Add sepolicy for the wifi firmware config OTA feature

Bug: 177083009 Test: the OTA updated files can be updated and applied. Change-Id: I2f269dbc146aae41cab57abd568af7e26fd23876
2021-03-24 06:59:08 -07:00 · 2021-03-24 06:59:08 -07:00 · c6eca53b9e
commit c6eca53b9e
parent 9ec1be4eb9
4 changed files with 17 additions and 0 deletions
--- a/whitechapel/vendor/google/file.te
+++ b/whitechapel/vendor/google/file.te
@ -71,6 +71,9 @@ type sysfs_sscoredump_level, sysfs_type, fs_type;
 # WiFi
 type sysfs_wifi, sysfs_type, fs_type;
 # All files under /data/vendor/firmware/wifi
 type updated_wifi_firmware_data_file, file_type, data_file_type;
 # Widevine DRM
 type mediadrm_vendor_data_file, file_type, data_file_type;
--- a/whitechapel/vendor/google/file_contexts
+++ b/whitechapel/vendor/google/file_contexts
@ -421,3 +421,6 @@
 # Fingerprint
 /dev/goodix_fp                                                                 u:object_r:fingerprint_device:s0
 # Wifi Firmware config update
 /data/vendor/firmware/wifi(/.*)?                                               u:object_r:updated_wifi_firmware_data_file:s0
--- a/whitechapel/vendor/google/hal_wifi.te
+++ b/whitechapel/vendor/google/hal_wifi.te
@ -0,0 +1,3 @@
 # files in /data/vendor/firmware/wifi
 allow hal_wifi updated_wifi_firmware_data_file:dir r_dir_perms;
 allow hal_wifi updated_wifi_firmware_data_file:file r_file_perms;
--- a/whitechapel/vendor/google/hal_wifi_ext.te
+++ b/whitechapel/vendor/google/hal_wifi_ext.te
@ -3,3 +3,11 @@ binder_call(hal_wifi_ext, grilservice_app)
 # Write wlan driver/fw version into property
 set_prop(hal_wifi_ext, vendor_wifi_version)
 # Allow wifi_ext to read and write /data/vendor/firmware/wifi
 allow hal_wifi_ext updated_wifi_firmware_data_file:dir rw_dir_perms;
 allow hal_wifi_ext updated_wifi_firmware_data_file:file create_file_perms;
 # Allow wifi_ext to read the updated firmware files from app
 allow hal_wifi_ext priv_app:fd use;
 allow hal_wifi_ext privapp_data_file:file { read map };