From da35cbcc9a233f505503159eabda32b72059f65d Mon Sep 17 00:00:00 2001
From: Christopher Wiley <wiley@google.com>
Date: Thu, 21 Jul 2016 09:12:28 -0700
Subject: [PATCH] Allow wificond to write wifi component config files

We need the ability to set file permissions, create files, write
files, chown files.

Test: integration tests that start/stop hostapd and write its config
      file via wificond pass without SELinux denials.
Bug: 30040724

Change-Id: Iee15fb36a6a4a89009d4b45281060379d70cd53c
(cherry picked from commit f83da1421b38b021d9c0b829e791c84a1c6d9e1e)
---
 wificond.te | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/wificond.te b/wificond.te
index f17d743b5..d7a54b396 100644
--- a/wificond.te
+++ b/wificond.te
@@ -20,3 +20,11 @@ allow wificond self:capability { net_admin net_raw };
 allow wificond self:netlink_socket create_socket_perms;
 
 r_dir_file(wificond, proc_net)
+
+# wificond writes out configuration files for wpa_supplicant/hostapd.
+allow wificond wifi_data_file:dir rw_dir_perms;
+allow wificond wifi_data_file:file create_file_perms;
+# TODO: Remove fowner when wificond runs as the wifi user b/29870863
+#       We need this today, because we need to chmod hostapd/supplicant
+#       files, which are owned by system or wifi (not wificond's root).
+allow wificond self:capability { chown fowner };
-- 
GitLab