Merge "Hide denial for wpa_supplicant writing to /data/misc/wifi."

am: 1356a75f Change-Id: I7572e5feff34b6778616c11f4260ee5a88c3f319

Merge "Hide denial for wpa_supplicant writing to /data/misc/wifi."
32c46c19 · Joel Galenson · android-build-merger · ab9f70ba · 1356a75f · 32c46c19
Commit 32c46c19 authored 7 years ago by Joel Galenson Committed by android-build-merger 7 years ago
--- a/vendor/hal_wifi_supplicant_default.te
+++ b/vendor/hal_wifi_supplicant_default.te
@@ -15,3 +15,11 @@ binder_call(hal_wifi_supplicant_default, wifi_keystore_service_server)
 # Write to security logs for audit.
 get_prop(hal_wifi_supplicant_default, device_logging_prop)
+# Devices upgrading to P may grant this permission in device-specific
+# policy along with the data_between_core_and_vendor_violators
+# attribute needed for an exemption.  However, devices that launch with
+# P should use /data/vendor/wifi, which is already granted in core
+# policy.  This is dontaudited here to avoid conditional
+# device-specific behavior in wpa_supplicant.
+dontaudit hal_wifi_supplicant_default wifi_data_file:dir search;