Move platform/vendor data violations to device policy

Sharing data folders by path will be disallowed because it violates the approved API between platform and vendor components tested by VTS. Move all violating permissions from core selinux policy to device specific policy so that we can exempt existing devices from the ban and enforce it on new devices. Bug: 34980020 Test: build Change-Id: I9821151e67e33ac60aa7a57a5ab1e6a1024bf418
author: Jeff Vander Stoep <jeffv@google.com> 2017-11-29 17:19:16 -0800
committer: Jeff Vander Stoep <jeffv@google.com> 2017-11-29 17:20:51 -0800
commit: a9b668805c9f27e4b50766033e527dd19d73d18f (patch)
tree: 06ff68e9afeec144cea177c9f6313f7df729cc3c /sepolicy
parent: 3ff58fd0b65c2aff0994f40e9230885ea469b27d (diff)
download: fugu-a9b668805c9f27e4b50766033e527dd19d73d18f.tar.gz
1 files changed, 7 insertions, 0 deletions
diff --git a/sepolicy/hal_wifi_supplicant.te b/sepolicy/hal_wifi_supplicant.te
index 90628c1..7137b06 100644
--- a/sepolicy/hal_wifi_supplicant.te
+++ b/sepolicy/hal_wifi_supplicant.te
@@ -1,2 +1,9 @@
 allow hal_wifi_supplicant efs_file:dir r_dir_perms;
 allow hal_wifi_supplicant efs_file:file rw_file_perms;
+
+allow hal_wifi_supplicant wifi_data_file:dir create_dir_perms;
+allow hal_wifi_supplicant wifi_data_file:file create_file_perms;
+
+# Create a socket for receiving info from wpa
+allow hal_wifi_supplicant wpa_socket:dir create_dir_perms;
+allow hal_wifi_supplicant wpa_socket:sock_file create_file_perms;
author	Jeff Vander Stoep <jeffv@google.com>	2017-11-29 17:19:16 -0800
committer	Jeff Vander Stoep <jeffv@google.com>	2017-11-29 17:20:51 -0800
commit	a9b668805c9f27e4b50766033e527dd19d73d18f (patch)
tree	06ff68e9afeec144cea177c9f6313f7df729cc3c /sepolicy
parent	3ff58fd0b65c2aff0994f40e9230885ea469b27d (diff)
download	fugu-a9b668805c9f27e4b50766033e527dd19d73d18f.tar.gz