diff --git a/vendor/hal_wifi_supplicant_default.te b/vendor/hal_wifi_supplicant_default.te index 9b70dd5ed3bc7e35374b5db2266ff23413d0f576..2e04dcf2ceb127445493d32294938501b16e1575 100644 --- a/vendor/hal_wifi_supplicant_default.te +++ b/vendor/hal_wifi_supplicant_default.te @@ -19,3 +19,11 @@ allow hal_wifi_supplicant_default wpa_data_file:sock_file create_file_perms; # Write to security logs for audit. get_prop(hal_wifi_supplicant_default, device_logging_prop) + +# Devices upgrading to P may grant this permission in device-specific +# policy along with the data_between_core_and_vendor_violators +# attribute needed for an exemption. However, devices that launch with +# P should use /data/vendor/wifi, which is already granted in core +# policy. This is dontaudited here to avoid conditional +# device-specific behavior in wpa_supplicant. +dontaudit hal_wifi_supplicant_default wifi_data_file:dir search;