Merge changes from topic "emu_wifi_fixes" into pi-dev
* changes:
Update SELinux rules to support emulator WiFi
Build emulator images with emulator WiFi HAL
Update makefiles for WiFi in Treble
Fix SELinux settings for WiFi in Treble
Add SELinux configuration for new DHCP programs
Enable WiFi for arm, arm64 and x86_64
Add support for WiFi in emulator
diff --git a/target/board/generic/BoardConfig.mk b/target/board/generic/BoardConfig.mk
index 67d019f..7ab9021 100644
--- a/target/board/generic/BoardConfig.mk
+++ b/target/board/generic/BoardConfig.mk
@@ -65,6 +65,17 @@
BOARD_SEPOLICY_DIRS += build/target/board/generic/sepolicy
BOARD_PROPERTY_OVERRIDES_SPLIT_ENABLED := true
+# Wifi.
+BOARD_WLAN_DEVICE := emulator
+BOARD_HOSTAPD_DRIVER := NL80211
+BOARD_WPA_SUPPLICANT_DRIVER := NL80211
+BOARD_HOSTAPD_PRIVATE_LIB := lib_driver_cmd_simulated
+BOARD_WPA_SUPPLICANT_PRIVATE_LIB := lib_driver_cmd_simulated
+WPA_SUPPLICANT_VERSION := VER_0_8_X
+WIFI_DRIVER_FW_PATH_PARAM := "/dev/null"
+WIFI_DRIVER_FW_PATH_STA := "/dev/null"
+WIFI_DRIVER_FW_PATH_AP := "/dev/null"
+
# Enable A/B update
TARGET_NO_RECOVERY := true
BOARD_BUILD_SYSTEM_ROOT_IMAGE := true
diff --git a/target/board/generic/sepolicy/createns.te b/target/board/generic/sepolicy/createns.te
new file mode 100644
index 0000000..1eaf9ef
--- /dev/null
+++ b/target/board/generic/sepolicy/createns.te
@@ -0,0 +1,14 @@
+# Network namespace creation
+type createns, domain;
+type createns_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(createns)
+
+allow createns self:capability { sys_admin net_raw setuid setgid };
+allow createns varrun_file:dir { add_name search write };
+allow createns varrun_file:file { create mounton open read write };
+
+#Allow createns itself to be run by init in its own domain
+domain_auto_trans(goldfish_setup, createns_exec, createns);
+allow createns goldfish_setup:fd use;
+
diff --git a/target/board/generic/sepolicy/dhcpclient.te b/target/board/generic/sepolicy/dhcpclient.te
new file mode 100644
index 0000000..df71fca
--- /dev/null
+++ b/target/board/generic/sepolicy/dhcpclient.te
@@ -0,0 +1,20 @@
+# DHCP client
+type dhcpclient, domain;
+type dhcpclient_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(dhcpclient)
+net_domain(dhcpclient)
+
+allow dhcpclient execns:fd use;
+
+set_prop(dhcpclient, net_eth0_prop);
+allow dhcpclient self:capability { net_admin net_raw };
+allow dhcpclient self:udp_socket create;
+allow dhcpclient self:netlink_route_socket { write nlmsg_write };
+allow dhcpclient varrun_file:dir search;
+allow dhcpclient self:packet_socket { create bind write read };
+allowxperm dhcpclient self:udp_socket ioctl { SIOCSIFFLAGS
+ SIOCSIFADDR
+ SIOCSIFNETMASK
+ SIOCSIFMTU
+ SIOCGIFHWADDR };
diff --git a/target/board/generic/sepolicy/dhcpserver.te b/target/board/generic/sepolicy/dhcpserver.te
new file mode 100644
index 0000000..7e8ba26
--- /dev/null
+++ b/target/board/generic/sepolicy/dhcpserver.te
@@ -0,0 +1,12 @@
+# DHCP server
+type dhcpserver, domain;
+type dhcpserver_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(dhcpserver)
+net_domain(dhcpserver)
+
+allow dhcpserver execns:fd use;
+
+get_prop(dhcpserver, net_eth0_prop);
+allow dhcpserver self:udp_socket { ioctl create setopt bind };
+allow dhcpserver self:capability { net_raw net_bind_service };
diff --git a/target/board/generic/sepolicy/execns.te b/target/board/generic/sepolicy/execns.te
new file mode 100644
index 0000000..9675a99
--- /dev/null
+++ b/target/board/generic/sepolicy/execns.te
@@ -0,0 +1,34 @@
+# Network namespace transitions
+type execns, domain;
+type execns_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(execns)
+
+allow execns varrun_file:dir search;
+allow execns varrun_file:file r_file_perms;
+allow execns self:capability sys_admin;
+allow execns nsfs:file { open read };
+
+#Allow execns itself to be run by init in its own domain
+domain_auto_trans(init, execns_exec, execns);
+
+# Allow dhcpclient to be run by execns in its own domain
+domain_auto_trans(execns, dhcpclient_exec, dhcpclient);
+
+# Allow dhcpserver to be run by execns in its own domain
+domain_auto_trans(execns, dhcpserver_exec, dhcpserver);
+
+# Rules to allow execution of hostapd and allow it to run
+allow execns hal_wifi_hostapd_default_exec:file { execute_no_trans };
+allow execns self:capability { net_admin net_raw };
+allow execns self:netlink_generic_socket { bind create getattr read setopt write };
+allow execns self:netlink_route_socket { bind create read write nlmsg_write };
+allow execns execns:udp_socket { create ioctl };
+allow execns self:packet_socket { create setopt };
+allow execns sysfs_net:dir { search };
+allowxperm execns self:udp_socket ioctl priv_sock_ioctls;
+
+# Allow execns to read createns proc file to get the namespace file
+allow execns createns:file read;
+allow execns createns:dir search;
+allow execns createns:lnk_file read;
diff --git a/target/board/generic/sepolicy/file.te b/target/board/generic/sepolicy/file.te
index 3afd706..b0aa217 100644
--- a/target/board/generic/sepolicy/file.te
+++ b/target/board/generic/sepolicy/file.te
@@ -1 +1,4 @@
+type sysfs_writable, fs_type, sysfs_type, mlstrustedobject;
+type varrun_file, file_type, data_file_type, mlstrustedobject;
type mediadrm_vendor_data_file, file_type, data_file_type;
+type nsfs, fs_type;
diff --git a/target/board/generic/sepolicy/file_contexts b/target/board/generic/sepolicy/file_contexts
index c65aaec..73fe752 100644
--- a/target/board/generic/sepolicy/file_contexts
+++ b/target/board/generic/sepolicy/file_contexts
@@ -17,7 +17,13 @@
/dev/ttyS2 u:object_r:console_device:s0
/vendor/bin/init\.ranchu-core\.sh u:object_r:goldfish_setup_exec:s0
/vendor/bin/init\.ranchu-net\.sh u:object_r:goldfish_setup_exec:s0
+/vendor/bin/init\.wifi\.sh u:object_r:goldfish_setup_exec:s0
/vendor/bin/qemu-props u:object_r:qemu_props_exec:s0
+/vendor/bin/createns u:object_r:createns_exec:s0
+/vendor/bin/execns u:object_r:execns_exec:s0
+/vendor/bin/ipv6proxy u:object_r:ipv6proxy_exec:s0
+/vendor/bin/dhcpclient u:object_r:dhcpclient_exec:s0
+/vendor/bin/dhcpserver u:object_r:dhcpserver_exec:s0
/vendor/bin/hw/android\.hardware\.drm@1\.0-service\.widevine u:object_r:hal_drm_widevine_exec:s0
@@ -36,4 +42,5 @@
# data
/data/vendor/mediadrm(/.*)? u:object_r:mediadrm_vendor_data_file:s0
+/data/vendor/var/run(/.*)? u:object_r:varrun_file:s0
diff --git a/target/board/generic/sepolicy/genfs_contexts b/target/board/generic/sepolicy/genfs_contexts
index 91cedf1..1b81626 100644
--- a/target/board/generic/sepolicy/genfs_contexts
+++ b/target/board/generic/sepolicy/genfs_contexts
@@ -15,3 +15,6 @@
genfscon sysfs /devices/pci0000:00/0000:00:08.0/virtio5/net u:object_r:sysfs_net:s0
genfscon sysfs /devices/virtual/mac80211_hwsim/hwsim0/net u:object_r:sysfs_net:s0
genfscon sysfs /devices/virtual/mac80211_hwsim/hwsim1/net u:object_r:sysfs_net:s0
+
+# /proc/<pid>/ns
+genfscon nsfs / u:object_r:nsfs:s0
diff --git a/target/board/generic/sepolicy/goldfish_setup.te b/target/board/generic/sepolicy/goldfish_setup.te
index eb913e9..1492cbd 100644
--- a/target/board/generic/sepolicy/goldfish_setup.te
+++ b/target/board/generic/sepolicy/goldfish_setup.te
@@ -11,3 +11,35 @@
allowxperm goldfish_setup self:udp_socket ioctl priv_sock_ioctls;
wakelock_use(goldfish_setup);
allow goldfish_setup vendor_shell_exec:file { rx_file_perms };
+
+# Set system properties to start services
+set_prop(goldfish_setup, ctl_default_prop);
+
+# Set up WiFi
+allow goldfish_setup self:netlink_route_socket { create nlmsg_write setopt bind getattr read write nlmsg_read };
+allow goldfish_setup self:netlink_generic_socket create_socket_perms_no_ioctl;
+allow goldfish_setup self:capability { sys_module sys_admin };
+allow goldfish_setup varrun_file:dir { mounton open read write add_name search remove_name };
+allow goldfish_setup varrun_file:file { mounton getattr create read write open unlink };
+allow goldfish_setup execns_exec:file rx_file_perms;
+allow goldfish_setup proc_net:file rw_file_perms;
+allow goldfish_setup proc:file r_file_perms;
+set_prop(goldfish_setup, ctl_default_prop);
+allow goldfish_setup nsfs:file r_file_perms;
+allow goldfish_setup system_data_file:dir getattr;
+allow goldfish_setup kernel:system module_request;
+# Allow goldfish_setup to run /system/bin/ip and /system/bin/iw
+allow goldfish_setup system_file:file execute_no_trans;
+# Allow goldfish_setup to run init.wifi.sh
+allow goldfish_setup goldfish_setup_exec:file execute_no_trans;
+#Allow goldfish_setup to run createns in its own domain
+domain_auto_trans(goldfish_setup, createns_exec, createns);
+# iw
+allow goldfish_setup sysfs:file { read open };
+# iptables
+allow goldfish_setup system_file:file lock;
+allow goldfish_setup self:rawip_socket { create getopt setopt };
+# Allow goldfish_setup to read createns proc file to get the namespace file
+allow goldfish_setup createns:file { read };
+allow goldfish_setup createns:dir { search };
+allow goldfish_setup createns:lnk_file { read };
diff --git a/target/board/generic/sepolicy/hal_wifi_default.te b/target/board/generic/sepolicy/hal_wifi_default.te
new file mode 100644
index 0000000..de4b996
--- /dev/null
+++ b/target/board/generic/sepolicy/hal_wifi_default.te
@@ -0,0 +1 @@
+allow hal_wifi_default hal_wifi_default:netlink_route_socket { create bind write read nlmsg_read };
diff --git a/target/board/generic/sepolicy/ipv6proxy.te b/target/board/generic/sepolicy/ipv6proxy.te
new file mode 100644
index 0000000..22976fe
--- /dev/null
+++ b/target/board/generic/sepolicy/ipv6proxy.te
@@ -0,0 +1,16 @@
+# IPv6 proxying
+type ipv6proxy, domain;
+type ipv6proxy_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(ipv6proxy)
+net_domain(ipv6proxy)
+
+# Allow ipv6proxy to be run by execns in its own domain
+domain_auto_trans(execns, ipv6proxy_exec, ipv6proxy);
+allow ipv6proxy execns:fd use;
+
+allow ipv6proxy self:capability { sys_admin sys_module net_admin net_raw };
+allow ipv6proxy self:packet_socket { bind create read };
+allow ipv6proxy self:netlink_route_socket nlmsg_write;
+allow ipv6proxy varrun_file:dir search;
+allowxperm ipv6proxy self:udp_socket ioctl { SIOCSIFFLAGS SIOCGIFHWADDR };
diff --git a/target/board/generic/sepolicy/property.te b/target/board/generic/sepolicy/property.te
index 56e02ef..8c7c892 100644
--- a/target/board/generic/sepolicy/property.te
+++ b/target/board/generic/sepolicy/property.te
@@ -1,3 +1,4 @@
type qemu_prop, property_type;
type qemu_cmdline, property_type;
type radio_noril_prop, property_type;
+type net_eth0_prop, property_type;
diff --git a/target/board/generic/sepolicy/property_contexts b/target/board/generic/sepolicy/property_contexts
index 3a61b6b..c5a2bc1 100644
--- a/target/board/generic/sepolicy/property_contexts
+++ b/target/board/generic/sepolicy/property_contexts
@@ -3,3 +3,4 @@
ro.emu. u:object_r:qemu_prop:s0
ro.emulator. u:object_r:qemu_prop:s0
ro.radio.noril u:object_r:radio_noril_prop:s0
+net.eth0. u:object_r:net_eth0_prop:s0
diff --git a/target/board/generic_arm64/BoardConfig.mk b/target/board/generic_arm64/BoardConfig.mk
index e066e3a..d5f79f4 100644
--- a/target/board/generic_arm64/BoardConfig.mk
+++ b/target/board/generic_arm64/BoardConfig.mk
@@ -96,6 +96,17 @@
BOARD_PROPERTY_OVERRIDES_SPLIT_ENABLED := true
BOARD_SEPOLICY_DIRS += build/target/board/generic/sepolicy
+# Wifi.
+BOARD_WLAN_DEVICE := emulator
+BOARD_HOSTAPD_DRIVER := NL80211
+BOARD_WPA_SUPPLICANT_DRIVER := NL80211
+BOARD_HOSTAPD_PRIVATE_LIB := lib_driver_cmd_simulated
+BOARD_WPA_SUPPLICANT_PRIVATE_LIB := lib_driver_cmd_simulated
+WPA_SUPPLICANT_VERSION := VER_0_8_X
+WIFI_DRIVER_FW_PATH_PARAM := "/dev/null"
+WIFI_DRIVER_FW_PATH_STA := "/dev/null"
+WIFI_DRIVER_FW_PATH_AP := "/dev/null"
+
# Enable A/B update
TARGET_NO_RECOVERY := true
BOARD_BUILD_SYSTEM_ROOT_IMAGE := true
diff --git a/target/board/generic_x86/BoardConfig.mk b/target/board/generic_x86/BoardConfig.mk
index d1cbeb9..2d00506 100644
--- a/target/board/generic_x86/BoardConfig.mk
+++ b/target/board/generic_x86/BoardConfig.mk
@@ -67,3 +67,14 @@
# Enable A/B update
TARGET_NO_RECOVERY := true
BOARD_BUILD_SYSTEM_ROOT_IMAGE := true
+
+# Wifi.
+BOARD_WLAN_DEVICE := emulator
+BOARD_HOSTAPD_DRIVER := NL80211
+BOARD_WPA_SUPPLICANT_DRIVER := NL80211
+BOARD_HOSTAPD_PRIVATE_LIB := lib_driver_cmd_simulated
+BOARD_WPA_SUPPLICANT_PRIVATE_LIB := lib_driver_cmd_simulated
+WPA_SUPPLICANT_VERSION := VER_0_8_X
+WIFI_DRIVER_FW_PATH_PARAM := "/dev/null"
+WIFI_DRIVER_FW_PATH_STA := "/dev/null"
+WIFI_DRIVER_FW_PATH_AP := "/dev/null"
diff --git a/target/board/generic_x86_64/BoardConfig.mk b/target/board/generic_x86_64/BoardConfig.mk
index a9c5142..5377fb1 100755
--- a/target/board/generic_x86_64/BoardConfig.mk
+++ b/target/board/generic_x86_64/BoardConfig.mk
@@ -62,6 +62,17 @@
BOARD_VNDK_VERSION := current
+# Wifi.
+BOARD_WLAN_DEVICE := emulator
+BOARD_HOSTAPD_DRIVER := NL80211
+BOARD_WPA_SUPPLICANT_DRIVER := NL80211
+BOARD_HOSTAPD_PRIVATE_LIB := lib_driver_cmd_simulated
+BOARD_WPA_SUPPLICANT_PRIVATE_LIB := lib_driver_cmd_simulated
+WPA_SUPPLICANT_VERSION := VER_0_8_X
+WIFI_DRIVER_FW_PATH_PARAM := "/dev/null"
+WIFI_DRIVER_FW_PATH_STA := "/dev/null"
+WIFI_DRIVER_FW_PATH_AP := "/dev/null"
+
# Enable A/B update
TARGET_NO_RECOVERY := true
BOARD_BUILD_SYSTEM_ROOT_IMAGE := true
diff --git a/target/product/emulator.mk b/target/product/emulator.mk
index 67ebe04..11466b8 100644
--- a/target/product/emulator.mk
+++ b/target/product/emulator.mk
@@ -55,6 +55,7 @@
audio.primary.goldfish \
audio.primary.goldfish_legacy \
android.hardware.audio@2.0-service \
+ android.hardware.wifi@1.0-service \
vibrator.goldfish \
power.goldfish \
power.ranchu \
@@ -116,9 +117,23 @@
PRODUCT_PACKAGES += \
vndk-sp
+# WiFi
+PRODUCT_PACKAGES += \
+ createns \
+ dhcpclient \
+ dhcpserver \
+ execns \
+ hostapd \
+ ip \
+ ipv6proxy \
+ iw \
+ wificond \
+ wpa_supplicant \
+
PRODUCT_COPY_FILES += \
device/generic/goldfish/init.ranchu-core.sh:$(TARGET_COPY_OUT_VENDOR)/bin/init.ranchu-core.sh \
device/generic/goldfish/init.ranchu-net.sh:$(TARGET_COPY_OUT_VENDOR)/bin/init.ranchu-net.sh \
+ device/generic/goldfish/wifi/init.wifi.sh:$(TARGET_COPY_OUT_VENDOR)/bin/init.wifi.sh \
device/generic/goldfish/init.ranchu.rc:root/init.ranchu.rc \
device/generic/goldfish/fstab.ranchu:root/fstab.ranchu \
device/generic/goldfish/fstab.ranchu.early:root/fstab.ranchu.early \
@@ -127,6 +142,9 @@
device/generic/goldfish/manifest.xml:$(TARGET_COPY_OUT_VENDOR)/manifest.xml \
device/generic/goldfish/data/etc/permissions/privapp-permissions-goldfish.xml:$(TARGET_COPY_OUT_VENDOR)/etc/permissions/privapp-permissions-goldfish.xml \
device/generic/goldfish/data/etc/config.ini:config.ini \
+ device/generic/goldfish/wifi/simulated_hostapd.conf:$(TARGET_COPY_OUT_VENDOR)/etc/simulated_hostapd.conf \
+ device/generic/goldfish/wifi/wpa_supplicant.conf:$(TARGET_COPY_OUT_VENDOR)/etc/wifi/wpa_supplicant.conf \
+ device/generic/goldfish/wifi/WifiConfigStore.xml:data/misc/wifi/WifiConfigStore.xml \
frameworks/native/data/etc/android.hardware.wifi.xml:$(TARGET_COPY_OUT_VENDOR)/etc/permissions/android.hardware.wifi.xml
PRODUCT_PACKAGE_OVERLAYS := device/generic/goldfish/overlay
diff --git a/target/product/sdk_base.mk b/target/product/sdk_base.mk
index df68d02..e3f2db2 100644
--- a/target/product/sdk_base.mk
+++ b/target/product/sdk_base.mk
@@ -44,7 +44,7 @@
SysuiDarkThemeOverlay \
EasterEgg \
WallpaperPicker \
- WidgetPreview
+ WidgetPreview \
# Define the host tools and libs that are parts of the SDK.
-include sdk/build/product_sdk.mk