Allow wificond to write wifi component config files

We need the ability to set file permissions, create files, write files, chown files. Test: integration tests that start/stop hostapd and write its config file via wificond pass without SELinux denials. Bug: 30040724 Change-Id: Iee15fb36a6a4a89009d4b45281060379d70cd53c

Allow wificond to write wifi component config files
f83da142 · Christopher Wiley · ab1976d1 · f83da142
Commit f83da142 authored 8 years ago by Christopher Wiley
--- a/wificond.te
+++ b/wificond.te
@@ -20,3 +20,11 @@ allow wificond self:capability { net_admin net_raw };
 allow wificond self:netlink_socket create_socket_perms_no_ioctl;

 r_dir_file(wificond, proc_net)
+
+# wificond writes out configuration files for wpa_supplicant/hostapd.
+allow wificond wifi_data_file:dir rw_dir_perms;
+allow wificond wifi_data_file:file create_file_perms;
+# TODO: Remove fowner when wificond runs as the wifi user b/29870863
+#       We need this today, because we need to chmod hostapd/supplicant
+#       files, which are owned by system or wifi (not wificond's root).
+allow wificond self:capability { chown fowner };