From fd1cdd3f39ed986db62859ef0c7b24bff5388dfe Mon Sep 17 00:00:00 2001
From: Christopher Wiley <wiley@google.com>
Date: Fri, 29 Jul 2016 10:26:54 -0700
Subject: [PATCH] Allow wificond to drop signals on hostapd

Stopping hostapd abruptly with SIGKILL can sometimes leave the driver
in a poor state.  Long term, we should pro-actively go in and clean up
the driver.  In the short term, it helps tremendously to send SIGTERM
and give hostapd time to clean itself up.

Bug: 30311493
Test: With patches in this series, wificond can cleanly start and stop
      hostapd in integration tests.

Change-Id: Ic770c2fb1a1b636fced4620fe6e24d1c8dcdfeb8
(cherry picked from commit 762cb7c4aaa1d20309edbb07c932ae12669506a5)
---
 wificond.te | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/wificond.te b/wificond.te
index 147554958..e873ec5eb 100644
--- a/wificond.te
+++ b/wificond.te
@@ -23,9 +23,16 @@ allow wificond self:netlink_socket create_socket_perms;
 r_dir_file(wificond, proc_net)
 
 # wificond writes out configuration files for wpa_supplicant/hostapd.
+# wificond also reads pid files out of this directory
 allow wificond wifi_data_file:dir rw_dir_perms;
 allow wificond wifi_data_file:file create_file_perms;
 # TODO: Remove fowner when wificond runs as the wifi user b/29870863
 #       We need this today, because we need to chmod hostapd/supplicant
 #       files, which are owned by system or wifi (not wificond's root).
 allow wificond self:capability { chown fowner };
+
+# wificond tries to gracefully kill hostapd by sending it a signal.
+# wificond checks for hostapd liveliness with signull.
+allow wificond hostapd:process { signal signull };
+# wificond needs kill to drop mad signals on hostapd.
+allow wificond self:capability kill;
-- 
GitLab