MAC Anonymization: wificond SIOCSIFHWADDR sepolicy Add sepolicy rules to grant wificond permission to use SIOCSIFHWADDR ioctl. This permission is needed to dynamically change MAC address of the device when connecting to wifi networks. Bug: 63905794 Test: Verified manually that wificond can dynamically change MAC address. Change-Id: If2c6b955b0b792f706d8438e8e2e018c0b4cfc31

commit: 72030486c686a14b278c980e5e12e8b5aefbe895 [log] [tgz]
author: Jong Wook Kim <jongwook@google.com> Mon Jan 22 20:42:12 2018 -0800
committer: Jong Wook Kim <jongwook@google.com> Mon Jan 22 20:42:12 2018 -0800
tree: 117db58855e07368b887608111aecc726d9f4f52
parent: 7724907ff423e43e5061578d896301aa81bd5bc4 [diff]
diff --git a/public/wificond.te b/public/wificond.te
index 8eeb8c8..f4990b2 100644
--- a/public/wificond.te
+++ b/public/wificond.te

@@ -13,7 +13,7 @@
 # create sockets to set interfaces up and down
 allow wificond self:udp_socket create_socket_perms;
 # setting interface state up/down is a privileged ioctl
-allowxperm wificond self:udp_socket ioctl { SIOCSIFFLAGS };
+allowxperm wificond self:udp_socket ioctl { SIOCSIFFLAGS SIOCSIFHWADDR };
 allow wificond self:global_capability_class_set { net_admin net_raw };
 # allow wificond to speak to nl80211 in the kernel
 allow wificond self:netlink_socket create_socket_perms_no_ioctl;
commit	72030486c686a14b278c980e5e12e8b5aefbe895	[log] [tgz]
author	Jong Wook Kim <jongwook@google.com>	Mon Jan 22 20:42:12 2018 -0800
committer	Jong Wook Kim <jongwook@google.com>	Mon Jan 22 20:42:12 2018 -0800
tree	117db58855e07368b887608111aecc726d9f4f52
parent	7724907ff423e43e5061578d896301aa81bd5bc4 [diff]