platform_system_sepolicy/vendor/hostapd.te
Alex Klyubin 3cc6a95944 Remove unnecessary attributes
Test: mmm system/sepolicy
Bug: 34980020
Change-Id: I36547658a844c58fcb21bb5a0244ab6f61291736
2017-04-12 18:50:46 -07:00

33 lines
1.3 KiB
Text

# userspace wifi access points
type hostapd, domain;
type hostapd_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(hostapd)
net_domain(hostapd)
allow hostapd self:capability { net_admin net_raw };
# hostapd learns about its network interface via sysfs.
allow hostapd sysfs:file r_file_perms;
# hostapd follows the /sys/class/net/wlan0 link to the PCI device.
allow hostapd sysfs:lnk_file r_file_perms;
# Allow hostapd to access /proc/net/psched
allow hostapd proc_net:file { getattr open read };
# Various socket permissions.
allowxperm hostapd self:udp_socket ioctl priv_sock_ioctls;
allow hostapd self:netlink_socket create_socket_perms_no_ioctl;
allow hostapd self:netlink_generic_socket create_socket_perms_no_ioctl;
allow hostapd self:packet_socket create_socket_perms_no_ioctl;
allow hostapd self:netlink_route_socket nlmsg_write;
# hostapd can read and write WiFi related data and configuration.
# For example, the entropy file is periodically updated.
allow hostapd wifi_data_file:file rw_file_perms;
r_dir_file(hostapd, wifi_data_file)
# hostapd wants to create the directory holding its control socket.
allow hostapd hostapd_socket:dir create_dir_perms;
# hostapd needs to create, bind to, read, and write its control socket.
allow hostapd hostapd_socket:sock_file create_file_perms;