Add support for WiFi in emulator
Add required SELinux permissions to run services required for WiFi and
network namespaces. Add required executables and files required to run
WiFi services such as hostapd to create an access point and
wpa_supplicant to connect to it.
BUG: 74514143
Test: Build emulator image and manually verify WiFi functionality
Change-Id: I38461b878abcaae842b4656dea82792e23100174
(cherry picked from commit 21c5c3dcf91b1be71abe8618e2eb31529438e325)
(cherry picked from commit 68a36140f7a3a766b8adc16cd85c2f0c81bfb44b)
(cherry picked from commit e6dab593b8eebccb1e6311e626c8aca943ba6933)
diff --git a/target/board/generic/sepolicy/execns.te b/target/board/generic/sepolicy/execns.te
new file mode 100644
index 0000000..af8fd88
--- /dev/null
+++ b/target/board/generic/sepolicy/execns.te
@@ -0,0 +1,20 @@
+# Network namespace transitions
+type execns, domain, domain_deprecated;
+type execns_exec, exec_type, file_type;
+
+init_daemon_domain(execns)
+
+allow execns varrun_file:dir search;
+allow execns self:capability sys_admin;
+
+#Allow execns itself to be run by init in its own domain
+domain_auto_trans(init, execns_exec, execns);
+
+# Allow hostapd to be run by execns in its own domain
+domain_auto_trans(execns, hostapd_exec, hostapd);
+allow hostapd execns:fd use;
+
+# Allow dnsmasq to be run by execns in its own domain
+domain_auto_trans(execns, dnsmasq_exec, dnsmasq);
+allow dnsmasq execns:fd use;
+
diff --git a/target/board/generic/sepolicy/file.te b/target/board/generic/sepolicy/file.te
index 3afd706..4762e0d 100644
--- a/target/board/generic/sepolicy/file.te
+++ b/target/board/generic/sepolicy/file.te
@@ -1 +1,3 @@
+type sysfs_writable, fs_type, sysfs_type, mlstrustedobject;
+type varrun_file, file_type, data_file_type, mlstrustedobject;
type mediadrm_vendor_data_file, file_type, data_file_type;
diff --git a/target/board/generic/sepolicy/file_contexts b/target/board/generic/sepolicy/file_contexts
index c65aaec..86d7dd5 100644
--- a/target/board/generic/sepolicy/file_contexts
+++ b/target/board/generic/sepolicy/file_contexts
@@ -18,6 +18,8 @@
/vendor/bin/init\.ranchu-core\.sh u:object_r:goldfish_setup_exec:s0
/vendor/bin/init\.ranchu-net\.sh u:object_r:goldfish_setup_exec:s0
/vendor/bin/qemu-props u:object_r:qemu_props_exec:s0
+/system/bin/execns u:object_r:execns_exec:s0
+/system/bin/ipv6proxy u:object_r:ipv6proxy_exec:s0
/vendor/bin/hw/android\.hardware\.drm@1\.0-service\.widevine u:object_r:hal_drm_widevine_exec:s0
@@ -36,4 +38,5 @@
# data
/data/vendor/mediadrm(/.*)? u:object_r:mediadrm_vendor_data_file:s0
+/data/var/run(/.*)? u:object_r:varrun_file:s0
diff --git a/target/board/generic/sepolicy/goldfish_setup.te b/target/board/generic/sepolicy/goldfish_setup.te
index eb913e9..1ce8ec7 100644
--- a/target/board/generic/sepolicy/goldfish_setup.te
+++ b/target/board/generic/sepolicy/goldfish_setup.te
@@ -11,3 +11,15 @@
allowxperm goldfish_setup self:udp_socket ioctl priv_sock_ioctls;
wakelock_use(goldfish_setup);
allow goldfish_setup vendor_shell_exec:file { rx_file_perms };
+
+# Set system properties to start services
+set_prop(goldfish_setup, ctl_default_prop);
+
+# Set up WiFi
+allow goldfish_setup self:netlink_route_socket nlmsg_write;
+allow goldfish_setup self:netlink_socket create_socket_perms;
+allow goldfish_setup self:capability { sys_module sys_admin };
+allow goldfish_setup varrun_file:dir { mounton write add_name search remove_name };
+allow goldfish_setup varrun_file:file { mounton getattr create read write open unlink };
+allow goldfish_setup execns_exec:file rx_file_perms;
+allow goldfish_setup proc_net:file w_file_perms;
diff --git a/target/board/generic/sepolicy/ipv6proxy.te b/target/board/generic/sepolicy/ipv6proxy.te
new file mode 100644
index 0000000..009d545
--- /dev/null
+++ b/target/board/generic/sepolicy/ipv6proxy.te
@@ -0,0 +1,15 @@
+# IPv6 proxying
+type ipv6proxy, domain, domain_deprecated;
+type ipv6proxy_exec, exec_type, file_type;
+
+init_daemon_domain(ipv6proxy)
+net_domain(ipv6proxy)
+
+# Allow ipv6proxy to be run by execns in its own domain
+domain_auto_trans(execns, ipv6proxy_exec, ipv6proxy);
+allow ipv6proxy execns:fd use;
+
+allow ipv6proxy self:capability { sys_admin sys_module net_admin net_raw };
+allow ipv6proxy self:packet_socket { bind create read };
+allow ipv6proxy self:netlink_route_socket nlmsg_write;
+allow ipv6proxy varrun_file:dir search;
diff --git a/target/board/generic_x86/BoardConfig.mk b/target/board/generic_x86/BoardConfig.mk
index d1cbeb9..76463cb 100644
--- a/target/board/generic_x86/BoardConfig.mk
+++ b/target/board/generic_x86/BoardConfig.mk
@@ -67,3 +67,14 @@
# Enable A/B update
TARGET_NO_RECOVERY := true
BOARD_BUILD_SYSTEM_ROOT_IMAGE := true
+
+# Wifi.
+BOARD_WLAN_DEVICE := wlan0
+BOARD_HOSTAPD_DRIVER := NL80211
+BOARD_WPA_SUPPLICANT_DRIVER := NL80211
+BOARD_HOSTAPD_PRIVATE_LIB := lib_driver_cmd_simulated
+BOARD_WPA_SUPPLICANT_PRIVATE_LIB := lib_driver_cmd_simulated
+WPA_SUPPLICANT_VERSION := VER_0_8_X
+WIFI_DRIVER_FW_PATH_PARAM := "/dev/null"
+WIFI_DRIVER_FW_PATH_STA := "/dev/null"
+WIFI_DRIVER_FW_PATH_AP := "/dev/null"
diff --git a/target/product/emulator.mk b/target/product/emulator.mk
index 67ebe04..10eb4c8 100644
--- a/target/product/emulator.mk
+++ b/target/product/emulator.mk
@@ -116,9 +116,19 @@
PRODUCT_PACKAGES += \
vndk-sp
+# WiFi
+PRODUCT_PACKAGES += \
+ execns \
+ hostapd \
+ ip \
+ ipv6proxy \
+ iw \
+ wpa_supplicant \
+
PRODUCT_COPY_FILES += \
device/generic/goldfish/init.ranchu-core.sh:$(TARGET_COPY_OUT_VENDOR)/bin/init.ranchu-core.sh \
device/generic/goldfish/init.ranchu-net.sh:$(TARGET_COPY_OUT_VENDOR)/bin/init.ranchu-net.sh \
+ device/generic/goldfish/wifi/init.wifi.sh:$(TARGET_COPY_OUT_VENDOR)/bin/init.wifi.sh \
device/generic/goldfish/init.ranchu.rc:root/init.ranchu.rc \
device/generic/goldfish/fstab.ranchu:root/fstab.ranchu \
device/generic/goldfish/fstab.ranchu.early:root/fstab.ranchu.early \
@@ -127,6 +137,8 @@
device/generic/goldfish/manifest.xml:$(TARGET_COPY_OUT_VENDOR)/manifest.xml \
device/generic/goldfish/data/etc/permissions/privapp-permissions-goldfish.xml:$(TARGET_COPY_OUT_VENDOR)/etc/permissions/privapp-permissions-goldfish.xml \
device/generic/goldfish/data/etc/config.ini:config.ini \
+ device/generic/goldfish/wifi/simulated_hostapd.conf:system/etc/simulated_hostapd.conf \
+ device/generic/goldfish/wifi/wpa_supplicant.conf:data/misc/wifi/wpa_supplicant.conf \
frameworks/native/data/etc/android.hardware.wifi.xml:$(TARGET_COPY_OUT_VENDOR)/etc/permissions/android.hardware.wifi.xml
PRODUCT_PACKAGE_OVERLAYS := device/generic/goldfish/overlay
diff --git a/target/product/sdk_base.mk b/target/product/sdk_base.mk
index df68d02..e3f2db2 100644
--- a/target/product/sdk_base.mk
+++ b/target/product/sdk_base.mk
@@ -44,7 +44,7 @@
SysuiDarkThemeOverlay \
EasterEgg \
WallpaperPicker \
- WidgetPreview
+ WidgetPreview \
# Define the host tools and libs that are parts of the SDK.
-include sdk/build/product_sdk.mk