commit 3c5bd500caa5fa5d8142e6c93105d312f4087fc4
author chenpaul <chenpaul@google.com> Fri Mar 13 17:51:14 2020 +0800
committer chenpaul <chenpaul@google.com> Tue Mar 24 15:19:20 2020 +0800
tree 5942e48254d70e285bf10cb2e18d785c1868850c
parent 8395f27ee88ef5a6b25dadcba2c4554094334de0

wifi - Add sepolicy for wifi_sniffer

Bug: 151402822
Test: wifi_sniffer is workable
Change-Id: Ie41d2caf676e3c3b24edce9061577b92c3023b05

wifi_sniffer/file.te

diff --git a/wifi_sniffer/file.te b/wifi_sniffer/file.te
new file mode 100644
index 0000000..667d334
--- /dev/null
+++ b/wifi_sniffer/file.te
@@ -0,0 +1 @@
+type sysfs_wifi_conmode, sysfs_type, fs_type;

wifi_sniffer/file_contexts

diff --git a/wifi_sniffer/file_contexts b/wifi_sniffer/file_contexts
new file mode 100644
index 0000000..b2fc6e2
--- /dev/null
+++ b/wifi_sniffer/file_contexts
@@ -0,0 +1 @@
+/vendor/bin/wifi_sniffer        u:object_r:wifi_sniffer_exec:s0

wifi_sniffer/genfs_contexts

diff --git a/wifi_sniffer/genfs_contexts b/wifi_sniffer/genfs_contexts
new file mode 100644
index 0000000..753ccbc
--- /dev/null
+++ b/wifi_sniffer/genfs_contexts
@@ -0,0 +1 @@
+genfscon sysfs /module/wlan/parameters/con_mode           u:object_r:sysfs_wifi_conmode:s0

wifi_sniffer/property.te

diff --git a/wifi_sniffer/property.te b/wifi_sniffer/property.te
new file mode 100644
index 0000000..df29700
--- /dev/null
+++ b/wifi_sniffer/property.te
@@ -0,0 +1 @@
+type vendor_wifi_sniffer_prop, property_type;

wifi_sniffer/property_contexts

diff --git a/wifi_sniffer/property_contexts b/wifi_sniffer/property_contexts
new file mode 100644
index 0000000..19f7e76
--- /dev/null
+++ b/wifi_sniffer/property_contexts
@@ -0,0 +1,3 @@
+persist.vendor.wifi.sniffer.freq                u:object_r:vendor_wifi_sniffer_prop:s0
+persist.vendor.wifi.sniffer.bandwidth           u:object_r:vendor_wifi_sniffer_prop:s0
+vendor.wifi.sniffer.start                       u:object_r:vendor_wifi_sniffer_prop:s0

wifi_sniffer/wifi_sniffer.te

diff --git a/wifi_sniffer/wifi_sniffer.te b/wifi_sniffer/wifi_sniffer.te
new file mode 100644
index 0000000..b87a51f
--- /dev/null
+++ b/wifi_sniffer/wifi_sniffer.te
@@ -0,0 +1,20 @@
+type wifi_sniffer, domain;
+type wifi_sniffer_exec, exec_type, vendor_file_type, file_type;
+
+userdebug_or_eng(`
+  # make transition from init to its domain
+  init_daemon_domain(wifi_sniffer)
+  net_domain(wifi_sniffer)
+
+# configurate con mode
+  allow wifi_sniffer self:capability net_admin;
+  allow wifi_sniffer sysfs_wifi_conmode:file rw_file_perms;
+
+# interface up
+  allowxperm wifi_sniffer self:udp_socket ioctl SIOCSIFFLAGS;
+  allow wifi_sniffer self:netlink_generic_socket create_socket_perms_no_ioctl;
+
+  get_prop(wifi_sniffer, vendor_wifi_sniffer_prop)
+
+  dontaudit wifi_sniffer debugfs_wlan:dir search;
+')