From 7d13dd806f37523ba8164325fef9b000d6eacd7c Mon Sep 17 00:00:00 2001
From: Christopher Wiley <wiley@google.com>
Date: Thu, 30 Jun 2016 14:23:12 -0700
Subject: [PATCH] Define explicit label for wlan sysfs fwpath

avc: denied { write } for name="fwpath" dev="sysfs" ino=6863
scontext=u:r:wificond:s0 tcontext=u:object_r:sysfs_wlan_fwpath:s0
tclass=file permissive=0

Test: wificond and netd can write to this path, wifi works
Test: `runtest frameworks-wifi` passes

Bug: 29579539

Change-Id: Ia21c654b00b09b9fe3e50d564b82966c9c8e6994
---
 file.te       | 2 ++
 file_contexts | 1 +
 netd.te       | 7 +++++--
 wificond.te   | 2 ++
 4 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/file.te b/file.te
index 086f2a87c..722ccac0d 100644
--- a/file.te
+++ b/file.te
@@ -35,6 +35,8 @@ type configfs, fs_type;
 type sysfs_devices_system_cpu, fs_type, sysfs_type;
 # /sys/module/lowmemorykiller
 type sysfs_lowmemorykiller, fs_type, sysfs_type;
+# /sys/module/wlan/parameters/fwpath
+type sysfs_wlan_fwpath, fs_type, sysfs_type;
 
 type sysfs_thermal, sysfs_type, fs_type;
 
diff --git a/file_contexts b/file_contexts
index 2446587d4..4d5eea911 100644
--- a/file_contexts
+++ b/file_contexts
@@ -373,6 +373,7 @@
 /sys/power/wake_unlock -- u:object_r:sysfs_wake_lock:s0
 /sys/kernel/uevent_helper --	u:object_r:usermodehelper:s0
 /sys/module/lowmemorykiller(/.*)? -- u:object_r:sysfs_lowmemorykiller:s0
+/sys/module/wlan/parameters/fwpath u:object_r:sysfs_wlan_fwpath:s0
 
 #############################
 # debugfs files
diff --git a/netd.te b/netd.te
index 104baf286..7b9201c55 100644
--- a/netd.te
+++ b/netd.te
@@ -33,11 +33,14 @@ allow netd devpts:chr_file rw_file_perms;
 # For /proc/sys/net/ipv[46]/route/flush.
 allow netd proc_net:file rw_file_perms;
 
-# For /sys/modules/bcmdhd/parameters/firmware_path
-# XXX Split into its own type.
+# Enables PppController and interface enumeration (among others)
 r_dir_file(netd, sysfs_type)
+# Allows setting interface MTU
 allow netd sysfs:file write;
 
+# For /sys/modules/bcmdhd/parameters/firmware_path
+allow netd sysfs_wlan_fwpath:file w_file_perms;
+
 # TODO: added to match above sysfs rule. Remove me?
 allow netd sysfs_usb:file write;
 
diff --git a/wificond.te b/wificond.te
index 0da5f380b..2f100dbae 100644
--- a/wificond.te
+++ b/wificond.te
@@ -9,3 +9,5 @@ binder_call(wificond, system_server)
 binder_call(wificond, wpa)
 
 allow wificond wificond_service:service_manager { add find };
+
+allow wificond sysfs_wlan_fwpath:file w_file_perms;
-- 
GitLab