From 1053cee4196814bf8e63ce6a410cc77a59467a37 Mon Sep 17 00:00:00 2001
From: chenpaul <chenpaul@google.com>
Date: Wed, 10 Nov 2021 14:14:53 +0800
Subject: [PATCH] Wifi: Add sepolicy files for hal_wifi_ext service

avc denied log:
avc: denied { search } for comm="wifi_ext@1.0-se" name="wifi" dev="dm-43" ino=365 scontext=u:r:hal_wifi_ext:s0 tcontext=u:object_r:updated_wifi_firmware_data_file:s0 tclass=dir permissive=1

Bug: 205779850
Test: pts -m PtsSELinuxTest -t com.google.android.selinux.pts.SELinuxTest
      #scanAvcDeniedLogRightAfterReboot
Change-Id: I0c41193b2b9c6a596f142f02c6fee4665fbf2011
---
 tracking_denials/hal_wifi_ext.te | 2 --
 whitechapel_pro/hal_wifi_ext.te  | 4 ++++
 2 files changed, 4 insertions(+), 2 deletions(-)
 delete mode 100644 tracking_denials/hal_wifi_ext.te

diff --git a/tracking_denials/hal_wifi_ext.te b/tracking_denials/hal_wifi_ext.te
deleted file mode 100644
index 84b8edfd..00000000
--- a/tracking_denials/hal_wifi_ext.te
+++ /dev/null
@@ -1,2 +0,0 @@
-# b/205779850
-dontaudit hal_wifi_ext updated_wifi_firmware_data_file:dir { search };
diff --git a/whitechapel_pro/hal_wifi_ext.te b/whitechapel_pro/hal_wifi_ext.te
index 659239e8..9b52d7aa 100644
--- a/whitechapel_pro/hal_wifi_ext.te
+++ b/whitechapel_pro/hal_wifi_ext.te
@@ -3,3 +3,7 @@ binder_call(hal_wifi_ext, grilservice_app)
 
 # Write wlan driver/fw version into property
 set_prop(hal_wifi_ext, vendor_wifi_version)
+
+# Allow wifi_ext to read and write /data/vendor/firmware/wifi
+allow hal_wifi_ext updated_wifi_firmware_data_file:dir rw_dir_perms;
+allow hal_wifi_ext updated_wifi_firmware_data_file:file create_file_perms;