Add sepolicy rules for hal_wifi_default am: b2c724f0ed am: 32cd0dbba0

Original change: https://googleplex-android-review.googlesource.com/c/device/google/lynx-sepolicy/+/20194047 Change-Id: I492d79005fcd85fb84f29baec08d6a95d766ea01 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
author: Hsiu-Chang Chen <hsiuchangchen@google.com> 2022-10-17 09:31:44 +0000
committer: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> 2022-10-17 09:31:44 +0000
commit: 63b5468da9ac5d0c1fb5a7d4efe3c76c3ba4e68e (patch)
tree: de40da6710672a41e43fa1e6e9099a09af0debbb
parent: 852dfa55f8f2e9115812fab17846957881d52b26 (diff)
parent: 32cd0dbba0ea05c9430bafffb9aa4d39582b8da1 (diff)
download: lynx-sepolicy-63b5468da9ac5d0c1fb5a7d4efe3c76c3ba4e68e.tar.gz
3 files changed, 21 insertions, 0 deletions
diff --git a/vendor/hal_wifi_default.te b/vendor/hal_wifi_default.te
new file mode 100644
index 0000000..418aba5
--- /dev/null
+++ b/vendor/hal_wifi_default.te
@@ -0,0 +1,19 @@
+allow hal_wifi_default vendor_wlan_device:chr_file w_file_perms;
+allow hal_wifi_default vendor_wifi_vendor_data_file:dir rw_dir_perms;
+
+# write to files owned by location daemon
+allow hal_wifi_default vendor_location_socket:dir rw_dir_perms;
+allow hal_wifi_default vendor_location_socket:{sock_file lnk_file} create_file_perms;
+allow hal_wifi_default vendor_location:unix_dgram_socket sendto;
+allow hal_wifi_default lowi_server:unix_dgram_socket sendto;
+
+# Connect to vendor_location via vendor_location socket.
+unix_socket_connect(hal_wifi, vendor_location, vendor_location)
+allow hal_wifi_default vendor_wifihal_socket:dir rw_dir_perms;
+allow hal_wifi_default vendor_wifihal_socket:sock_file create_file_perms;
+
+# allow hal_wifi to write into /proc/debugdriver/driverdump
+r_dir_file(hal_wifi_default, vendor_proc_wifi_dbg);
+
+# Write wlan driver/fw version into property
+set_prop(hal_wifi_default, vendor_wifi_version)
diff --git a/vendor/lowi_server.te b/vendor/lowi_server.te
index e107cf2..21dfb81 100644
--- a/vendor/lowi_server.te
+++ b/vendor/lowi_server.te
@@ -28,6 +28,7 @@ allow lowi_server hal_wifi_supplicant_default:unix_dgram_socket sendto;
 allow lowi_server vendor_wifihal_socket:dir rw_dir_perms;
 allow lowi_server vendor_wifihal_socket:sock_file create_file_perms;
 allow lowi_server vendor_wifihal_socket:unix_dgram_socket sendto;
+unix_socket_send(lowi_server, vendor_wifihal, hal_wifi_default);
 unix_socket_send(lowi_server, vendor_wifihal, hal_wifi_ext);
 
 # /dev/socket/vendor_location
diff --git a/vendor/vendor_location.te b/vendor/vendor_location.te
index 05f55a6..b41c6a8 100644
--- a/vendor/vendor_location.te
+++ b/vendor/vendor_location.te
@@ -16,4 +16,5 @@ allow vendor_location vendor_location_sysfs:file create_file_perms;
 
 # /dev/socket/location/mq/*
 allow vendor_location lowi_server:unix_dgram_socket {sendto read write};
+allow vendor_location hal_wifi_default:unix_dgram_socket {sendto read write};
 allow vendor_location hal_wifi_ext:unix_dgram_socket {sendto read write};
author	Hsiu-Chang Chen <hsiuchangchen@google.com>	2022-10-17 09:31:44 +0000
committer	Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>	2022-10-17 09:31:44 +0000
commit	63b5468da9ac5d0c1fb5a7d4efe3c76c3ba4e68e (patch)
tree	de40da6710672a41e43fa1e6e9099a09af0debbb
parent	852dfa55f8f2e9115812fab17846957881d52b26 (diff)
parent	32cd0dbba0ea05c9430bafffb9aa4d39582b8da1 (diff)
download	lynx-sepolicy-63b5468da9ac5d0c1fb5a7d4efe3c76c3ba4e68e.tar.gz