d6d16489f2
Add sepolicy rule to grant Wifi HAL permission to use SIOCSIFHWADDR ioctl. This permission is needed to dynamically change MAC address of the device. We are moving the implementation of setting the MAC address from WifiCond to Vendor HAL to give vendors flexibility in supporting Connected MAC Randomization. Will clean up WifiCond sepolicy afterwards. Bug: 74347653 Test: Verified manually Change-Id: I334cefddf385ecb1ee169eb692c4e0060c26d6d9
31 lines
1.3 KiB
Text
31 lines
1.3 KiB
Text
# HwBinder IPC from client to server, and callbacks
|
|
binder_call(hal_wifi_client, hal_wifi_server)
|
|
binder_call(hal_wifi_server, hal_wifi_client)
|
|
|
|
add_hwservice(hal_wifi_server, hal_wifi_hwservice)
|
|
allow hal_wifi_client hal_wifi_hwservice:hwservice_manager find;
|
|
|
|
r_dir_file(hal_wifi, proc_net)
|
|
r_dir_file(hal_wifi, sysfs_type)
|
|
|
|
set_prop(hal_wifi, wifi_prop)
|
|
|
|
# allow hal wifi set interfaces up and down
|
|
allow hal_wifi self:udp_socket create_socket_perms;
|
|
allowxperm hal_wifi self:udp_socket ioctl { SIOCSIFFLAGS SIOCSIFHWADDR };
|
|
|
|
allow hal_wifi self:global_capability_class_set { net_admin net_raw };
|
|
# allow hal_wifi to speak to nl80211 in the kernel
|
|
allow hal_wifi self:netlink_socket create_socket_perms_no_ioctl;
|
|
# newer kernels (e.g. 4.4 but not 4.1) have a new class for sockets
|
|
allow hal_wifi self:netlink_generic_socket create_socket_perms_no_ioctl;
|
|
# hal_wifi writes firmware paths to this file.
|
|
allow hal_wifi sysfs_wlan_fwpath:file { w_file_perms };
|
|
# allow hal_wifi to access /proc/modules to check if Wi-Fi driver is loaded
|
|
allow hal_wifi proc_modules:file { getattr open read };
|
|
|
|
# allow hal_wifi to write into /data/vendor/tombstones/wifi
|
|
userdebug_or_eng(`
|
|
allow hal_wifi_server tombstone_wifi_data_file:dir rw_dir_perms;
|
|
allow hal_wifi_server tombstone_wifi_data_file:file create_file_perms;
|
|
')
|