platform_system_sepolicy/public/hal_wifi.te

# HwBinder IPC from client to server, and callbacks
binder_call(hal_wifi_client, hal_wifi_server)
binder_call(hal_wifi_server, hal_wifi_client)

r_dir_file(hal_wifi, proc_net)
r_dir_file(hal_wifi, sysfs_type)

# allow hal wifi set interfaces up and down
allow hal_wifi self:udp_socket create_socket_perms;
allowxperm hal_wifi self:udp_socket ioctl { SIOCSIFFLAGS };

allow hal_wifi self:capability { net_admin net_raw };
# allow hal_wifi to speak to nl80211 in the kernel
allow hal_wifi self:netlink_socket create_socket_perms_no_ioctl;
# newer kernels (e.g. 4.4 but not 4.1) have a new class for sockets
allow hal_wifi self:netlink_generic_socket create_socket_perms_no_ioctl;
# hal_wifi writes firmware paths to this file.
allow hal_wifi sysfs_wlan_fwpath:file { w_file_perms };