MAC Anonymization: wificond SIOCSIFHWADDR sepolicy

Add sepolicy rules to grant wificond permission to use SIOCSIFHWADDR ioctl. This permission is needed to dynamically change MAC address of the device when connecting to wifi networks. Bug: 63905794 Test: Verified manually that wificond can dynamically change MAC address. Change-Id: If2c6b955b0b792f706d8438e8e2e018c0b4cfc31

MAC Anonymization: wificond SIOCSIFHWADDR sepolicy
72030486 · Jong Wook Kim · 7724907f · 72030486
Commit 72030486 authored 7 years ago by Jong Wook Kim
--- a/public/wificond.te
+++ b/public/wificond.te
@@ -13,7 +13,7 @@ set_prop(wificond, ctl_default_prop)
 # create sockets to set interfaces up and down
 allow wificond self:udp_socket create_socket_perms;
 # setting interface state up/down is a privileged ioctl
-allowxperm wificond self:udp_socket ioctl { SIOCSIFFLAGS };
+allowxperm wificond self:udp_socket ioctl { SIOCSIFFLAGS SIOCSIFHWADDR };
 allow wificond self:global_capability_class_set { net_admin net_raw };
 # allow wificond to speak to nl80211 in the kernel
 allow wificond self:netlink_socket create_socket_perms_no_ioctl;