commit 04fad00762fcfc2230c7b5841d0c246a0479b33b
author xshu <xshu@google.com> Tue Dec 04 17:21:19 2018 -0800
committer xshu <xshu@google.com> Tue Dec 04 17:21:19 2018 -0800
tree 30fa3958b2e5c5dd00f2d2f438f66e546ba2e760
parent 3350a794385004df6b6ffc524eaeb2d13704c017

Wifi HAL SIOCETHTOOL sepolicy

Allow wifi HAL to use SIOCETHTOOL. This permission is needed to get
factory MAC address of the device.

Bug: 111634904
Test: Manual check that the device can get factory MAC address
Change-Id: I50e91ef7390ad4fba6e014990ee23feb777c4391

public/hal_wifi.te

diff --git a/public/hal_wifi.te b/public/hal_wifi.te
index f735be5..805adaf 100644
--- a/public/hal_wifi.te
+++ b/public/hal_wifi.te
@@ -10,9 +10,9 @@
 set_prop(hal_wifi, exported_wifi_prop)
 set_prop(hal_wifi, wifi_prop)
 
-# allow hal wifi set interfaces up and down
+# allow hal wifi set interfaces up and down and get the factory MAC
 allow hal_wifi self:udp_socket create_socket_perms;
-allowxperm hal_wifi self:udp_socket ioctl { SIOCSIFFLAGS SIOCSIFHWADDR };
+allowxperm hal_wifi self:udp_socket ioctl { SIOCSIFFLAGS SIOCSIFHWADDR SIOCETHTOOL };
 
 allow hal_wifi self:global_capability_class_set { net_admin net_raw };
 # allow hal_wifi to speak to nl80211 in the kernel