Allow wificond to set interfaces up and down

This is apparently a privileged ioctl. Being able to do this allows us to no longer kill hostapd with SIGTERM, since we can cleanup after hard stops. Bug: 31023120 Test: wificond unit and integration tests pass Change-Id: Icdf2469d403f420c742871f54b9fb17432805991 (cherry picked from commit ca7b04ba)

Allow wificond to set interfaces up and down
baf3cc22 · Christopher Wiley · Mitchell Wills · af6faa70 · baf3cc22
Commit baf3cc22 authored 8 years ago by Christopher Wiley Committed by Mitchell Wills 8 years ago
--- a/wificond.te
+++ b/wificond.te
@@ -17,7 +17,10 @@ set_prop(wificond, ctl_default_prop)
 # create sockets to set interfaces up and down
 allow wificond self:udp_socket create_socket_perms;
+# setting interface state up/down is a privileged ioctl
+allowxperm wificond self:udp_socket ioctl { SIOCSIFFLAGS };
 allow wificond self:capability { net_admin net_raw };
+# allow wificond to speak to nl80211 in the kernel
 allow wificond self:netlink_socket create_socket_perms;
 r_dir_file(wificond, proc_net)
@@ -31,12 +34,6 @@ allow wificond wifi_data_file:file create_file_perms;
 #       files, which are owned by system or wifi (not wificond's root).
 allow wificond self:capability { chown fowner };
-# wificond tries to gracefully kill hostapd by sending it a signal.
-# wificond checks for hostapd liveliness with signull.
-allow wificond hostapd:process { signal signull };
-# wificond needs kill to drop mad signals on hostapd.
-allow wificond self:capability kill;
 # wificond cleans up sockets created by wpa_supplicant and framework
 allow wificond wpa_socket:dir rw_dir_perms;
 allow wificond system_wpa_socket:sock_file unlink;