diff options
author | Steven Liu <steveliu@google.com> | 2020-07-09 09:47:57 -0700 |
---|---|---|
committer | Steven Liu <steveliu@google.com> | 2020-08-13 09:33:55 -0700 |
commit | 32004eddd03a481520ac00a9fa0d344b1ccff63e (patch) | |
tree | a247998af4d3237923b3a53ea9be5fa14e47c516 | |
parent | 571962b0b2e59dabef01c23f479d3a3371658d6b (diff) | |
download | redbull-sepolicy-32004eddd03a481520ac00a9fa0d344b1ccff63e.tar.gz |
Give hal_wifi_ext the permission to read updated wifi firmware files.
The wifi firmware files is downloaded by scone app, which is private
app. The files are passed to wifi_ext by fd.
Also, the files in /data/vendor/firmware/wifi needs to be accessable
by cnss-daemon and wifi_ext.
Bug: 141766704
Test: files could be updated from scone to wifi_ext.
Change-Id: I2fb2d900c88a17764203e58e3b455df11d3d4bcf
-rw-r--r-- | vendor/google/file.te | 3 | ||||
-rw-r--r-- | vendor/google/file_contexts | 1 | ||||
-rw-r--r-- | vendor/google/hal_wifi_ext.te | 8 | ||||
-rw-r--r-- | vendor/qcom/common/wcnss_service.te | 4 |
4 files changed, 16 insertions, 0 deletions
diff --git a/vendor/google/file.te b/vendor/google/file.te index 4570f3f..9d6186d 100644 --- a/vendor/google/file.te +++ b/vendor/google/file.te @@ -50,3 +50,6 @@ allow ramdump_vendor_mnt_file self:filesystem associate; # Incremental file system driver type vendor_incremental_module, vendor_file_type, file_type; + +# All files under /data/vendor/firmware/wifi +type updated_wifi_firmware_data_file, file_type, data_file_type; diff --git a/vendor/google/file_contexts b/vendor/google/file_contexts index b406179..b9c635a 100644 --- a/vendor/google/file_contexts +++ b/vendor/google/file_contexts @@ -72,6 +72,7 @@ /data/vendor_ce/[0-9]+/ramoops(/.*)? u:object_r:ramoops_vendor_data_file:s0 /data/vendor/rebootescrow(/.*)? u:object_r:hal_rebootescrow_citadel_data_file:s0 /data/per_boot(/.*)? u:object_r:per_boot_file:s0 +/data/vendor/firmware/wifi(/.*)? u:object_r:updated_wifi_firmware_data_file:s0 # dev socket node /dev/socket/diag_router u:object_r:diag_socket:s0 diff --git a/vendor/google/hal_wifi_ext.te b/vendor/google/hal_wifi_ext.te index 26198f4..c4f17fb 100644 --- a/vendor/google/hal_wifi_ext.te +++ b/vendor/google/hal_wifi_ext.te @@ -28,3 +28,11 @@ binder_call(hal_wifi_ext, grilservice_app) # Allow hal_wifi to write into /dev/wlan allow hal_wifi_ext wlan_device:chr_file rw_file_perms; + +# Allow wifi_ext to read and write /data/vendor/firmware/wifi +allow hal_wifi_ext updated_wifi_firmware_data_file:dir rw_dir_perms; +allow hal_wifi_ext updated_wifi_firmware_data_file:file create_file_perms; + +# Allow wifi_ext to read the updated firmware files from app +allow hal_wifi_ext priv_app:fd use; +allow hal_wifi_ext privapp_data_file:file { read map }; diff --git a/vendor/qcom/common/wcnss_service.te b/vendor/qcom/common/wcnss_service.te index d474404..680aaa5 100644 --- a/vendor/qcom/common/wcnss_service.te +++ b/vendor/qcom/common/wcnss_service.te @@ -23,6 +23,10 @@ userdebug_or_eng(` binder_call(wcnss_service, vendor_per_mgr) allow wcnss_service vendor_per_mgr_service:service_manager find; +# files in /data/vendor/firmware/wifi +allow wcnss_service updated_wifi_firmware_data_file:dir r_dir_perms; +allow wcnss_service updated_wifi_firmware_data_file:file r_file_perms; + # files in /sys r_dir_file(wcnss_service, sysfs_msm_subsys) r_dir_file(wcnss_service, sysfs_soc) |