Wifi: Add sepolicy files for hal_wifi_ext service

This commit adds the sepolicy related files for hal_wifi_ext service. [ 27.714476] type=1400 audit(1670979557.360:29): avc: denied { call } for comm="binder:942_1" scontext=u:r:hal_wifi_ext:s0 tcontext=u:r:grilservice_app:s0:c215,c256,c512,c768 tclass=binder permissive=1 12-14 08:59:17.360 942 942 I binder:942_1: type=1400 audit(0.0:29): avc: denied { call } for scontext=u:r:hal_wifi_ext:s0 tcontext=u:r:grilservice_app:s0:c215,c256,c512,c768 tclass=binder permissive=1 Bug: 262455388 Test: Check no avc_deny on hal_wifi_ext Change-Id: Ibc48225845b0cd10bbe88527449016daa9ef9eff
2023-01-06 08:06:57 +00:00 · 2023-01-06 08:06:57 +00:00 · 0f5b5efdd1
commit 0f5b5efdd1
parent 9fbe949e7c
2 changed files with 9 additions and 9 deletions
--- a/tracking_denials/hal_wifi_ext.te
+++ b/tracking_denials/hal_wifi_ext.te
@ -1,9 +0,0 @@
-# b/262455388
-dontaudit hal_wifi_ext grilservice_app:binder { call };
-# b/262794359
-dontaudit hal_wifi_ext updated_wifi_firmware_data_file:dir { search };
-dontaudit hal_wifi_ext vendor_wifi_version:property_service { set };
-# b/264489958
-userdebug_or_eng(`
-  permissive hal_wifi_ext;
-')
--- a/vendor/hal_wifi_ext.te
+++ b/vendor/hal_wifi_ext.te
@ -0,0 +1,9 @@
+# Allow wifi_ext to report callbacks to gril-service app
+binder_call(hal_wifi_ext, grilservice_app)
+
+# Write wlan driver/fw version into property
+set_prop(hal_wifi_ext, vendor_wifi_version)
+
+# Allow wifi_ext to read and write /data/vendor/firmware/wifi
+allow hal_wifi_ext updated_wifi_firmware_data_file:dir rw_dir_perms;
+allow hal_wifi_ext updated_wifi_firmware_data_file:file create_file_perms;