commit 3dbf3d8ac85971a6cf17279f0b6e1b8af4f7f9f3
author Inseob Kim <inseob@google.com> Thu Jun 25 21:20:42 2020 +0900
committer Inseob Kim <inseob@google.com> Fri Jul 17 17:38:13 2020 +0900
tree 62bc26ce9459c2d9a1535852d5d840c38f6f981f
parent d2c0b7bf9e34732e56911b58c9b9d7386b01fb77

Add wifi_hal_prop and remove exported_wifi_prop

To remove bad context names "exported*_prop"

Bug: 155844385
Test: boot and see no denials
Change-Id: Icd30be64355699618735d4012461835eca8cd651
Merged-In: Icd30be64355699618735d4012461835eca8cd651
(cherry picked from commit 37c2d4d0c9669f3c7590f3dfccfac3c9725d1b5a)
(cherry picked from commit 3b66e9b9f855ad0694efed405a30d64265854784)

private/compat/27.0/27.0.ignore.cil

diff --git a/private/compat/27.0/27.0.ignore.cil b/private/compat/27.0/27.0.ignore.cil
index b00ad45..c80c4dc 100644
--- a/private/compat/27.0/27.0.ignore.cil
+++ b/private/compat/27.0/27.0.ignore.cil
@@ -229,6 +229,7 @@
     wait_for_keymaster_exec
     wait_for_keymaster_tmpfs
     watchdogd_tmpfs
+    wifi_hal_prop
     wm_trace_data_file
     wpantund
     wpantund_exec

private/compat/30.0/30.0.cil

diff --git a/private/compat/30.0/30.0.cil b/private/compat/30.0/30.0.cil
index 138d65d..c2babb8 100644
--- a/private/compat/30.0/30.0.cil
+++ b/private/compat/30.0/30.0.cil
@@ -6,6 +6,7 @@
 (type exported_system_radio_prop)
 (type exported_radio_prop)
 (type exported_vold_prop)
+(type exported_wifi_prop)
 (type exported2_config_prop)
 (type exported2_radio_prop)
 (type exported2_vold_prop)
@@ -1406,7 +1407,7 @@
     usb_config_prop
     usb_control_prop))
 (typeattributeset exported_vold_prop_30_0 (exported_vold_prop vold_status_prop))
-(typeattributeset exported_wifi_prop_30_0 (exported_wifi_prop))
+(typeattributeset exported_wifi_prop_30_0 (exported_wifi_prop wifi_hal_prop))
 (typeattributeset external_vibrator_service_30_0 (external_vibrator_service))
 (typeattributeset face_service_30_0 (face_service))
 (typeattributeset face_vendor_data_file_30_0 (face_vendor_data_file))

private/gmscore_app.te

diff --git a/private/gmscore_app.te b/private/gmscore_app.te
index b70a397..6ef3ade 100644
--- a/private/gmscore_app.te
+++ b/private/gmscore_app.te
@@ -53,8 +53,7 @@
 dontaudit gmscore_app sysfs_android_usb:file r_file_perms;
 dontaudit gmscore_app sysfs_dm:file r_file_perms;
 dontaudit gmscore_app sysfs_loop:file r_file_perms;
-dontaudit gmscore_app wifi_prop:file r_file_perms;
-dontaudit gmscore_app { wifi_prop exported_wifi_prop }:file r_file_perms;
+dontaudit gmscore_app { wifi_prop wifi_hal_prop }:file r_file_perms;
 dontaudit gmscore_app mirror_data_file:dir search;
 
 # Access the network

private/priv_app.te

diff --git a/private/priv_app.te b/private/priv_app.te
index d5b8d3f..57dcfc5 100644
--- a/private/priv_app.te
+++ b/private/priv_app.te
@@ -134,8 +134,7 @@
 dontaudit priv_app sysfs:file read;
 dontaudit priv_app sysfs_android_usb:file read;
 dontaudit priv_app sysfs_dm:file r_file_perms;
-dontaudit priv_app wifi_prop:file read;
-dontaudit priv_app { wifi_prop exported_wifi_prop }:file read;
+dontaudit priv_app { wifi_prop wifi_hal_prop }:file read;
 
 # allow privileged apps to use UDP sockets provided by the system server but not
 # modify them other than to connect

private/property.te

diff --git a/private/property.te b/private/property.te
index db43ae3..06fae0a 100644
--- a/private/property.te
+++ b/private/property.te
@@ -218,12 +218,13 @@
 
   neverallow {
     domain
-    -coredomain
+    -init
+    -dumpstate
     -hal_wifi_server
     -wificond
     -vendor_init
   } {
-    exported_wifi_prop
+    wifi_hal_prop
   }:property_service set;
 
 # Prevent properties from being read

private/property_contexts

diff --git a/private/property_contexts b/private/property_contexts
index d29337b..0e4566a 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -490,8 +490,6 @@
 
 vold.post_fs_data_done u:object_r:vold_config_prop:s0 exact int
 
-wlan.driver.status u:object_r:exported_wifi_prop:s0 exact enum ok unloaded
-
 apexd.status u:object_r:apexd_prop:s0 exact enum starting activated ready
 
 dev.bootcomplete   u:object_r:boot_status_prop:s0 exact bool
@@ -751,11 +749,12 @@
 
 vts.native_server.on u:object_r:vts_status_prop:s0 exact bool
 
-wifi.active.interface     u:object_r:exported_wifi_prop:s0 exact string
-wifi.aware.interface      u:object_r:exported_wifi_prop:s0 exact string
-wifi.concurrent.interface u:object_r:exported_default_prop:s0 exact string
-wifi.direct.interface     u:object_r:exported_default_prop:s0 exact string
-wifi.interface            u:object_r:exported_default_prop:s0 exact string
+wifi.active.interface     u:object_r:wifi_hal_prop:s0 exact string
+wifi.aware.interface      u:object_r:wifi_hal_prop:s0 exact string
+wifi.concurrent.interface u:object_r:wifi_hal_prop:s0 exact string
+wifi.direct.interface     u:object_r:wifi_hal_prop:s0 exact string
+wifi.interface            u:object_r:wifi_hal_prop:s0 exact string
+wlan.driver.status        u:object_r:wifi_hal_prop:s0 exact enum ok unloaded
 
 ro.apex.updatable u:object_r:exported_default_prop:s0 exact bool
 

private/wificond.te

diff --git a/private/wificond.te b/private/wificond.te
index 1912256..8bf37ca 100644
--- a/private/wificond.te
+++ b/private/wificond.te
@@ -1,6 +1,6 @@
 typeattribute wificond coredomain;
 
-set_prop(wificond, exported_wifi_prop)
+set_prop(wificond, wifi_hal_prop)
 set_prop(wificond, wifi_prop)
 set_prop(wificond, ctl_default_prop)