From 0f5b5efdd192889f411b87c97d16d7a05abad2ff Mon Sep 17 00:00:00 2001 From: kensun Date: Fri, 6 Jan 2023 08:06:57 +0000 Subject: [PATCH] Wifi: Add sepolicy files for hal_wifi_ext service This commit adds the sepolicy related files for hal_wifi_ext service. [ 27.714476] type=1400 audit(1670979557.360:29): avc: denied { call } for comm="binder:942_1" scontext=u:r:hal_wifi_ext:s0 tcontext=u:r:grilservice_app:s0:c215,c256,c512,c768 tclass=binder permissive=1 12-14 08:59:17.360 942 942 I binder:942_1: type=1400 audit(0.0:29): avc: denied { call } for scontext=u:r:hal_wifi_ext:s0 tcontext=u:r:grilservice_app:s0:c215,c256,c512,c768 tclass=binder permissive=1 Bug: 262455388 Test: Check no avc_deny on hal_wifi_ext Change-Id: Ibc48225845b0cd10bbe88527449016daa9ef9eff --- tracking_denials/hal_wifi_ext.te | 9 --------- vendor/hal_wifi_ext.te | 9 +++++++++ 2 files changed, 9 insertions(+), 9 deletions(-) delete mode 100644 tracking_denials/hal_wifi_ext.te create mode 100644 vendor/hal_wifi_ext.te diff --git a/tracking_denials/hal_wifi_ext.te b/tracking_denials/hal_wifi_ext.te deleted file mode 100644 index bae274fd..00000000 --- a/tracking_denials/hal_wifi_ext.te +++ /dev/null @@ -1,9 +0,0 @@ -# b/262455388 -dontaudit hal_wifi_ext grilservice_app:binder { call }; -# b/262794359 -dontaudit hal_wifi_ext updated_wifi_firmware_data_file:dir { search }; -dontaudit hal_wifi_ext vendor_wifi_version:property_service { set }; -# b/264489958 -userdebug_or_eng(` - permissive hal_wifi_ext; -') \ No newline at end of file diff --git a/vendor/hal_wifi_ext.te b/vendor/hal_wifi_ext.te new file mode 100644 index 00000000..9b52d7aa --- /dev/null +++ b/vendor/hal_wifi_ext.te @@ -0,0 +1,9 @@ +# Allow wifi_ext to report callbacks to gril-service app +binder_call(hal_wifi_ext, grilservice_app) + +# Write wlan driver/fw version into property +set_prop(hal_wifi_ext, vendor_wifi_version) + +# Allow wifi_ext to read and write /data/vendor/firmware/wifi +allow hal_wifi_ext updated_wifi_firmware_data_file:dir rw_dir_perms; +allow hal_wifi_ext updated_wifi_firmware_data_file:file create_file_perms;