From d6d16489f2304b7e9f9e7e94b1db247e01bbdb8b Mon Sep 17 00:00:00 2001
From: Jong Wook Kim <jongwook@google.com>
Date: Fri, 16 Mar 2018 16:24:00 -0700
Subject: [PATCH] Wifi HAL SIOCSIFHWADDR sepolicy

Add sepolicy rule to grant Wifi HAL permission to use SIOCSIFHWADDR
ioctl. This permission is needed to dynamically change MAC address of
the device.

We are moving the implementation of setting the MAC address from
WifiCond to Vendor HAL to give vendors flexibility in supporting
Connected MAC Randomization. Will clean up WifiCond sepolicy afterwards.

Bug: 74347653
Test: Verified manually
Change-Id: I334cefddf385ecb1ee169eb692c4e0060c26d6d9
---
 public/hal_wifi.te | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/public/hal_wifi.te b/public/hal_wifi.te
index b8693fb3a..78823d002 100644
--- a/public/hal_wifi.te
+++ b/public/hal_wifi.te
@@ -12,7 +12,7 @@ set_prop(hal_wifi, wifi_prop)
 
 # allow hal wifi set interfaces up and down
 allow hal_wifi self:udp_socket create_socket_perms;
-allowxperm hal_wifi self:udp_socket ioctl { SIOCSIFFLAGS };
+allowxperm hal_wifi self:udp_socket ioctl { SIOCSIFFLAGS SIOCSIFHWADDR };
 
 allow hal_wifi self:global_capability_class_set { net_admin net_raw };
 # allow hal_wifi to speak to nl80211 in the kernel
-- 
GitLab