From cd8e8d2bbb71c2e5d461a18df86e9a548aec53ff Mon Sep 17 00:00:00 2001
From: Christopher Wiley <wiley@google.com>
Date: Wed, 31 Aug 2016 17:46:42 -0700
Subject: [PATCH] Fix wificond permissions for hikey

Newer kernels apparently introduce a new SELinux label
"netlink_generic_socket".

AOSP is missing some patches for ioctl whitelisting and
it was suggested we add unpriv_socket_ioctls as a stopgap.

Bug: 31226503
Change-Id: Ie4dd499925f74747c0247e5d7ad0de0f673b5ed2
---
 wificond.te | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/wificond.te b/wificond.te
index 764b69f33..2c5fd1e99 100644
--- a/wificond.te
+++ b/wificond.te
@@ -19,11 +19,15 @@ set_prop(wificond, ctl_default_prop)
 
 # create sockets to set interfaces up and down
 allow wificond self:udp_socket create_socket_perms;
+# See discussion in b/31226503
+allowxperm wificond self:udp_socket ioctl unpriv_sock_ioctls;
 # setting interface state up/down is a privileged ioctl
 allowxperm wificond self:udp_socket ioctl { SIOCSIFFLAGS };
 allow wificond self:capability { net_admin net_raw };
 # allow wificond to speak to nl80211 in the kernel
 allow wificond self:netlink_socket create_socket_perms;
+# newer kernels (e.g. 4.4 but not 4.1) have a new class for sockets
+allow wificond self:netlink_generic_socket create_socket_perms;
 
 r_dir_file(wificond, proc_net)
 
-- 
GitLab