sepolicy(hostapd): Allow socket based control iface

Update sepolicy permission to allow hostapd to setup socket for socket based control interface. Sepolicy denial for accessing /data/vendor/wifi/hostapd/ctrl: 02-23 12:32:06.186 3068 3068 I hostapd : type=1400 audit(0.0:36): avc: denied { create } for name="ctrl" scontext=u:r:hal_wifi_hostapd_default:s0 tcontext=u:object_r:hostapd_data_file:s0 tclass=dir permissive=1 02-23 12:32:06.186 3068 3068 I hostapd : type=1400 audit(0.0:37): avc: denied { setattr } for name="ctrl" dev="sda35" ino=131410 scontext=u:r:hal_wifi_hostapd_default:s0 tcontext=u:object_r:hostapd_data_file:s0 tclass=dir permissive=1 02-23 12:32:06.190 3068 3068 I hostapd : type=1400 audit(0.0:38): avc: denied { create } for name="wlan0" scontext=u:r:hal_wifi_hostapd_default:s0 tcontext=u:object_r:hostapd_data_file:s0 tclass=sock_file permissive=1 02-23 12:32:06.190 3068 3068 I hostapd : type=1400 audit(0.0:39): avc: denied { setattr } for name="wlan0" dev="sda35" ino=131411 scontext=u:r:hal_wifi_hostapd_default:s0 tcontext=u:object_r:hostapd_data_file:s0 tclass=sock_file permissive=1 Bug: 73419160 Test: Manual check that softAp works Change-Id: I2e733e168feceeab2d557f7704832c143e352375

sepolicy(hostapd): Allow socket based control iface
e0290858 · Daichi Ueura · Jong Wook Kim · a6b8414b · e0290858
Commit e0290858 authored 7 years ago by Daichi Ueura Committed by Jong Wook Kim 7 years ago
--- a/vendor/hal_wifi_hostapd_default.te
+++ b/vendor/hal_wifi_hostapd_default.te
@@ -7,5 +7,6 @@ init_daemon_domain(hal_wifi_hostapd_default)
 net_domain(hal_wifi_hostapd_default)

 # Allow hostapd to access it's data folder
-allow hal_wifi_hostapd_default hostapd_data_file:dir rw_dir_perms;
+allow hal_wifi_hostapd_default hostapd_data_file:dir create_dir_perms;
 allow hal_wifi_hostapd_default hostapd_data_file:file create_file_perms;
+allow hal_wifi_hostapd_default hostapd_data_file:sock_file create_file_perms;