platform_system_sepolicy/vendor/hal_wifi_supplicant_default.te
Alan Stokes 607d73f286 Use proc_net_type instead of proc_net.
This restores the change made in ag/3883322, which was inadvertently
reverted with the combination of ag/3998755 and the merge of
aosp/666885.

Bug: 9496886
Bug: 68016944

Test: Builds, device boots, no denial seen.
Change-Id: I6af83c5bf982283d69ac31c0495471079555c894
2018-05-04 14:44:02 +01:00

32 lines
1.5 KiB
Text

# wpa supplicant or equivalent
type hal_wifi_supplicant_default, domain;
hal_server_domain(hal_wifi_supplicant_default, hal_wifi_supplicant)
type hal_wifi_supplicant_default_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(hal_wifi_supplicant_default)
net_domain(hal_wifi_supplicant_default)
# Create a socket for receiving info from wpa
type_transition hal_wifi_supplicant_default wifi_data_file:dir wpa_socket "sockets";
# Allow wpa_supplicant to configure nl80211
allow hal_wifi_supplicant_default proc_net_type:file write;
# Allow wpa_supplicant to talk to Wifi Keystore HwBinder service.
hwbinder_use(hal_wifi_supplicant_default)
allow hal_wifi_supplicant_default system_wifi_keystore_hwservice:hwservice_manager find;
binder_call(hal_wifi_supplicant_default, wifi_keystore_service_server)
allow hal_wifi_supplicant_default wpa_data_file:dir create_dir_perms;
allow hal_wifi_supplicant_default wpa_data_file:file create_file_perms;
allow hal_wifi_supplicant_default wpa_data_file:sock_file create_file_perms;
# Write to security logs for audit.
get_prop(hal_wifi_supplicant_default, device_logging_prop)
# Devices upgrading to P may grant this permission in device-specific
# policy along with the data_between_core_and_vendor_violators
# attribute needed for an exemption. However, devices that launch with
# P should use /data/vendor/wifi, which is already granted in core
# policy. This is dontaudited here to avoid conditional
# device-specific behavior in wpa_supplicant.
dontaudit hal_wifi_supplicant_default wifi_data_file:dir search;