sepolicy(hostapd): Add a HIDL interface for hostapd
* Note on cherry-pick: Some of the dependent changes are not in AOSP.
In order to keep hostapd running correctly in AOSP, I've modified this
change to only include policy additions.
Change sepolicy permissions to now classify hostapd as a HAL exposing
HIDL interface.
Sepolicy denial for accessing /data/vendor/misc/wifi/hostapd:
12-27 23:40:55.913 4952 4952 W hostapd : type=1400 audit(0.0:19): avc:
denied { write } for name="hostapd" dev="sda13" ino=4587601
scontext=u:r:hal_wifi_hostapd_default:s0
tcontext=u:object_r:system_data_file:s0 tclass=dir permissive=0
01-02 19:07:16.938 5791 5791 W hostapd : type=1400 audit(0.0:31): avc:
denied { search } for name="net" dev="sysfs" ino=30521
scontext=u:r:hal_wifi_hostapd_default:s0
tcontext=u:object_r:sysfs_net:s0 tclass=dir permissive=0
Bug: 36646171
Test: Device boots up and able to turn on SoftAp.
Change-Id: Ibacfcc938deab40096b54b8d0e608d53ca91b947
Merged-In: Ibacfcc938deab40096b54b8d0e608d53ca91b947
(cherry picked from commit 5bca3e860d34b3aff070a38bfd39caa74cade443)
diff --git a/private/compat/26.0/26.0.ignore.cil b/private/compat/26.0/26.0.ignore.cil
index f918b5b..d4de3b9 100644
--- a/private/compat/26.0/26.0.ignore.cil
+++ b/private/compat/26.0/26.0.ignore.cil
@@ -53,6 +53,7 @@
hal_secure_element_hwservice
hal_tetheroffload_hwservice
hal_usb_gadget_hwservice
+ hal_wifi_hostapd_hwservice
hal_wifi_offload_hwservice
incident_helper
incident_helper_exec
diff --git a/private/hwservice_contexts b/private/hwservice_contexts
index 90621a0..998bf2f 100644
--- a/private/hwservice_contexts
+++ b/private/hwservice_contexts
@@ -55,6 +55,7 @@
android.hardware.vr::IVr u:object_r:hal_vr_hwservice:s0
android.hardware.weaver::IWeaver u:object_r:hal_weaver_hwservice:s0
android.hardware.wifi::IWifi u:object_r:hal_wifi_hwservice:s0
+android.hardware.wifi.hostapd::IHostapd u:object_r:hal_wifi_hostapd_hwservice:s0
android.hardware.wifi.offload::IOffload u:object_r:hal_wifi_offload_hwservice:s0
android.hardware.wifi.supplicant::ISupplicant u:object_r:hal_wifi_supplicant_hwservice:s0
android.hidl.allocator::IAllocator u:object_r:hidl_allocator_hwservice:s0
diff --git a/private/system_server.te b/private/system_server.te
index 045acc6..8e07d3f 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -213,6 +213,7 @@
hal_client_domain(system_server, hal_vr)
hal_client_domain(system_server, hal_weaver)
hal_client_domain(system_server, hal_wifi)
+hal_client_domain(system_server, hal_wifi_hostapd)
hal_client_domain(system_server, hal_wifi_offload)
hal_client_domain(system_server, hal_wifi_supplicant)