Allow wificond to drop signals on hostapd

Stopping hostapd abruptly with SIGKILL can sometimes leave the driver in a poor state. Long term, we should pro-actively go in and clean up the driver. In the short term, it helps tremendously to send SIGTERM and give hostapd time to clean itself up. Bug: 30311493 Test: With patches in this series, wificond can cleanly start and stop hostapd in integration tests. Change-Id: Ic770c2fb1a1b636fced4620fe6e24d1c8dcdfeb8 (cherry picked from commit 762cb7c4)

Allow wificond to drop signals on hostapd
fd1cdd3f · Christopher Wiley · Mitchell Wills · 07200122 · fd1cdd3f
Commit fd1cdd3f authored 8 years ago by Christopher Wiley Committed by Mitchell Wills 8 years ago
--- a/wificond.te
+++ b/wificond.te
@@ -23,9 +23,16 @@ allow wificond self:netlink_socket create_socket_perms;
 r_dir_file(wificond, proc_net)
 # wificond writes out configuration files for wpa_supplicant/hostapd.
+# wificond also reads pid files out of this directory
 allow wificond wifi_data_file:dir rw_dir_perms;
 allow wificond wifi_data_file:file create_file_perms;
 # TODO: Remove fowner when wificond runs as the wifi user b/29870863
 #       We need this today, because we need to chmod hostapd/supplicant
 #       files, which are owned by system or wifi (not wificond's root).
 allow wificond self:capability { chown fowner };
+# wificond tries to gracefully kill hostapd by sending it a signal.
+# wificond checks for hostapd liveliness with signull.
+allow wificond hostapd:process { signal signull };
+# wificond needs kill to drop mad signals on hostapd.
+allow wificond self:capability kill;