commit 6ad3c891bc0c97d2a54f51c27a8158b588ade7b1
author xshu <xshu@google.com> Fri Dec 15 14:01:44 2017 -0800
committer xshu <xshu@google.com> Mon Dec 18 13:11:02 2017 -0800
tree c8bfbe271c02ac2db28c0120349eedecfd24cf9e
parent d496ea7a61fafc7d473f91a79a5e351373e29b98

Wifi hal - Firmware dump permissions

we are aiming to improve logging performance by having wifi hal
directly write to the flash.

Wifi hal need to be able to create, write, and delete files in
a directory. This will be restricted to userdebug and eng builds only.

Bug: 70170285
Test: compile, run on device
Change-Id: Id0cd317411f4c393d7529aa31b501046d7350edb

private/compat/26.0/26.0.ignore.cil

diff --git a/private/compat/26.0/26.0.ignore.cil b/private/compat/26.0/26.0.ignore.cil
index 927296d..5616527 100644
--- a/private/compat/26.0/26.0.ignore.cil
+++ b/private/compat/26.0/26.0.ignore.cil
@@ -40,6 +40,7 @@
     thermalserviced_tmpfs
     timezone_service
     tombstoned_java_trace_socket
+    tombstone_wifi_data_file
     update_engine_log_data_file
     vendor_init
     vold_prepare_subdirs

private/file_contexts

diff --git a/private/file_contexts b/private/file_contexts
index ad6a922..f4e5bd9 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -349,6 +349,7 @@
 /data/app-private(/.*)?               u:object_r:apk_private_data_file:s0
 /data/app-private/vmdl.*\.tmp(/.*)?   u:object_r:apk_private_tmp_file:s0
 /data/tombstones(/.*)?	u:object_r:tombstone_data_file:s0
+/data/vendor/tombstones/wifi(/.*)? u:object_r:tombstone_wifi_data_file:s0
 /data/local/tmp(/.*)?	u:object_r:shell_data_file:s0
 /data/media(/.*)?	u:object_r:media_rw_data_file:s0
 /data/mediadrm(/.*)?	u:object_r:media_data_file:s0

public/file.te

diff --git a/public/file.te b/public/file.te
index 339f57d..81bb1f1 100644
--- a/public/file.te
+++ b/public/file.te
@@ -163,6 +163,8 @@
 type anr_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
 # /data/tombstones - core dumps
 type tombstone_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
+# /data/vendor/tombstones/wifi - vendor wifi dumps
+type tombstone_wifi_data_file, file_type, data_file_type;
 # /data/app - user-installed apps
 type apk_data_file, file_type, data_file_type, core_data_file_type;
 type apk_tmp_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;

public/hal_wifi.te

diff --git a/public/hal_wifi.te b/public/hal_wifi.te
index ac8a0d9..b8693fb 100644
--- a/public/hal_wifi.te
+++ b/public/hal_wifi.te
@@ -23,3 +23,9 @@
 allow hal_wifi sysfs_wlan_fwpath:file { w_file_perms };
 # allow hal_wifi to access /proc/modules to check if Wi-Fi driver is loaded
 allow hal_wifi proc_modules:file { getattr open read };
+
+# allow hal_wifi to write into /data/vendor/tombstones/wifi
+userdebug_or_eng(`
+  allow hal_wifi_server tombstone_wifi_data_file:dir rw_dir_perms;
+  allow hal_wifi_server tombstone_wifi_data_file:file create_file_perms;
+')