From 867e398d54c290c3870bb9bca07676d57b99687d Mon Sep 17 00:00:00 2001
From: Stephen Smalley <sds@tycho.nsa.gov>
Date: Wed, 12 Mar 2014 16:30:47 -0400
Subject: [PATCH] Allow wpa to perform binder IPC to keystore.

Addresses denials such as:
 avc:  denied  { call } for  pid=2275 comm="wpa_supplicant" scontext=u:r:wpa:s0 tcontext=u:r:servicemanager:s0 tclass=binder

Change-Id: I8ab148046dd06f56630a2876db787b293e14c0ae
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
---
 wpa.te | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/wpa.te b/wpa.te
index 5961f981f..ceabf6d5f 100644
--- a/wpa.te
+++ b/wpa.te
@@ -17,6 +17,9 @@ allow wpa wifi_data_file:file create_file_perms;
 unix_socket_send(wpa, system_wpa, system_server)
 allow wpa random_device:chr_file r_file_perms;
 
+binder_use(wpa)
+binder_call(wpa, keystore)
+
 # Create a socket for receiving info from wpa
 type_transition wpa wifi_data_file:dir wpa_socket "sockets";
 allow wpa wpa_socket:dir create_dir_perms;
-- 
GitLab