From bf18eca5ce1ead95d3ea1b39836059dcea6825a3 Mon Sep 17 00:00:00 2001
From: Christopher Wiley <wiley@google.com>
Date: Wed, 29 Jun 2016 11:28:20 -0700
Subject: [PATCH] Separate permissions to set WiFi related properties

wificond would like to be able to set WiFi related properties
without access to the rest of the system properties.  Today,
this only involves marking the driver as loaded or unloaded.

avc: denied { write } for name="property_service" dev="tmpfs" ino=10100
scontext=u:r:wificond:s0 tcontext=u:object_r:property_socket:s0
tclass=sock_file permissive=0

Bug: 29579539
Test: No avc denials related to system properties across
      various WiFi events.

Change-Id: I6d9f1de3fbef04cb7750cc3753634f9e02fdb71f
(cherry picked from commit 1ebfdd6a14fb21705664c8e144f151b39c3d73f8)
---
 property.te       | 1 +
 property_contexts | 4 +++-
 system_server.te  | 1 +
 wificond.te       | 2 ++
 4 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/property.te b/property.te
index 5075e29f7..90c291208 100644
--- a/property.te
+++ b/property.te
@@ -13,6 +13,7 @@ type system_radio_prop, property_type, core_property_type;
 type system_prop, property_type, core_property_type;
 type vold_prop, property_type, core_property_type;
 type wifi_log_prop, property_type, log_property_type;
+type wifi_prop, property_type;
 type ctl_bootanim_prop, property_type;
 type ctl_default_prop, property_type;
 type ctl_dumpstate_prop, property_type;
diff --git a/property_contexts b/property_contexts
index cd4068efe..91908312b 100644
--- a/property_contexts
+++ b/property_contexts
@@ -24,7 +24,6 @@ sys.                    u:object_r:system_prop:s0
 sys.powerctl            u:object_r:powerctl_prop:s0
 sys.usb.ffs.            u:object_r:ffs_prop:s0
 service.                u:object_r:system_prop:s0
-wlan.                   u:object_r:system_prop:s0
 dhcp.                   u:object_r:dhcp_prop:s0
 dhcp.bt-pan.result      u:object_r:pan_result_prop:s0
 bluetooth.              u:object_r:bluetooth_prop:s0
@@ -95,3 +94,6 @@ config.                 u:object_r:config_prop:s0
 ro.config.              u:object_r:config_prop:s0
 dalvik.                 u:object_r:dalvik_prop:s0
 ro.dalvik.              u:object_r:dalvik_prop:s0
+
+# Shared between system server and wificond
+wlan.                   u:object_r:wifi_prop:s0
diff --git a/system_server.te b/system_server.te
index 88814ec5b..c80a2a47d 100644
--- a/system_server.te
+++ b/system_server.te
@@ -341,6 +341,7 @@ set_prop(system_server, debug_prop)
 set_prop(system_server, powerctl_prop)
 set_prop(system_server, fingerprint_prop)
 set_prop(system_server, device_logging_prop)
+set_prop(system_server, wifi_prop)
 userdebug_or_eng(`set_prop(system_server, wifi_log_prop)')
 
 # ctl interface
diff --git a/wificond.te b/wificond.te
index 2f100dbae..544c99213 100644
--- a/wificond.te
+++ b/wificond.te
@@ -11,3 +11,5 @@ binder_call(wificond, wpa)
 allow wificond wificond_service:service_manager { add find };
 
 allow wificond sysfs_wlan_fwpath:file w_file_perms;
+
+set_prop(wificond, wifi_prop)
-- 
GitLab