From 1d2a1476ae7907ced46ecae750879547ee75c048 Mon Sep 17 00:00:00 2001
From: Alex Klyubin <klyubin@google.com>
Date: Wed, 22 Feb 2017 15:12:19 -0800
Subject: [PATCH] Switch Wi-Fi HAL policy to _client/_server

This switches Wi-Fi HAL policy to the design which enables us to
conditionally remove unnecessary rules from domains which are clients
of Wi-Fi HAL.

Domains which are clients of Wi-Fi HAL, such as system_server domain,
are granted rules targeting hal_wifi only when the Wi-Fi HAL runs in
passthrough mode (i.e., inside the client's process). When the HAL
runs in binderized mode (i.e., in another process/domain, with clients
talking to the HAL over HwBinder IPC), rules targeting hal_wifi are
not granted to client domains.

Domains which offer a binderized implementation of Wi-Fi HAL, such as
hal_wifi_default domain, are always granted rules targeting hal_wifi.

Test: Setup Wizard (incl. adding a Google Account) completes fine with
      Wi-Fi connectivity only
Test: Toggle Wi-Fi off, on, off, on
Test: Use System UI to see list of WLANs and connect to one which does
      not require a password, and to one which requries a PSK
Test: ip6.me loads fine in Chrome over Wi-Fi
Bug: 34170079

Change-Id: I7a216a06727c88b7f2c23d529f67307e83bed17f
---
 private/system_server.te   | 2 +-
 public/attributes          | 2 ++
 public/hal_wifi.te         | 5 +++--
 vendor/hal_wifi_default.te | 2 +-
 4 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/private/system_server.te b/private/system_server.te
index a1f989935..5db68504a 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -193,7 +193,7 @@ binder_call(system_server, hal_thermal)
 binder_call(system_server, hal_usb)
 binder_call(system_server, hal_vibrator)
 binder_call(system_server, hal_vr)
-binder_call(system_server, hal_wifi)
+hal_client_domain(system_server, hal_wifi)
 binder_call(system_server, wpa)
 
 # Talk to tombstoned to get ANR traces.
diff --git a/public/attributes b/public/attributes
index 0864638dc..d418375ce 100644
--- a/public/attributes
+++ b/public/attributes
@@ -161,3 +161,5 @@ attribute hal_usb;
 attribute hal_vibrator;
 attribute hal_vr;
 attribute hal_wifi;
+attribute hal_wifi_client;
+attribute hal_wifi_server;
diff --git a/public/hal_wifi.te b/public/hal_wifi.te
index 960f1aceb..edd30fb38 100644
--- a/public/hal_wifi.te
+++ b/public/hal_wifi.te
@@ -1,5 +1,6 @@
-## call into system_server process (for invoking callbacks)
-binder_call(hal_wifi, system_server)
+# HwBinder IPC from client to server, and callbacks
+binder_call(hal_wifi_client, hal_wifi_server)
+binder_call(hal_wifi_server, hal_wifi_client)
 
 r_dir_file(hal_wifi, proc_net)
 r_dir_file(hal_wifi, sysfs_type)
diff --git a/vendor/hal_wifi_default.te b/vendor/hal_wifi_default.te
index 5946ba43f..7c3949e66 100644
--- a/vendor/hal_wifi_default.te
+++ b/vendor/hal_wifi_default.te
@@ -1,5 +1,5 @@
 type hal_wifi_default, domain;
-hal_impl_domain(hal_wifi_default, hal_wifi)
+hal_server_domain(hal_wifi_default, hal_wifi)
 
 type hal_wifi_default_exec, exec_type, file_type;
 init_daemon_domain(hal_wifi_default)
-- 
GitLab