Wifi: Add sepolicy files for hal_wifi_ext service

avc denied log: avc: denied { search } for comm="wifi_ext@1.0-se" name="wifi" dev="dm-43" ino=365 scontext=u:r:hal_wifi_ext:s0 tcontext=u:object_r:updated_wifi_firmware_data_file:s0 tclass=dir permissive=1 Bug: 205779850 Test: pts -m PtsSELinuxTest -t com.google.android.selinux.pts.SELinuxTest #scanAvcDeniedLogRightAfterReboot Change-Id: I0c41193b2b9c6a596f142f02c6fee4665fbf2011
2021-11-10 14:14:53 +08:00 · 2021-11-10 14:14:53 +08:00 · 1053cee419
commit 1053cee419
parent 8e6af6f9ad
2 changed files with 4 additions and 2 deletions
--- a/tracking_denials/hal_wifi_ext.te
+++ b/tracking_denials/hal_wifi_ext.te
@ -1,2 +0,0 @@
-# b/205779850
-dontaudit hal_wifi_ext updated_wifi_firmware_data_file:dir { search };
--- a/whitechapel_pro/hal_wifi_ext.te
+++ b/whitechapel_pro/hal_wifi_ext.te
@ -3,3 +3,7 @@ binder_call(hal_wifi_ext, grilservice_app)

 # Write wlan driver/fw version into property
 set_prop(hal_wifi_ext, vendor_wifi_version)
+
+# Allow wifi_ext to read and write /data/vendor/firmware/wifi
+allow hal_wifi_ext updated_wifi_firmware_data_file:dir rw_dir_perms;
+allow hal_wifi_ext updated_wifi_firmware_data_file:file create_file_perms;