1# wpa supplicant or equivalent 2type hal_wifi_supplicant_default, domain; 3hal_server_domain(hal_wifi_supplicant_default, hal_wifi_supplicant) 4type hal_wifi_supplicant_default_exec, exec_type, vendor_file_type, file_type; 5init_daemon_domain(hal_wifi_supplicant_default) 6 7net_domain(hal_wifi_supplicant_default) 8# Create a socket for receiving info from wpa 9type_transition hal_wifi_supplicant_default wifi_data_file:dir wpa_socket "sockets"; 10 11# Allow wpa_supplicant to configure nl80211 12allow hal_wifi_supplicant_default proc_net_type:file write; 13 14# Allow wpa_supplicant to talk to Wifi Keystore HwBinder service. 15hwbinder_use(hal_wifi_supplicant_default) 16allow hal_wifi_supplicant_default system_wifi_keystore_hwservice:hwservice_manager find; 17binder_call(hal_wifi_supplicant_default, wifi_keystore_service_server) 18 19allow hal_wifi_supplicant_default wpa_data_file:dir create_dir_perms; 20allow hal_wifi_supplicant_default wpa_data_file:file create_file_perms; 21allow hal_wifi_supplicant_default wpa_data_file:sock_file create_file_perms; 22 23# Write to security logs for audit. 24get_prop(hal_wifi_supplicant_default, device_logging_prop) 25 26# Devices upgrading to P may grant this permission in device-specific 27# policy along with the data_between_core_and_vendor_violators 28# attribute needed for an exemption. However, devices that launch with 29# P should use /data/vendor/wifi, which is already granted in core 30# policy. This is dontaudited here to avoid conditional 31# device-specific behavior in wpa_supplicant. 32dontaudit hal_wifi_supplicant_default wifi_data_file:dir search; 33 34# Allow wpa supplicant to access Netlink Interceptor 35hal_client_domain(hal_wifi_supplicant_default, hal_nlinterceptor) 36