commit 6caeac7b47efffbd2ded12475761b607fdb262ca
author Roshan Pius <rpius@google.com> Wed Sep 28 15:12:23 2016 -0700
committer Roshan Pius <rpius@google.com> Wed Oct 26 14:52:12 2016 -0700
tree ba867e26b43d054149627c3b626f4f498167b216
parent 70591fedf5ab450908970df2a0c75163ec0d466d

wpa: Add permissions for hwbinder

Modify permissions for wpa_supplicant to use hwbinder (for HIDL),
instead of binder.

Denials:
01-15 14:31:58.573   541   541 W wpa_supplicant: type=1400
audit(0.0:10): avc: denied { call } for scontext=u:r:wpa:s0
tcontext=u:r:hwservicemanager:s0 tclass=binder permissive=0
01-15 14:31:58.573   541   541 W wpa_supplicant: type=1400
audit(0.0:11): avc: denied { call } for scontext=u:r:wpa:s0
tcontext=u:r:hwservicemanager:s0 tclass=binder permissive=0

BUG: 31365276
Test: Compiled and ensured that the selinux denials are no longer
present in logs.

Change-Id: Ifa4630edea6ec5a916b3940f9a03ef9dc6fc9af2

public/wificond.te

diff --git a/public/wificond.te b/public/wificond.te
index 82c10c1..0dd709f 100644
--- a/public/wificond.te
+++ b/public/wificond.te
@@ -4,10 +4,10 @@
 
 binder_use(wificond)
 binder_call(wificond, system_server)
-binder_call(wificond, wpa)
 
 hwbinder_use(wificond)
 binder_call(wificond, wifi_hal_legacy)
+binder_call(wificond, wpa)
 
 allow wificond wificond_service:service_manager { add find };
 

public/wpa.te

diff --git a/public/wpa.te b/public/wpa.te
index 3cb042b..863b6b9 100644
--- a/public/wpa.te
+++ b/public/wpa.te
@@ -21,10 +21,9 @@
 allow wpa wifi_data_file:file create_file_perms;
 unix_socket_send(wpa, system_wpa, system_server)
 
-# Binder interface exposed by WPA.
-binder_use(wpa)
+# HIDL interface exposed by WPA.
+hwbinder_use(wpa)
 binder_call(wpa, wificond)
-allow wpa wpa_supplicant_service:service_manager { add find };
 
 # Create a socket for receiving info from wpa
 allow wpa wpa_socket:dir create_dir_perms;