sepolicy: Make wpa_supplicant a HIDL service Note: The existing rules allowing socket communication will be removed once we migrate over to HIDL completely. Bug: 34603782 Test: Able to connect to wifi networks. Test: Will be sending for full wifi integration tests (go/wifi-test-request) Change-Id: I9ee238fd0017ec330f6eb67ef9049211f7bd4615

commit: 2a9595ede2c9a224686e619c2ee5c976dd324ac0 [log] [tgz]
author: Roshan Pius <rpius@google.com> Sat Feb 18 21:32:32 2017 -0800
committer: Roshan Pius <rpius@google.com> Fri Feb 24 17:10:59 2017 +0000
tree: 0f6ed9c47a051d799028741e18429e675973e5c6
parent: 4ff233326b7f157dc32012460c89e3cc6b103666 [diff]
diff --git a/private/file_contexts b/private/file_contexts
index 9e2abeb..cc59c84 100644
--- a/private/file_contexts
+++ b/private/file_contexts

@@ -205,7 +205,6 @@
 /system/bin/crash_dump32 u:object_r:crash_dump_exec:s0
 /system/bin/crash_dump64 u:object_r:crash_dump_exec:s0
 /system/bin/tombstoned u:object_r:tombstoned_exec:s0
-/system/bin/wpa_supplicant	u:object_r:wpa_exec:s0
 /system/bin/recovery-persist     u:object_r:recovery_persist_exec:s0
 /system/bin/recovery-refresh     u:object_r:recovery_refresh_exec:s0
 /system/bin/sdcard      u:object_r:sdcardd_exec:s0

diff --git a/private/service_contexts b/private/service_contexts
index d41dd9e..ba195dc 100644
--- a/private/service_contexts
+++ b/private/service_contexts

@@ -165,5 +165,4 @@
 wificond                                  u:object_r:wificond_service:s0
 wifiaware                                 u:object_r:wifiaware_service:s0
 window                                    u:object_r:window_service:s0
-wpa                                       u:object_r:wpa_supplicant_service:s0
 *                                         u:object_r:default_android_service:s0

diff --git a/private/system_server.te b/private/system_server.te
index 2c132ea..6294055 100644
--- a/private/system_server.te
+++ b/private/system_server.te

@@ -155,7 +155,8 @@
 unix_socket_connect(system_server, webview_zygote, webview_zygote)
 unix_socket_connect(system_server, zygote, zygote)
 unix_socket_connect(system_server, racoon, racoon)
-unix_socket_send(system_server, wpa, wpa)
+# TODO(b/35707797): Remove this socket access.
+unix_socket_send(system_server, wpa, hal_wifi_supplicant_server)
 unix_socket_connect(system_server, uncrypt, uncrypt)
 
 # Communicate over a socket created by surfaceflinger.
@@ -191,7 +192,7 @@
 binder_call(system_server, hal_vibrator)
 binder_call(system_server, hal_vr)
 hal_client_domain(system_server, hal_wifi)
-binder_call(system_server, wpa)
+hal_client_domain(system_server, hal_wifi_supplicant)
 
 # Talk to tombstoned to get ANR traces.
 unix_socket_connect(system_server, tombstoned_intercept, tombstoned)

diff --git a/private/wpa.te b/private/wpa.te
deleted file mode 100644
index 4bf29cf..0000000
--- a/private/wpa.te
+++ /dev/null

@@ -1,6 +0,0 @@
-# type_transition must be private policy the domain_trans rules could stay
-# public, but conceptually should go with this
-init_daemon_domain(wpa)
-
-# Create a socket for receiving info from wpa
-type_transition wpa wifi_data_file:dir wpa_socket "sockets";
commit	2a9595ede2c9a224686e619c2ee5c976dd324ac0	[log] [tgz]
author	Roshan Pius <rpius@google.com>	Sat Feb 18 21:32:32 2017 -0800
committer	Roshan Pius <rpius@google.com>	Fri Feb 24 17:10:59 2017 +0000
tree	0f6ed9c47a051d799028741e18429e675973e5c6
parent	4ff233326b7f157dc32012460c89e3cc6b103666 [diff]