Merge "Add selinux policy for legacy Wifi HAL" am: 10960aec

am: 3acba6df

Change-Id: I47d52553a72930b13890dfbc32b192af4ca3fde3

file_contexts

@@ -215,6 +215,8 @@
 /system/bin/idmap u:object_r:idmap_exec:s0
 /system/bin/update_engine        u:object_r:update_engine_exec:s0
 /system/bin/bspatch              u:object_r:update_engine_exec:s0
+/system/bin/hw/wifi_hal_legacy   u:object_r:wifi_hal_legacy_exec:s0
+
 
 #############################
 # Vendor files

wifi_hal_legacy.te

+# wifi legacy hal
+type wifi_hal_legacy, domain;
+type wifi_hal_legacy_exec, exec_type, file_type;
+
+# may be started by init
+init_daemon_domain(wifi_hal_legacy)
+
+## hwbinder access
+hwbinder_use(wifi_hal_legacy)
+
+## call into wificond process (callbacks)
+binder_call(wifi_hal_legacy, wificond)
+
+r_dir_file(wifi_hal_legacy, proc_net)
+r_dir_file(wifi_hal_legacy, sysfs_type)
+
+allow wifi_hal_legacy self:udp_socket create_socket_perms;
+allow wifi_hal_legacy self:capability { net_admin net_raw };
+# allow wifi_hal_legacy to speak to nl80211 in the kernel
+allow wifi_hal_legacy self:netlink_socket create_socket_perms_no_ioctl;
+# newer kernels (e.g. 4.4 but not 4.1) have a new class for sockets
+allow wifi_hal_legacy self:netlink_generic_socket create_socket_perms_no_ioctl;

wificond.te

@@ -8,6 +8,9 @@ binder_use(wificond)
 binder_call(wificond, system_server)
 binder_call(wificond, wpa)
 
+hwbinder_use(wificond)
+binder_call(wificond, wifi_hal_legacy)
+
 allow wificond wificond_service:service_manager { add find };
 
 # wificond writes firmware paths to this file.