sepolicy: Allow hal_wifi to set wlan driver status prop
The new wifi HAL manages the wlan driver and hence needs to be able to
load/unload the driver. The "wlan.driver.status" is used to indicate the
state of the driver to the rest of the system. There are .rc scripts for
example which wait for the state of this property.
Denials:
03-01 13:31:43.394 476 476 W android.hardwar: type=1400
audit(0.0:7243): avc: denied { read } for name="u:object_r:wifi_prop:s0"
dev="tmpfs" ino=10578 scontext=u:r:hal_wifi_default:s0
tcontext=u:object_r:wifi_prop:s0 tclass=file permissive=0
03-01 13:31:43.399 476 476 E libc : Access denied finding
property "wlan.driver.status"
Bug: 35765841
Test: Denials no longer seen
Change-Id: I502494af7140864934038ef51cb0326ba3902c63
diff --git a/private/system_server.te b/private/system_server.te
index 0ad5d99..892d522 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -399,7 +399,6 @@
set_prop(system_server, powerctl_prop)
set_prop(system_server, fingerprint_prop)
set_prop(system_server, device_logging_prop)
-set_prop(system_server, wifi_prop)
set_prop(system_server, dumpstate_options_prop)
set_prop(system_server, overlay_prop)
userdebug_or_eng(`set_prop(system_server, wifi_log_prop)')
diff --git a/public/hal_wifi.te b/public/hal_wifi.te
index edd30fb..e06d8f9 100644
--- a/public/hal_wifi.te
+++ b/public/hal_wifi.te
@@ -5,6 +5,8 @@
r_dir_file(hal_wifi, proc_net)
r_dir_file(hal_wifi, sysfs_type)
+set_prop(hal_wifi, wifi_prop)
+
# allow hal wifi set interfaces up and down
allow hal_wifi self:udp_socket create_socket_perms;
allowxperm hal_wifi self:udp_socket ioctl { SIOCSIFFLAGS };