Switch Wi-Fi HAL policy to _client/_server
This switches Wi-Fi HAL policy to the design which enables us to
conditionally remove unnecessary rules from domains which are clients
of Wi-Fi HAL.
Domains which are clients of Wi-Fi HAL, such as system_server domain,
are granted rules targeting hal_wifi only when the Wi-Fi HAL runs in
passthrough mode (i.e., inside the client's process). When the HAL
runs in binderized mode (i.e., in another process/domain, with clients
talking to the HAL over HwBinder IPC), rules targeting hal_wifi are
not granted to client domains.
Domains which offer a binderized implementation of Wi-Fi HAL, such as
hal_wifi_default domain, are always granted rules targeting hal_wifi.
Test: Setup Wizard (incl. adding a Google Account) completes fine with
Wi-Fi connectivity only
Test: Toggle Wi-Fi off, on, off, on
Test: Use System UI to see list of WLANs and connect to one which does
not require a password, and to one which requries a PSK
Test: ip6.me loads fine in Chrome over Wi-Fi
Bug: 34170079
Change-Id: I7a216a06727c88b7f2c23d529f67307e83bed17f
diff --git a/private/system_server.te b/private/system_server.te
index a1f9899..5db6850 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -193,7 +193,7 @@
binder_call(system_server, hal_usb)
binder_call(system_server, hal_vibrator)
binder_call(system_server, hal_vr)
-binder_call(system_server, hal_wifi)
+hal_client_domain(system_server, hal_wifi)
binder_call(system_server, wpa)
# Talk to tombstoned to get ANR traces.