Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_sepolicy / bf18eca5ce1ead95d3ea1b39836059dcea6825a3^! / .
commitbf18eca5ce1ead95d3ea1b39836059dcea6825a3[log] [tgz]
authorChristopher Wiley <wiley@google.com>Wed Jun 29 11:28:20 2016 -0700
committerMitchell Wills <mwills@google.com>Fri Aug 26 13:15:52 2016 -0700
tree647ad8997162e9bf98e549874783f04018551030
parent97db27d8c535b8ffc704c62f2c0b65e57001649b [diff]
Separate permissions to set WiFi related properties

wificond would like to be able to set WiFi related properties
without access to the rest of the system properties.  Today,
this only involves marking the driver as loaded or unloaded.

avc: denied { write } for name="property_service" dev="tmpfs" ino=10100
scontext=u:r:wificond:s0 tcontext=u:object_r:property_socket:s0
tclass=sock_file permissive=0

Bug: 29579539
Test: No avc denials related to system properties across
      various WiFi events.

Change-Id: I6d9f1de3fbef04cb7750cc3753634f9e02fdb71f
(cherry picked from commit 1ebfdd6a14fb21705664c8e144f151b39c3d73f8)

diff --git a/property.te b/property.te
index 5075e29..90c2912 100644
--- a/property.te
+++ b/property.te

@@ -13,6 +13,7 @@
 type system_prop, property_type, core_property_type;
 type vold_prop, property_type, core_property_type;
 type wifi_log_prop, property_type, log_property_type;
+type wifi_prop, property_type;
 type ctl_bootanim_prop, property_type;
 type ctl_default_prop, property_type;
 type ctl_dumpstate_prop, property_type;

diff --git a/property_contexts b/property_contexts
index cd4068e..9190831 100644
--- a/property_contexts
+++ b/property_contexts

@@ -24,7 +24,6 @@
 sys.powerctl            u:object_r:powerctl_prop:s0
 sys.usb.ffs.            u:object_r:ffs_prop:s0
 service.                u:object_r:system_prop:s0
-wlan.                   u:object_r:system_prop:s0
 dhcp.                   u:object_r:dhcp_prop:s0
 dhcp.bt-pan.result      u:object_r:pan_result_prop:s0
 bluetooth.              u:object_r:bluetooth_prop:s0
@@ -95,3 +94,6 @@
 ro.config.              u:object_r:config_prop:s0
 dalvik.                 u:object_r:dalvik_prop:s0
 ro.dalvik.              u:object_r:dalvik_prop:s0
+
+# Shared between system server and wificond
+wlan.                   u:object_r:wifi_prop:s0

diff --git a/system_server.te b/system_server.te
index 88814ec..c80a2a4 100644
--- a/system_server.te
+++ b/system_server.te

@@ -341,6 +341,7 @@
 set_prop(system_server, powerctl_prop)
 set_prop(system_server, fingerprint_prop)
 set_prop(system_server, device_logging_prop)
+set_prop(system_server, wifi_prop)
 userdebug_or_eng(`set_prop(system_server, wifi_log_prop)')
 
 # ctl interface

diff --git a/wificond.te b/wificond.te
index 2f100db..544c992 100644
--- a/wificond.te
+++ b/wificond.te

@@ -11,3 +11,5 @@
 allow wificond wificond_service:service_manager { add find };
 
 allow wificond sysfs_wlan_fwpath:file w_file_perms;
+
+set_prop(wificond, wifi_prop)