From e029085840ffde16ce8abd092f2de3a28ef16f33 Mon Sep 17 00:00:00 2001
From: Daichi Ueura <daichi.ueura@sony.com>
Date: Fri, 23 Feb 2018 21:54:19 +0900
Subject: [PATCH] sepolicy(hostapd): Allow socket based control iface

Update sepolicy permission to allow hostapd to setup
socket for socket based control interface.

Sepolicy denial for accessing /data/vendor/wifi/hostapd/ctrl:
02-23 12:32:06.186  3068  3068 I hostapd : type=1400 audit(0.0:36):
avc: denied { create } for name="ctrl"
scontext=u:r:hal_wifi_hostapd_default:s0
tcontext=u:object_r:hostapd_data_file:s0 tclass=dir permissive=1

02-23 12:32:06.186  3068  3068 I hostapd : type=1400 audit(0.0:37):
avc: denied { setattr } for name="ctrl" dev="sda35" ino=131410
scontext=u:r:hal_wifi_hostapd_default:s0
tcontext=u:object_r:hostapd_data_file:s0 tclass=dir permissive=1

02-23 12:32:06.190  3068  3068 I hostapd : type=1400 audit(0.0:38):
avc: denied { create } for name="wlan0"
scontext=u:r:hal_wifi_hostapd_default:s0
tcontext=u:object_r:hostapd_data_file:s0 tclass=sock_file permissive=1

02-23 12:32:06.190  3068  3068 I hostapd : type=1400 audit(0.0:39):
avc: denied { setattr } for name="wlan0" dev="sda35" ino=131411
scontext=u:r:hal_wifi_hostapd_default:s0
tcontext=u:object_r:hostapd_data_file:s0 tclass=sock_file permissive=1

Bug: 73419160
Test: Manual check that softAp works
Change-Id: I2e733e168feceeab2d557f7704832c143e352375
---
 vendor/hal_wifi_hostapd_default.te | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/vendor/hal_wifi_hostapd_default.te b/vendor/hal_wifi_hostapd_default.te
index 5a3bbb6ee..1e0dcb83a 100644
--- a/vendor/hal_wifi_hostapd_default.te
+++ b/vendor/hal_wifi_hostapd_default.te
@@ -7,5 +7,6 @@ init_daemon_domain(hal_wifi_hostapd_default)
 net_domain(hal_wifi_hostapd_default)
 
 # Allow hostapd to access it's data folder
-allow hal_wifi_hostapd_default hostapd_data_file:dir rw_dir_perms;
+allow hal_wifi_hostapd_default hostapd_data_file:dir create_dir_perms;
 allow hal_wifi_hostapd_default hostapd_data_file:file create_file_perms;
+allow hal_wifi_hostapd_default hostapd_data_file:sock_file create_file_perms;
-- 
GitLab