Merge "Add sepolicy for the wifi firmware config OTA feature" into sc-dev am: acf218cb51

Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/13983837

Change-Id: I00b8c3c91c9373168d80a7fda2268add40375310

whitechapel/vendor/google/file.te

@@ -71,6 +71,9 @@ type sysfs_sscoredump_level, sysfs_type, fs_type;
 # WiFi
 type sysfs_wifi, sysfs_type, fs_type;
 
+# All files under /data/vendor/firmware/wifi
+type updated_wifi_firmware_data_file, file_type, data_file_type;
+
 # Widevine DRM
 type mediadrm_vendor_data_file, file_type, data_file_type;
 

whitechapel/vendor/google/file_contexts

@@ -426,3 +426,6 @@
 
 # Fingerprint
 /dev/goodix_fp                                                                 u:object_r:fingerprint_device:s0
+
+# Wifi Firmware config update
+/data/vendor/firmware/wifi(/.*)?                                               u:object_r:updated_wifi_firmware_data_file:s0

whitechapel/vendor/google/hal_wifi.te

@@ -0,0 +1,3 @@
+# files in /data/vendor/firmware/wifi
+allow hal_wifi updated_wifi_firmware_data_file:dir r_dir_perms;
+allow hal_wifi updated_wifi_firmware_data_file:file r_file_perms;

whitechapel/vendor/google/hal_wifi_ext.te

@@ -3,3 +3,11 @@ binder_call(hal_wifi_ext, grilservice_app)
 
 # Write wlan driver/fw version into property
 set_prop(hal_wifi_ext, vendor_wifi_version)
+
+# Allow wifi_ext to read and write /data/vendor/firmware/wifi
+allow hal_wifi_ext updated_wifi_firmware_data_file:dir rw_dir_perms;
+allow hal_wifi_ext updated_wifi_firmware_data_file:file create_file_perms;
+
+# Allow wifi_ext to read the updated firmware files from app
+allow hal_wifi_ext priv_app:fd use;
+allow hal_wifi_ext privapp_data_file:file { read map };