Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 02ed21e85102dc71c8b01d6f2c4e0a3cea1af862^! / .
commit02ed21e85102dc71c8b01d6f2c4e0a3cea1af862[log] [tgz]
authorRoshan Pius <rpius@google.com>Tue Dec 06 17:17:41 2016 -0800
committerRoshan Pius <rpius@google.com>Mon Dec 12 10:40:14 2016 -0800
treed380a0514905dbf80534e47dc834368444acf1ca
parent9f1e2b53fb0fae51c8fc3c4a53b81eb926d9cb14 [diff]
hal_wifi: Allow system_server to access wifi HIDL services

We're going to be using Android framework directly to invoke Wifi HIDL
calls. So, change permissions appropriately.

Bug: 33398154
Test: Verfied that framework is able to make HIDL calls using
go/aog/310610.

Change-Id: I4d0d88961753ad73f3876aec58b26b89486cc02a

diff --git a/public/hal_wifi.te b/public/hal_wifi.te
index 1f117d2..a883d79 100644
--- a/public/hal_wifi.te
+++ b/public/hal_wifi.te

@@ -5,8 +5,8 @@
 ## hwbinder access
 hwbinder_use(hal_wifi)
 
-## call into wificond process (callbacks)
-binder_call(hal_wifi, wificond)
+## call into system_server process (for invoking callbacks)
+binder_call(hal_wifi, system_server)
 
 r_dir_file(hal_wifi, proc_net)
 r_dir_file(hal_wifi, sysfs_type)

diff --git a/public/system_server.te b/public/system_server.te
index 36e95ab..146e557 100644
--- a/public/system_server.te
+++ b/public/system_server.te

@@ -146,13 +146,6 @@
 
 # Perform Binder IPC.
 binder_use(system_server)
-binder_call(system_server, hal_boot)
-binder_call(system_server, hal_light)
-binder_call(system_server, hal_memtrack)
-binder_call(system_server, hal_power)
-binder_call(system_server, hal_thermal)
-binder_call(system_server, hal_vibrator)
-binder_call(system_server, hal_vr)
 binder_call(system_server, { appdomain ephemeral_app })
 binder_call(system_server, binderservicedomain)
 binder_call(system_server, dumpstate)
@@ -163,6 +156,18 @@
 binder_call(system_server, wificond)
 binder_service(system_server)
 
+# Perform HwBinder IPC.
+hwbinder_use(system_server)
+binder_call(system_server, hal_boot)
+binder_call(system_server, hal_light)
+binder_call(system_server, hal_memtrack)
+binder_call(system_server, hal_power)
+binder_call(system_server, hal_thermal)
+binder_call(system_server, hal_vibrator)
+binder_call(system_server, hal_vr)
+binder_call(system_server, hal_wifi)
+binder_call(system_server, wpa)
+
 # Ask debuggerd to dump backtraces for native stacks of interest.
 #
 # This is derived from the list that system server defines as interesting native processes

diff --git a/public/wificond.te b/public/wificond.te
index c6b85fc..0fcc3ae 100644
--- a/public/wificond.te
+++ b/public/wificond.te

@@ -5,10 +5,6 @@
 binder_use(wificond)
 binder_call(wificond, system_server)
 
-hwbinder_use(wificond)
-binder_call(wificond, hal_wifi)
-binder_call(wificond, wpa)
-
 allow wificond wificond_service:service_manager { add find };
 
 # wificond writes firmware paths to this file.

diff --git a/public/wpa.te b/public/wpa.te
index 83276c8..20fcd53 100644
--- a/public/wpa.te
+++ b/public/wpa.te

@@ -26,7 +26,7 @@
 
 # HIDL interface exposed by WPA.
 hwbinder_use(wpa)
-binder_call(wpa, wificond)
+binder_call(wpa, system_server)
 
 # Create a socket for receiving info from wpa
 allow wpa wpa_socket:dir create_dir_perms;