix_socket_connect(system_server, webview_zygote, webview_zygote)
|
unix_socket_connect(system_server, webview_zygote, webview_zygote)
|
||||||
unix_socket_connect(system_server, zygote, zygote)
|
unix_socket_connect(system_server, zygote, zygote)
|
||||||
unix_socket_connect(system_server, racoon, racoon)
|
unix_socket_connect(system_server, racoon, racoon)
|
||||||
# TODO(b/35707797): Remove this socket access.
|
|
||||||
unix_socket_send(system_server, wpa, hal_wifi_supplicant_server)
|
|
||||||
unix_socket_connect(system_server, uncrypt, uncrypt)
|
unix_socket_connect(system_server, uncrypt, uncrypt)
|
||||||
|
|
||||||
# Communicate over a socket created by surfaceflinger.
|
# Communicate over a socket created by surfaceflinger.
|
||||||
|
@ -423,13 +417,6 @@ get_prop(system_server, serialno_prop)
|
||||||
# Read/write the property which keeps track of whether this is the first start of system_server
|
# Read/write the property which keeps track of whether this is the first start of system_server
|
||||||
set_prop(system_server, firstboot_prop)
|
set_prop(system_server, firstboot_prop)
|
||||||
|
|
||||||
# Create a socket for receiving info from wpa.
|
|
||||||
allow system_server wpa_socket:dir rw_dir_perms;
|
|
||||||
allow system_server system_wpa_socket:sock_file create_file_perms;
|
|
||||||
|
|
||||||
# Remove sockets created by wpa_supplicant
|
|
||||||
allow system_server wpa_socket:sock_file unlink;
|
|
||||||
|
|
||||||
# Create a socket for connections from debuggerd.
|
# Create a socket for connections from debuggerd.
|
||||||
allow system_server system_ndebug_socket:sock_file create_file_perms;
|
allow system_server system_ndebug_socket:sock_file create_file_perms;
|
||||||
|
|
||||||
|
|
|
@ -18,12 +18,6 @@ allow hal_wifi_supplicant self:packet_socket create_socket_perms;
|
||||||
allowxperm hal_wifi_supplicant self:packet_socket ioctl { unpriv_sock_ioctls priv_sock_ioctls unpriv_tty_ioctls };
|
allowxperm hal_wifi_supplicant self:packet_socket ioctl { unpriv_sock_ioctls priv_sock_ioctls unpriv_tty_ioctls };
|
||||||
allow hal_wifi_supplicant wifi_data_file:dir create_dir_perms;
|
allow hal_wifi_supplicant wifi_data_file:dir create_dir_perms;
|
||||||
allow hal_wifi_supplicant wifi_data_file:file create_file_perms;
|
allow hal_wifi_supplicant wifi_data_file:file create_file_perms;
|
||||||
# TODO(b/35707797): Remove this socket access.
|
|
||||||
unix_socket_send(hal_wifi_supplicant, system_wpa, system_server)
|
|
||||||
|
|
||||||
# HIDL interface exposed by WPA.
|
|
||||||
hwbinder_use(hal_wifi_supplicant)
|
|
||||||
binder_call(hal_wifi_supplicant, system_server)
|
|
||||||
|
|
||||||
# Create a socket for receiving info from wpa
|
# Create a socket for receiving info from wpa
|
||||||
allow hal_wifi_supplicant wpa_socket:dir create_dir_perms;
|
allow hal_wifi_supplicant wpa_socket:dir create_dir_perms;
|
||||||
|
|
Loading…
Reference in a new issue