From b6a6561d0ef37ad86802ef1ceeefc59a42612435 Mon Sep 17 00:00:00 2001
From: Christopher Wiley <wiley@google.com>
Date: Thu, 30 Jun 2016 17:48:12 -0700
Subject: [PATCH] Allow wificond to mark interfaces up and down

avc: denied { create } for scontext=u:r:wificond:s0
tcontext=u:r:wificond:s0 tclass=udp_socket permissive=0

avc: denied { net_raw } for capability=13 scontext=u:r:wificond:s0
tcontext=u:r:wificond:s0 tclass=capability permissive=0

avc: denied { read } for name="psched" dev="proc" ino=4026535377
scontext=u:r:wificond:s0 tcontext=u:object_r:proc_net:s0 tclass=file
permissive=0

Test: fixes above avc denials
Bug: 29579539

Change-Id: Ie1dff80103e81cfba8064a22b5dd3e1e8f29471b
---
 wificond.te | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/wificond.te b/wificond.te
index 544c99213..acdf522ba 100644
--- a/wificond.te
+++ b/wificond.te
@@ -13,3 +13,9 @@ allow wificond wificond_service:service_manager { add find };
 allow wificond sysfs_wlan_fwpath:file w_file_perms;
 
 set_prop(wificond, wifi_prop)
+
+# create sockets to set interfaces up and down
+allow wificond self:udp_socket create_socket_perms;
+allow wificond self:capability net_raw;
+
+r_dir_file(wificond, proc_net)
-- 
GitLab