Revert "wifi_stack: Move to network_stack process"
This reverts commit 1086c7d71d7f614addf36c3923fc5ce96da2cdde.
Reason for revert: Wifi services no longer plan to be a separate
APK/process for mainline. Will instead become a jar loaded from Apex.
Bug: 144722612
Test: Device boots up & connects to wifi networks
Change-Id: I69ccc6afbe15db88f516cdc64e13d8cfdb0c743c
diff --git a/private/compat/29.0/29.0.ignore.cil b/private/compat/29.0/29.0.ignore.cil
index 739940b..1fe8894 100644
--- a/private/compat/29.0/29.0.ignore.cil
+++ b/private/compat/29.0/29.0.ignore.cil
@@ -41,4 +41,6 @@
vendor_install_recovery
vendor_install_recovery_exec
virtual_ab_prop
- wifi_stack_service))
+ wifi_stack
+ wifi_stack_service
+ wifi_stack_tmpfs))
diff --git a/private/logd.te b/private/logd.te
index f24cb80..a9c65b0 100644
--- a/private/logd.te
+++ b/private/logd.te
@@ -35,5 +35,5 @@
-shell
userdebug_or_eng(`-su')
-system_app
- -network_stack
+ -wifi_stack
} runtime_event_log_tags_file:file no_rw_file_perms;
diff --git a/private/network_stack.te b/private/network_stack.te
index 583784f..28ce710 100644
--- a/private/network_stack.te
+++ b/private/network_stack.te
@@ -1,4 +1,4 @@
-############### Networking service app - NetworkStack.apk ##############
+# Networking service app
typeattribute network_stack coredomain;
app_domain(network_stack);
@@ -29,43 +29,5 @@
binder_call(network_stack, netd);
-############### Wifi Service app - WifiStack.apk ##############
-# Data file accesses.
-# Manage /data/misc/wifi & /data/misc_ce/<user_id>/wifi.
-allow network_stack wifi_data_file:dir create_dir_perms;
-allow network_stack wifi_data_file:file create_file_perms;
-
-# Property accesses
-userdebug_or_eng(`
- set_prop(network_stack, wifi_log_prop)
-
- # Allow network_stack to read dmesg
- # TODO(b/137085509): Remove this.
- allow network_stack kernel:system syslog_read;
-')
-
-# Binder IPC.
-allow network_stack network_score_service:service_manager find;
-allow network_stack network_stack_service:service_manager find;
-allow network_stack radio_service:service_manager find;
-allow network_stack wificond_service:service_manager find;
-allow network_stack wifiscanner_service:service_manager find;
-binder_call(network_stack, system_server)
-binder_call(network_stack, wificond)
-
-# HwBinder IPC.
-hal_client_domain(network_stack, hal_wifi)
-hal_client_domain(network_stack, hal_wifi_hostapd)
-hal_client_domain(network_stack, hal_wifi_supplicant)
-
-# Allow WifiService to start, stop, and read wifi-specific trace events.
-allow network_stack debugfs_tracing_instances:dir search;
-allow network_stack debugfs_wifi_tracing:dir search;
-allow network_stack debugfs_wifi_tracing:file rw_file_perms;
-
-# dumpstate support
-allow network_stack dumpstate:fd use;
-allow network_stack dumpstate:fifo_file write;
-
# Create/use netlink_tcpdiag_socket to get tcp info
allow network_stack self:netlink_tcpdiag_socket { create_socket_perms_no_ioctl nlmsg_read nlmsg_write };
diff --git a/private/seapp_contexts b/private/seapp_contexts
index 17c22e1..c4b0e6f 100644
--- a/private/seapp_contexts
+++ b/private/seapp_contexts
@@ -144,7 +144,9 @@
user=_app seinfo=platform name=com.android.traceur domain=traceur_app type=app_data_file levelFrom=all
user=system seinfo=platform domain=system_app type=system_app_data_file
user=bluetooth seinfo=platform domain=bluetooth type=bluetooth_data_file
-user=network_stack seinfo=network_stack domain=network_stack type=radio_data_file
+# TODO (b/135691051): wifi stack is temporarily a separate process. Will merge to network_stack once non-formal API dependencies are fixed.
+user=network_stack seinfo=network_stack name=com.android.server.wifistack domain=wifi_stack
+user=network_stack seinfo=network_stack domain=network_stack levelFrom=all type=radio_data_file
user=nfc seinfo=platform domain=nfc type=nfc_data_file
user=secure_element seinfo=platform domain=secure_element levelFrom=all
user=radio seinfo=platform domain=radio type=radio_data_file
diff --git a/private/wifi_stack.te b/private/wifi_stack.te
new file mode 100644
index 0000000..1f19faa
--- /dev/null
+++ b/private/wifi_stack.te
@@ -0,0 +1,56 @@
+# Wifi Stack Mandatory
+typeattribute wifi_stack coredomain;
+
+app_domain(wifi_stack)
+net_domain(wifi_stack)
+
+# Data file accesses.
+# Manage /data/misc/wifi.
+allow wifi_stack wifi_data_file:dir create_dir_perms;
+allow wifi_stack wifi_data_file:file create_file_perms;
+allow wifi_stack radio_data_file:dir search;
+
+# Property accesses
+userdebug_or_eng(`
+ set_prop(wifi_stack, wifi_log_prop)
+
+ # Allow wifi_stack to read dmesg
+ # TODO(b/137085509): Remove this.
+ allow wifi_stack kernel:system syslog_read;
+')
+
+# ctl interface
+
+# Perform Binder IPC.
+binder_use(wifi_stack)
+allow wifi_stack app_api_service:service_manager find;
+allow wifi_stack network_score_service:service_manager find;
+allow wifi_stack netd_service:service_manager find;
+allow wifi_stack network_stack_service:service_manager find;
+allow wifi_stack radio_service:service_manager find;
+allow wifi_stack wificond_service:service_manager find;
+allow wifi_stack wifiscanner_service:service_manager find;
+binder_call(wifi_stack, system_server)
+binder_call(wifi_stack, wificond)
+binder_call(wifi_stack, network_stack)
+
+# Perform HwBinder IPC.
+hwbinder_use(wifi_stack)
+hal_client_domain(wifi_stack, hal_wifi)
+hal_client_domain(wifi_stack, hal_wifi_hostapd)
+hal_client_domain(wifi_stack, hal_wifi_supplicant)
+
+# Allow WifiService to start, stop, and read wifi-specific trace events.
+allow wifi_stack debugfs_tracing_instances:dir search;
+allow wifi_stack debugfs_wifi_tracing:dir search;
+allow wifi_stack debugfs_wifi_tracing:file rw_file_perms;
+
+# Connectivity
+allow wifi_stack self:capability { net_bind_service net_admin net_raw };
+allow wifi_stack self:packet_socket create_socket_perms_no_ioctl;
+allow wifi_stack self:netlink_route_socket nlmsg_write;
+allowxperm wifi_stack self:udp_socket ioctl priv_sock_ioctls;
+
+# dumpstate support
+allow wifi_stack dumpstate:fd use;
+allow wifi_stack dumpstate:fifo_file write;