From 9d8edcae28de4615449e72067116630ad6628153 Mon Sep 17 00:00:00 2001
From: William Roberts <william.c.roberts@intel.com>
Date: Fri, 20 Jan 2017 08:34:04 -0800
Subject: [PATCH] wificond_service: drop system_service typeattribute

wificond_service is not a system_server service, so drop the
typeattribute.

Provide find permission for system_server so it can still call
wificond.

Test: compile and run on emulator. Also check built policy to verify
the permissions changes are as expected. system_server should have lost
the add permissions on wificond_service. Most importantly this needs
to be tested on a device with wificond.

Change-Id: I6dd655a5ac1dbfef809b8759a86429557a7c1207
Signed-off-by: William Roberts <william.c.roberts@intel.com>
---
 public/service.te       | 2 +-
 public/system_server.te | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/public/service.te b/public/service.te
index 1b65b5aaf..858f0b0fc 100644
--- a/public/service.te
+++ b/public/service.te
@@ -133,7 +133,7 @@ type webviewupdate_service, app_api_service, system_server_service, service_mana
 type wifip2p_service, app_api_service, system_server_service, service_manager_type;
 type wifiscanner_service, system_api_service, system_server_service, service_manager_type;
 type wifi_service, app_api_service, system_server_service, service_manager_type;
-type wificond_service, system_server_service, service_manager_type;
+type wificond_service, service_manager_type;
 type wifiaware_service, app_api_service, system_server_service, service_manager_type;
 type window_service, system_api_service, system_server_service, service_manager_type;
 type wpa_supplicant_service, system_server_service, service_manager_type;
diff --git a/public/system_server.te b/public/system_server.te
index 207add7ae..e1c25c5ae 100644
--- a/public/system_server.te
+++ b/public/system_server.te
@@ -498,6 +498,7 @@ allow system_server nfc_service:service_manager find;
 allow system_server radio_service:service_manager find;
 allow system_server system_server_service:service_manager { add find };
 allow system_server surfaceflinger_service:service_manager find;
+allow system_server wificond_service:service_manager find;
 
 allow system_server keystore:keystore_key {
 	get_state
-- 
GitLab