From 72030486c686a14b278c980e5e12e8b5aefbe895 Mon Sep 17 00:00:00 2001
From: Jong Wook Kim <jongwook@google.com>
Date: Mon, 22 Jan 2018 20:42:12 -0800
Subject: [PATCH] MAC Anonymization: wificond SIOCSIFHWADDR sepolicy

Add sepolicy rules to grant wificond permission to use SIOCSIFHWADDR
ioctl. This permission is needed to dynamically change MAC address of
the device when connecting to wifi networks.

Bug: 63905794
Test: Verified manually that wificond can dynamically change MAC
address.

Change-Id: If2c6b955b0b792f706d8438e8e2e018c0b4cfc31
---
 public/wificond.te | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/public/wificond.te b/public/wificond.te
index 8eeb8c8f9..f4990b2d5 100644
--- a/public/wificond.te
+++ b/public/wificond.te
@@ -13,7 +13,7 @@ set_prop(wificond, ctl_default_prop)
 # create sockets to set interfaces up and down
 allow wificond self:udp_socket create_socket_perms;
 # setting interface state up/down is a privileged ioctl
-allowxperm wificond self:udp_socket ioctl { SIOCSIFFLAGS };
+allowxperm wificond self:udp_socket ioctl { SIOCSIFFLAGS SIOCSIFHWADDR };
 allow wificond self:global_capability_class_set { net_admin net_raw };
 # allow wificond to speak to nl80211 in the kernel
 allow wificond self:netlink_socket create_socket_perms_no_ioctl;
-- 
GitLab