From c50bf17d4f4ae4615c9f189236f593db5ff21180 Mon Sep 17 00:00:00 2001
From: Robert Craig <rpcraig@tycho.ncsc.mil>
Date: Wed, 8 Jan 2014 08:15:04 -0500
Subject: [PATCH] Address new system server denial.

Allow system_server to unlink sockets created
by the wpa supplicant. This will resolve the following
denial seen across mutliple devices.

  avc:  denied  { unlink } for  pid=584 comm="WifiStateMachin" name="wlan0" dev=mmcblk0p10 ino=138762 scontext=u:r:system_server:s0 tcontext=u:object_r:wpa_socket:s0 tclass=sock_file

Change-Id: If3a8b1f270dfcd3dc6838eb8ac72e3d5004cc36d
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>
---
 system_server.te | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/system_server.te b/system_server.te
index 09e6ec5d8..37d4cc632 100644
--- a/system_server.te
+++ b/system_server.te
@@ -174,6 +174,9 @@ allow system_server ctl_default_prop:property_service set;
 type_transition system_server wifi_data_file:sock_file system_wpa_socket;
 allow system_server system_wpa_socket:sock_file create_file_perms;
 
+# Remove sockets created by wpa_supplicant
+allow system_server wpa_socket:sock_file unlink;
+
 # Create a socket for connections from debuggerd.
 type_transition system_server system_data_file:sock_file system_ndebug_socket "ndebugsocket";
 allow system_server system_ndebug_socket:sock_file create_file_perms;
-- 
GitLab