From 9a29301376809be37b6ab478855466345bd7964b Mon Sep 17 00:00:00 2001
From: Po-Chien Hsueh <pchsueh@google.com>
Date: Sun, 12 Feb 2017 01:51:10 +0800
Subject: [PATCH] sepolicy: Move hostapd to vendor
Move hostapd to vendor/bin/ because it's only used by WIFI HAL.
This commit is for sepolicy corresponding changes.
Bug: 34236942
Bug: 34237659
Test: Hotspot works fine. Integration test.
Change-Id: I2ee165970a20f4015d5d62fc590d448e9acb92c1
---
private/file_contexts | 2 --
private/hostapd.te | 3 ---
public/file.te | 2 --
vendor/file.te | 2 ++
vendor/file_contexts | 8 +++++++-
{public => vendor}/hostapd.te | 1 +
6 files changed, 10 insertions(+), 8 deletions(-)
delete mode 100644 private/hostapd.te
create mode 100644 vendor/file.te
rename {public => vendor}/hostapd.te (97%)
diff --git a/private/file_contexts b/private/file_contexts
index 23b0bbe4a..54192128b 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -217,7 +217,6 @@
/system/xbin/perfprofd u:object_r:perfprofd_exec:s0
/system/bin/dnsmasq u:object_r:dnsmasq_exec:s0
/system/bin/healthd u:object_r:healthd_exec:s0
-/system/bin/hostapd u:object_r:hostapd_exec:s0
/system/bin/clatd u:object_r:clatd_exec:s0
/system/bin/lmkd u:object_r:lmkd_exec:s0
/system/bin/inputflinger u:object_r:inputflinger_exec:s0
@@ -325,7 +324,6 @@
/data/misc/wifi(/.*)? u:object_r:wifi_data_file:s0
/data/misc/wifi/sockets(/.*)? u:object_r:wpa_socket:s0
/data/misc/wifi/sockets/wpa_ctrl.* u:object_r:system_wpa_socket:s0
-/data/misc/wifi/hostapd(/.*)? u:object_r:hostapd_socket:s0
/data/misc/zoneinfo(/.*)? u:object_r:zoneinfo_data_file:s0
/data/misc/vold(/.*)? u:object_r:vold_data_file:s0
/data/misc/perfprofd(/.*)? u:object_r:perfprofd_data_file:s0
diff --git a/private/hostapd.te b/private/hostapd.te
deleted file mode 100644
index d895f2916..000000000
--- a/private/hostapd.te
+++ /dev/null
@@ -1,3 +0,0 @@
-# type_transition must be private policy the domain_trans rules could stay
-# public, but conceptually should go with this
-init_daemon_domain(hostapd)
diff --git a/public/file.te b/public/file.te
index 2936d6515..71ea3244c 100644
--- a/public/file.te
+++ b/public/file.te
@@ -246,8 +246,6 @@ type uncrypt_socket, file_type;
type vold_socket, file_type;
type webview_zygote_socket, file_type;
type wpa_socket, file_type;
-# hostapd control interface.
-type hostapd_socket, file_type;
type zygote_socket, file_type;
type sap_uim_socket, file_type;
# UART (for GPS) control proc file
diff --git a/vendor/file.te b/vendor/file.te
new file mode 100644
index 000000000..aeafb4aa6
--- /dev/null
+++ b/vendor/file.te
@@ -0,0 +1,2 @@
+# Socket types
+type hostapd_socket, file_type;
diff --git a/vendor/file_contexts b/vendor/file_contexts
index 98317e32c..40cf1f314 100644
--- a/vendor/file_contexts
+++ b/vendor/file_contexts
@@ -28,4 +28,10 @@
/(vendor|system/vendor)/bin/hw/android\.hardware\.vibrator@1\.0-service u:object_r:hal_vibrator_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.vr@1\.0-service u:object_r:hal_vr_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.wifi@1\.0-service u:object_r:hal_wifi_default_exec:s0
-/(vendor|system/vendor)/bin/hw/wpa_supplicant u:object_r:hal_wifi_supplicant_default_exec:s0
+/(vendor|system/vendor)/bin/hw/wpa_supplicant u:object_r:hal_wifi_supplicant_default_exec:s0
+/(vendor|system/vendor)/bin/hostapd u:object_r:hostapd_exec:s0
+
+#############################
+# Data files
+#
+/data/misc/wifi/hostapd(/.*)? u:object_r:hostapd_socket:s0
diff --git a/public/hostapd.te b/vendor/hostapd.te
similarity index 97%
rename from public/hostapd.te
rename to vendor/hostapd.te
index b40bdc84a..02bafaa93 100644
--- a/public/hostapd.te
+++ b/vendor/hostapd.te
@@ -2,6 +2,7 @@
type hostapd, domain;
type hostapd_exec, exec_type, file_type;
+init_daemon_domain(hostapd)
net_domain(hostapd)
allow hostapd self:capability { net_admin net_raw };
--
GitLab