From 6ad3c891bc0c97d2a54f51c27a8158b588ade7b1 Mon Sep 17 00:00:00 2001
From: xshu <xshu@google.com>
Date: Fri, 15 Dec 2017 14:01:44 -0800
Subject: [PATCH] Wifi hal - Firmware dump permissions

we are aiming to improve logging performance by having wifi hal
directly write to the flash.

Wifi hal need to be able to create, write, and delete files in
a directory. This will be restricted to userdebug and eng builds only.

Bug: 70170285
Test: compile, run on device
Change-Id: Id0cd317411f4c393d7529aa31b501046d7350edb
---
 private/compat/26.0/26.0.ignore.cil | 1 +
 private/file_contexts               | 1 +
 public/file.te                      | 2 ++
 public/hal_wifi.te                  | 6 ++++++
 4 files changed, 10 insertions(+)

diff --git a/private/compat/26.0/26.0.ignore.cil b/private/compat/26.0/26.0.ignore.cil
index 927296d2a..56165273d 100644
--- a/private/compat/26.0/26.0.ignore.cil
+++ b/private/compat/26.0/26.0.ignore.cil
@@ -40,6 +40,7 @@
     thermalserviced_tmpfs
     timezone_service
     tombstoned_java_trace_socket
+    tombstone_wifi_data_file
     update_engine_log_data_file
     vendor_init
     vold_prepare_subdirs
diff --git a/private/file_contexts b/private/file_contexts
index ad6a9222d..f4e5bd9d0 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -349,6 +349,7 @@
 /data/app-private(/.*)?               u:object_r:apk_private_data_file:s0
 /data/app-private/vmdl.*\.tmp(/.*)?   u:object_r:apk_private_tmp_file:s0
 /data/tombstones(/.*)?	u:object_r:tombstone_data_file:s0
+/data/vendor/tombstones/wifi(/.*)? u:object_r:tombstone_wifi_data_file:s0
 /data/local/tmp(/.*)?	u:object_r:shell_data_file:s0
 /data/media(/.*)?	u:object_r:media_rw_data_file:s0
 /data/mediadrm(/.*)?	u:object_r:media_data_file:s0
diff --git a/public/file.te b/public/file.te
index 339f57d96..81bb1f1e1 100644
--- a/public/file.te
+++ b/public/file.te
@@ -163,6 +163,8 @@ type adb_data_file, file_type, data_file_type, core_data_file_type;
 type anr_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
 # /data/tombstones - core dumps
 type tombstone_data_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
+# /data/vendor/tombstones/wifi - vendor wifi dumps
+type tombstone_wifi_data_file, file_type, data_file_type;
 # /data/app - user-installed apps
 type apk_data_file, file_type, data_file_type, core_data_file_type;
 type apk_tmp_file, file_type, data_file_type, core_data_file_type, mlstrustedobject;
diff --git a/public/hal_wifi.te b/public/hal_wifi.te
index ac8a0d9f1..b8693fb3a 100644
--- a/public/hal_wifi.te
+++ b/public/hal_wifi.te
@@ -23,3 +23,9 @@ allow hal_wifi self:netlink_generic_socket create_socket_perms_no_ioctl;
 allow hal_wifi sysfs_wlan_fwpath:file { w_file_perms };
 # allow hal_wifi to access /proc/modules to check if Wi-Fi driver is loaded
 allow hal_wifi proc_modules:file { getattr open read };
+
+# allow hal_wifi to write into /data/vendor/tombstones/wifi
+userdebug_or_eng(`
+  allow hal_wifi_server tombstone_wifi_data_file:dir rw_dir_perms;
+  allow hal_wifi_server tombstone_wifi_data_file:file create_file_perms;
+')
-- 
GitLab