SE Policy for Wifi Offload HAL
Update SE Policy to allow calls to and callbacks from Wifi Offload HAL
HIDL binderized service.
Cherry pick from d56aa1982d15acfc2408271138dac43f1e5dc987
Bug: 32842314
Test: Unit tests, Mannual test to ensure Wifi can be brought up and
connected to an AP, ensure that Offload HAL service is running and that
that wificond can get the service handle by calling hwservicemanager.
Change-Id: I0fc51a4152f1891c8d88967e75d45ded115e766e
diff --git a/private/system_server.te b/private/system_server.te
index e9ffa82..aa4c18a 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -191,6 +191,7 @@
binder_call(system_server, hal_vr)
hal_client_domain(system_server, hal_vr)
hal_client_domain(system_server, hal_wifi)
+hal_client_domain(system_server, hal_wifi_offload)
# TODO(b/34274385): Remove this once Wi-Fi Supplicant HAL is guaranteed to be binderized on full
# Treble devices. Passthrough Wi-Fi Supplicant HAL makes system_server touch wpa_socket which is a
diff --git a/private/wificond.te b/private/wificond.te
index 5476e33..cc76447 100644
--- a/private/wificond.te
+++ b/private/wificond.te
@@ -1,3 +1,4 @@
typeattribute wificond coredomain;
init_daemon_domain(wificond)
+hal_client_domain(wificond, hal_wifi_offload)
diff --git a/public/attributes b/public/attributes
index b7f0701..0c533ce 100644
--- a/public/attributes
+++ b/public/attributes
@@ -236,6 +236,9 @@
attribute hal_wifi_keystore;
attribute hal_wifi_keystore_client;
attribute hal_wifi_keystore_server;
+attribute hal_wifi_offload;
+attribute hal_wifi_offload_client;
+attribute hal_wifi_offload_server;
attribute hal_wifi_supplicant;
attribute hal_wifi_supplicant_client;
attribute hal_wifi_supplicant_server;
diff --git a/public/hal_wifi_offload.te b/public/hal_wifi_offload.te
new file mode 100644
index 0000000..dac5171
--- /dev/null
+++ b/public/hal_wifi_offload.te
@@ -0,0 +1,6 @@
+## HwBinder IPC from client to server, and callbacks
+binder_call(hal_wifi_offload_client, hal_wifi_offload_server)
+binder_call(hal_wifi_offload_server, hal_wifi_offload_client)
+
+r_dir_file(hal_wifi_offload, proc_net)
+r_dir_file(hal_wifi_offload, sysfs_type)
diff --git a/vendor/file_contexts b/vendor/file_contexts
index ea0ef29..c160e0a 100644
--- a/vendor/file_contexts
+++ b/vendor/file_contexts
@@ -29,6 +29,7 @@
/(vendor|system/vendor)/bin/hw/android\.hardware\.usb@1\.0-service u:object_r:hal_usb_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.vibrator@1\.0-service u:object_r:hal_vibrator_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.vr@1\.0-service u:object_r:hal_vr_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.wifi\.offload@1\.0-service u:object_r:hal_wifi_offload_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.wifi@1\.0-service u:object_r:hal_wifi_default_exec:s0
/(vendor|system/vendor)/bin/hw/wpa_supplicant u:object_r:hal_wifi_supplicant_default_exec:s0
/(vendor|system/vendor)/bin/hostapd u:object_r:hostapd_exec:s0
diff --git a/vendor/hal_wifi_offload_default.te b/vendor/hal_wifi_offload_default.te
new file mode 100644
index 0000000..9547862
--- /dev/null
+++ b/vendor/hal_wifi_offload_default.te
@@ -0,0 +1,5 @@
+type hal_wifi_offload_default, domain;
+hal_server_domain(hal_wifi_offload_default, hal_wifi_offload)
+
+type hal_wifi_offload_default_exec, exec_type, file_type;
+init_daemon_domain(hal_wifi_offload_default)