Add sepolicy for the wifi firmware config OTA feature

Bug: 177083009 Test: the OTA updated files can be updated and applied. Change-Id: I2f269dbc146aae41cab57abd568af7e26fd23876
2021-03-24 06:59:08 -07:00 · 2021-03-24 06:59:08 -07:00 · c6eca53b9e
commit c6eca53b9e
parent 9ec1be4eb9
4 changed files with 17 additions and 0 deletions
--- a/whitechapel/vendor/google/file.te
+++ b/whitechapel/vendor/google/file.te
@ -71,6 +71,9 @@ type sysfs_sscoredump_level, sysfs_type, fs_type;
 # WiFi
 type sysfs_wifi, sysfs_type, fs_type;

+# All files under /data/vendor/firmware/wifi
+type updated_wifi_firmware_data_file, file_type, data_file_type;
+
 # Widevine DRM
 type mediadrm_vendor_data_file, file_type, data_file_type;

--- a/whitechapel/vendor/google/file_contexts
+++ b/whitechapel/vendor/google/file_contexts
@ -421,3 +421,6 @@

 # Fingerprint
 /dev/goodix_fp                                                                 u:object_r:fingerprint_device:s0
+
+# Wifi Firmware config update
+/data/vendor/firmware/wifi(/.*)?                                               u:object_r:updated_wifi_firmware_data_file:s0
--- a/whitechapel/vendor/google/hal_wifi.te
+++ b/whitechapel/vendor/google/hal_wifi.te
@ -0,0 +1,3 @@
+# files in /data/vendor/firmware/wifi
+allow hal_wifi updated_wifi_firmware_data_file:dir r_dir_perms;
+allow hal_wifi updated_wifi_firmware_data_file:file r_file_perms;
--- a/whitechapel/vendor/google/hal_wifi_ext.te
+++ b/whitechapel/vendor/google/hal_wifi_ext.te
@ -3,3 +3,11 @@ binder_call(hal_wifi_ext, grilservice_app)

 # Write wlan driver/fw version into property
 set_prop(hal_wifi_ext, vendor_wifi_version)
+
+# Allow wifi_ext to read and write /data/vendor/firmware/wifi
+allow hal_wifi_ext updated_wifi_firmware_data_file:dir rw_dir_perms;
+allow hal_wifi_ext updated_wifi_firmware_data_file:file create_file_perms;
+
+# Allow wifi_ext to read the updated firmware files from app
+allow hal_wifi_ext priv_app:fd use;
+allow hal_wifi_ext privapp_data_file:file { read map };