diff options
author | Dmitry Shmidt <dimitrysh@google.com> | 2017-11-29 14:06:03 -0800 |
---|---|---|
committer | Dmitry Shmidt <dimitrysh@google.com> | 2017-11-29 14:15:25 -0800 |
commit | a2e3640e58ea39db71aa57e0d0e28a37c9cecd3b (patch) | |
tree | 575a5fd770865bfd06947438b6250c4edf6ec0b7 | |
parent | 6b34f04153d750c98ef1c66a272276f2cb8bf384 (diff) | |
download | hikey-a2e3640e58ea39db71aa57e0d0e28a37c9cecd3b.tar.gz |
hikey: hikey960: Add wpa_supplicant and hostapd permissions
Bug: 69926730
Test: Manual
Change-Id: Idcfe31a9775479f66d79c53cf964b162dfbf6b29
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
-rw-r--r-- | sepolicy/hal_wifi_supplicant_default.te | 10 | ||||
-rw-r--r-- | sepolicy/hostapd.te | 12 |
2 files changed, 22 insertions, 0 deletions
diff --git a/sepolicy/hal_wifi_supplicant_default.te b/sepolicy/hal_wifi_supplicant_default.te new file mode 100644 index 00000000..3646bac8 --- /dev/null +++ b/sepolicy/hal_wifi_supplicant_default.te @@ -0,0 +1,10 @@ +# TODO(b/36657258): Remove data_between_core_and_vendor_violators once +# hal_wifi_supplicant no longer directly accesses wifi_data_file. +typeattribute hal_wifi_supplicant_default data_between_core_and_vendor_violators; + +allow hal_wifi_supplicant_default wifi_data_file:dir create_dir_perms; +allow hal_wifi_supplicant_default wifi_data_file:file create_file_perms; + +# Create a socket for receiving info from wpa +allow hal_wifi_supplicant_default wpa_socket:dir create_dir_perms; +allow hal_wifi_supplicant_default wpa_socket:sock_file create_file_perms; diff --git a/sepolicy/hostapd.te b/sepolicy/hostapd.te new file mode 100644 index 00000000..b7069692 --- /dev/null +++ b/sepolicy/hostapd.te @@ -0,0 +1,12 @@ +# TODO(b/36657258): Remove data_between_core_and_vendor_violators once +# hostapd no longer directly accesses /data outside /data/vendor. +typeattribute hostapd data_between_core_and_vendor_violators; +# hostapd can read and write WiFi related data and configuration. +# For example, the entropy file is periodically updated. +allow hostapd wifi_data_file:file rw_file_perms; +r_dir_file(hostapd, wifi_data_file) + +# hostapd wants to create the directory holding its control socket. +allow hostapd hostapd_socket:dir create_dir_perms; +# hostapd needs to create, bind to, read, and write its control socket. +allow hostapd hostapd_socket:sock_file create_file_perms; |