sepolicy: Make wpa_supplicant a HIDL service
Note: The existing rules allowing socket communication will be removed
once we migrate over to HIDL completely.
(cherry-pick of 2a9595ede2c9a224686e619c2ee5c976dd324ac0)
Bug: 34603782
Test: Able to connect to wifi networks.
Test: Will be sending for full wifi integration tests
(go/wifi-test-request)
Change-Id: I9ee238fd0017ec330f6eb67ef9049211f7bd4615
diff --git a/vendor/file_contexts b/vendor/file_contexts
index f51c5b5..98317e3 100644
--- a/vendor/file_contexts
+++ b/vendor/file_contexts
@@ -28,3 +28,4 @@
/(vendor|system/vendor)/bin/hw/android\.hardware\.vibrator@1\.0-service u:object_r:hal_vibrator_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.vr@1\.0-service u:object_r:hal_vr_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.wifi@1\.0-service u:object_r:hal_wifi_default_exec:s0
+/(vendor|system/vendor)/bin/hw/wpa_supplicant u:object_r:hal_wifi_supplicant_default_exec:s0
diff --git a/vendor/hal_wifi_supplicant_default.te b/vendor/hal_wifi_supplicant_default.te
new file mode 100644
index 0000000..3bde9ec
--- /dev/null
+++ b/vendor/hal_wifi_supplicant_default.te
@@ -0,0 +1,9 @@
+# wpa supplicant or equivalent
+type hal_wifi_supplicant_default, domain;
+hal_server_domain(hal_wifi_supplicant_default, hal_wifi_supplicant)
+type hal_wifi_supplicant_default_exec, exec_type, file_type;
+init_daemon_domain(hal_wifi_supplicant_default)
+
+net_domain(hal_wifi_supplicant_default)
+# Create a socket for receiving info from wpa
+type_transition hal_wifi_supplicant_default wifi_data_file:dir wpa_socket "sockets";