From 4eb63113eefa59e1c550155d4127680c33a3028b Mon Sep 17 00:00:00 2001
From: Stephen Smalley <sds@tycho.nsa.gov>
Date: Wed, 12 Mar 2014 16:30:47 -0400
Subject: [PATCH] Allow wpa to perform binder IPC to keystore.

Addresses denials such as:
 avc:  denied  { call } for  pid=2275 comm="wpa_supplicant" scontext=u:r:wpa:s0 tcontext=u:r:servicemanager:s0 tclass=binder

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

(cherry picked from commit 867e398d54c290c3870bb9bca07676d57b99687d)

Change-Id: Ie941b07e351bf89aa0afd5ee88cd01f6da5e6788
---
 wpa_supplicant.te | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/wpa_supplicant.te b/wpa_supplicant.te
index 1ebf55602..2f51ff322 100644
--- a/wpa_supplicant.te
+++ b/wpa_supplicant.te
@@ -15,6 +15,9 @@ allow wpa wifi_data_file:file create_file_perms;
 unix_socket_send(wpa, system_wpa, system_server)
 allow wpa random_device:chr_file r_file_perms;
 
+binder_use(wpa)
+binder_call(wpa, keystore)
+
 # Create a socket for receiving info from wpa
 type_transition wpa wifi_data_file:sock_file wpa_socket;
 allow wpa wpa_socket:dir { rw_dir_perms setattr };
-- 
GitLab