• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# wpa supplicant or equivalent
2type hal_wifi_supplicant_default, domain;
3hal_server_domain(hal_wifi_supplicant_default, hal_wifi_supplicant)
4type hal_wifi_supplicant_default_exec, exec_type, vendor_file_type, file_type;
5init_daemon_domain(hal_wifi_supplicant_default)
6
7net_domain(hal_wifi_supplicant_default)
8# Create a socket for receiving info from wpa
9type_transition hal_wifi_supplicant_default wifi_data_file:dir wpa_socket "sockets";
10
11# Allow wpa_supplicant to configure nl80211
12allow hal_wifi_supplicant_default proc_net_type:file write;
13
14# Allow wpa_supplicant to talk to Wifi Keystore HwBinder service.
15hwbinder_use(hal_wifi_supplicant_default)
16allow hal_wifi_supplicant_default system_wifi_keystore_hwservice:hwservice_manager find;
17binder_call(hal_wifi_supplicant_default, wifi_keystore_service_server)
18
19allow hal_wifi_supplicant_default wpa_data_file:dir create_dir_perms;
20allow hal_wifi_supplicant_default wpa_data_file:file create_file_perms;
21allow hal_wifi_supplicant_default wpa_data_file:sock_file create_file_perms;
22
23# Write to security logs for audit.
24get_prop(hal_wifi_supplicant_default, device_logging_prop)
25
26# Devices upgrading to P may grant this permission in device-specific
27# policy along with the data_between_core_and_vendor_violators
28# attribute needed for an exemption.  However, devices that launch with
29# P should use /data/vendor/wifi, which is already granted in core
30# policy.  This is dontaudited here to avoid conditional
31# device-specific behavior in wpa_supplicant.
32dontaudit hal_wifi_supplicant_default wifi_data_file:dir search;
33
34# Allow wpa supplicant to access Netlink Interceptor
35hal_client_domain(hal_wifi_supplicant_default, hal_nlinterceptor)
36