commit 97db27d8c535b8ffc704c62f2c0b65e57001649b
author Christopher Wiley <wiley@google.com> Thu Jun 30 14:23:12 2016 -0700
committer Mitchell Wills <mwills@google.com> Fri Aug 26 13:15:41 2016 -0700
tree d4fcdc10651e7db9a21af3ef982932a06b3c79ee
parent 7c539b1c968724de92d5a5070540fd4051eac67a

Define explicit label for wlan sysfs fwpath

avc: denied { write } for name="fwpath" dev="sysfs" ino=6863
scontext=u:r:wificond:s0 tcontext=u:object_r:sysfs_wlan_fwpath:s0
tclass=file permissive=0

Test: wificond and netd can write to this path, wifi works
Test: `runtest frameworks-wifi` passes

Bug: 29579539

Change-Id: Ia21c654b00b09b9fe3e50d564b82966c9c8e6994
(cherry picked from commit 7d13dd806f37523ba8164325fef9b000d6eacd7c)

file.te

diff --git a/file.te b/file.te
index 235ac77..693d513 100644
--- a/file.te
+++ b/file.te
@@ -39,6 +39,8 @@
 type sysfs_devices_system_cpu, fs_type, sysfs_type;
 # /sys/module/lowmemorykiller
 type sysfs_lowmemorykiller, fs_type, sysfs_type;
+# /sys/module/wlan/parameters/fwpath
+type sysfs_wlan_fwpath, fs_type, sysfs_type;
 
 type sysfs_thermal, sysfs_type, fs_type;
 

file_contexts

diff --git a/file_contexts b/file_contexts
index 5eec761..7d55abe 100644
--- a/file_contexts
+++ b/file_contexts
@@ -369,6 +369,7 @@
 /sys/power/wake_unlock -- u:object_r:sysfs_wake_lock:s0
 /sys/kernel/uevent_helper --	u:object_r:usermodehelper:s0
 /sys/module/lowmemorykiller(/.*)? -- u:object_r:sysfs_lowmemorykiller:s0
+/sys/module/wlan/parameters/fwpath u:object_r:sysfs_wlan_fwpath:s0
 
 #############################
 # debugfs files

netd.te

diff --git a/netd.te b/netd.te
index 9b44e4b..98da012 100644
--- a/netd.te
+++ b/netd.te
@@ -28,10 +28,14 @@
 # For /proc/sys/net/ipv[46]/route/flush.
 allow netd proc_net:file write;
 
-# For /sys/modules/bcmdhd/parameters/firmware_path
-# XXX Split into its own type.
+# Enables PppController and interface enumeration (among others)
+r_dir_file(netd, sysfs_type)
+# Allows setting interface MTU
 allow netd sysfs:file write;
 
+# For /sys/modules/bcmdhd/parameters/firmware_path
+allow netd sysfs_wlan_fwpath:file w_file_perms;
+
 # TODO: added to match above sysfs rule. Remove me?
 allow netd sysfs_usb:file write;
 

wificond.te

diff --git a/wificond.te b/wificond.te
index 0da5f38..2f100db 100644
--- a/wificond.te
+++ b/wificond.te
@@ -9,3 +9,5 @@
 binder_call(wificond, wpa)
 
 allow wificond wificond_service:service_manager { add find };
+
+allow wificond sysfs_wlan_fwpath:file w_file_perms;