hikey: hikey960: Add wpa_supplicant and hostapd permissions

Bug: 69926730
Test: Manual

Change-Id: Idcfe31a9775479f66d79c53cf964b162dfbf6b29
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>

2 files changed, 22 insertions, 0 deletions

diff --git a/sepolicy/hal_wifi_supplicant_default.te b/sepolicy/hal_wifi_supplicant_default.te
new file mode 100644
index 00000000..3646bac8
--- /dev/null
+++ b/sepolicy/hal_wifi_supplicant_default.te
@@ -0,0 +1,10 @@
+# TODO(b/36657258): Remove data_between_core_and_vendor_violators once
+# hal_wifi_supplicant no longer directly accesses wifi_data_file.
+typeattribute hal_wifi_supplicant_default data_between_core_and_vendor_violators;
+
+allow hal_wifi_supplicant_default wifi_data_file:dir create_dir_perms;
+allow hal_wifi_supplicant_default wifi_data_file:file create_file_perms;
+
+# Create a socket for receiving info from wpa
+allow hal_wifi_supplicant_default wpa_socket:dir create_dir_perms;
+allow hal_wifi_supplicant_default wpa_socket:sock_file create_file_perms;
diff --git a/sepolicy/hostapd.te b/sepolicy/hostapd.te
new file mode 100644
index 00000000..b7069692
--- /dev/null
+++ b/sepolicy/hostapd.te
@@ -0,0 +1,12 @@
+# TODO(b/36657258): Remove data_between_core_and_vendor_violators once
+# hostapd no longer directly accesses /data outside /data/vendor.
+typeattribute hostapd data_between_core_and_vendor_violators;
+# hostapd can read and write WiFi related data and configuration.
+# For example, the entropy file is periodically updated.
+allow hostapd wifi_data_file:file rw_file_perms;
+r_dir_file(hostapd, wifi_data_file)
+
+# hostapd wants to create the directory holding its control socket.
+allow hostapd hostapd_socket:dir create_dir_perms;
+# hostapd needs to create, bind to, read, and write its control socket.
+allow hostapd hostapd_socket:sock_file create_file_perms;