Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / 1086c7d71d7f614addf36c3923fc5ce96da2cdde^! / . / private / network_stack.te
commit1086c7d71d7f614addf36c3923fc5ce96da2cdde[log] [tgz]
authorRoshan Pius <rpius@google.com>Tue Oct 01 13:49:21 2019 -0700
committerRoshan Pius <rpius@google.com>Wed Oct 02 11:49:43 2019 -0700
tree73c59e16044fe6859e7dbe27fee4d3824157f38f
parentcc3f9434366d3eea951bd3e82519195c7df45c35 [diff] [blame]
wifi_stack: Move to network_stack process

The wifi stack APK will run inside the network_stack process. So, move
the sepolicy rules for wifi stack inside the network stack rules.

Bug: 135691051
Test: Manual tests
- manual connect to wifi networks
- Remove networks
Test: Will send for ACTS wifi regression testing
Change-Id: I9d5da80852f22fa1d12b2dbbc76b9e06c1275310
(cherry-picked from b83abf7af3df64e0d3c1b22548f2344b55aece28)

diff --git a/private/network_stack.te b/private/network_stack.te
index b214538..a969986 100644
--- a/private/network_stack.te
+++ b/private/network_stack.te

@@ -1,4 +1,4 @@
-# Networking service app
+############### Networking service app - NetworkStack.apk ##############
 typeattribute network_stack coredomain;
 
 app_domain(network_stack);
@@ -28,3 +28,41 @@
 allow network_stack radio_data_file:file create_file_perms;
 
 binder_call(network_stack, netd);
+
+############### Wifi Service app - WifiStack.apk ##############
+# Data file accesses.
+# Manage /data/misc/wifi & /data/misc_ce/<user_id>/wifi.
+allow network_stack wifi_data_file:dir create_dir_perms;
+allow network_stack wifi_data_file:file create_file_perms;
+
+# Property accesses
+userdebug_or_eng(`
+  set_prop(network_stack, wifi_log_prop)
+
+  # Allow network_stack to read dmesg
+  # TODO(b/137085509): Remove this.
+  allow network_stack kernel:system syslog_read;
+')
+
+# Binder IPC.
+allow network_stack network_score_service:service_manager find;
+allow network_stack network_stack_service:service_manager find;
+allow network_stack radio_service:service_manager find;
+allow network_stack wificond_service:service_manager find;
+allow network_stack wifiscanner_service:service_manager find;
+binder_call(network_stack, system_server)
+binder_call(network_stack, wificond)
+
+# HwBinder IPC.
+hal_client_domain(network_stack, hal_wifi)
+hal_client_domain(network_stack, hal_wifi_hostapd)
+hal_client_domain(network_stack, hal_wifi_supplicant)
+
+# Allow WifiService to start, stop, and read wifi-specific trace events.
+allow network_stack debugfs_tracing_instances:dir search;
+allow network_stack debugfs_wifi_tracing:dir search;
+allow network_stack debugfs_wifi_tracing:file rw_file_perms;
+
+# dumpstate support
+allow network_stack dumpstate:fd use;
+allow network_stack dumpstate:fifo_file write;