Skip to content
Snippets Groups Projects
Commit da35cbcc authored by Christopher Wiley's avatar Christopher Wiley Committed by Mitchell Wills
Browse files

Allow wificond to write wifi component config files 

We need the ability to set file permissions, create files, write
files, chown files.

Test: integration tests that start/stop hostapd and write its config
      file via wificond pass without SELinux denials.
Bug: 30040724

Change-Id: Iee15fb36a6a4a89009d4b45281060379d70cd53c
(cherry picked from commit f83da142)
parent 49f86f5b
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 8 additions and 0 deletions
wificond.te
+ 8
0
View file @ da35cbcc
...@@ -20,3 +20,11 @@ allow wificond self:capability { net_admin net_raw }; ...@@ -20,3 +20,11 @@ allow wificond self:capability { net_admin net_raw };
allow wificond self:netlink_socket create_socket_perms; allow wificond self:netlink_socket create_socket_perms;
r_dir_file(wificond, proc_net) r_dir_file(wificond, proc_net)
# wificond writes out configuration files for wpa_supplicant/hostapd.
allow wificond wifi_data_file:dir rw_dir_perms;
allow wificond wifi_data_file:file create_file_perms;
# TODO: Remove fowner when wificond runs as the wifi user b/29870863
# We need this today, because we need to chmod hostapd/supplicant
# files, which are owned by system or wifi (not wificond's root).
allow wificond self:capability { chown fowner };
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment