Merge "sepolicy: add missing labels for same process HALs." into oc-dev am: 42424f13e5
am: 870160d528
Change-Id: Ia54190a372be0ffb8ed573dab31cdce4c0ddbf7a
diff --git a/private/init.te b/private/init.te
index fb4335a..f84d87e 100644
--- a/private/init.te
+++ b/private/init.te
@@ -14,6 +14,7 @@
domain_trans(init, init_exec, ueventd)
domain_trans(init, init_exec, watchdogd)
domain_trans(init, rootfs, modprobe)
+domain_trans(init, toolbox_exec, modprobe)
# case where logpersistd is actually logcat -f in logd context (nee: logcatd)
userdebug_or_eng(`
domain_auto_trans(init, logcat_exec, logpersist)
diff --git a/private/system_server.te b/private/system_server.te
index 90e8b10..e1c5f6d 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -191,6 +191,7 @@
binder_call(system_server, hal_vr)
hal_client_domain(system_server, hal_vr)
hal_client_domain(system_server, hal_wifi)
+hal_client_domain(system_server, hal_wifi_offload)
# TODO(b/34274385): Remove this once Wi-Fi Supplicant HAL is guaranteed to be binderized on full
# Treble devices. Passthrough Wi-Fi Supplicant HAL makes system_server touch wpa_socket which is a
diff --git a/private/wificond.te b/private/wificond.te
index 5476e33..cc76447 100644
--- a/private/wificond.te
+++ b/private/wificond.te
@@ -1,3 +1,4 @@
typeattribute wificond coredomain;
init_daemon_domain(wificond)
+hal_client_domain(wificond, hal_wifi_offload)
diff --git a/public/attributes b/public/attributes
index 30dfa4b..da399c9 100644
--- a/public/attributes
+++ b/public/attributes
@@ -246,6 +246,9 @@
attribute hal_wifi_keystore;
attribute hal_wifi_keystore_client;
attribute hal_wifi_keystore_server;
+attribute hal_wifi_offload;
+attribute hal_wifi_offload_client;
+attribute hal_wifi_offload_server;
attribute hal_wifi_supplicant;
attribute hal_wifi_supplicant_client;
attribute hal_wifi_supplicant_server;
diff --git a/public/hal_wifi_offload.te b/public/hal_wifi_offload.te
new file mode 100644
index 0000000..dac5171
--- /dev/null
+++ b/public/hal_wifi_offload.te
@@ -0,0 +1,6 @@
+## HwBinder IPC from client to server, and callbacks
+binder_call(hal_wifi_offload_client, hal_wifi_offload_server)
+binder_call(hal_wifi_offload_server, hal_wifi_offload_client)
+
+r_dir_file(hal_wifi_offload, proc_net)
+r_dir_file(hal_wifi_offload, sysfs_type)
diff --git a/public/modprobe.te b/public/modprobe.te
index 0fc173d..ca0657f 100644
--- a/public/modprobe.te
+++ b/public/modprobe.te
@@ -6,3 +6,4 @@
allow modprobe rootfs:system module_load;
allow modprobe rootfs:file r_file_perms;
')
+allow modprobe system_file:system module_load;
diff --git a/vendor/file_contexts b/vendor/file_contexts
index 9d1b84f..bd99fc5 100644
--- a/vendor/file_contexts
+++ b/vendor/file_contexts
@@ -29,6 +29,7 @@
/(vendor|system/vendor)/bin/hw/android\.hardware\.usb@1\.0-service u:object_r:hal_usb_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.vibrator@1\.0-service u:object_r:hal_vibrator_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.vr@1\.0-service u:object_r:hal_vr_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.wifi\.offload@1\.0-service u:object_r:hal_wifi_offload_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.wifi@1\.0-service u:object_r:hal_wifi_default_exec:s0
/(vendor|system/vendor)/bin/hw/wpa_supplicant u:object_r:hal_wifi_supplicant_default_exec:s0
/(vendor|system/vendor)/bin/hostapd u:object_r:hostapd_exec:s0
diff --git a/vendor/hal_wifi_offload_default.te b/vendor/hal_wifi_offload_default.te
new file mode 100644
index 0000000..9547862
--- /dev/null
+++ b/vendor/hal_wifi_offload_default.te
@@ -0,0 +1,5 @@
+type hal_wifi_offload_default, domain;
+hal_server_domain(hal_wifi_offload_default, hal_wifi_offload)
+
+type hal_wifi_offload_default_exec, exec_type, file_type;
+init_daemon_domain(hal_wifi_offload_default)