From b2c724f0edfa43dcd6f9521e0546c2f79dc9f02b Mon Sep 17 00:00:00 2001
From: Hsiu-Chang Chen <hsiuchangchen@google.com>
Date: Fri, 14 Oct 2022 14:24:09 +0800
Subject: [PATCH] Add sepolicy rules for hal_wifi_default

In PDK build, it uses default wifi hal instead
wifi_ext hal. Need to add rules for hal_wifi_default
as well as we added for hal_wifi_ext

Bug: 253544307
Test: Wifi can be enabled in PDK builds
Change-Id: I57ad330c2467ae99b9c5190fbdc2f02e998b2fc1
---
 vendor/hal_wifi_default.te | 19 +++++++++++++++++++
 vendor/lowi_server.te      |  1 +
 vendor/vendor_location.te  |  1 +
 3 files changed, 21 insertions(+)
 create mode 100644 vendor/hal_wifi_default.te

diff --git a/vendor/hal_wifi_default.te b/vendor/hal_wifi_default.te
new file mode 100644
index 0000000..418aba5
--- /dev/null
+++ b/vendor/hal_wifi_default.te
@@ -0,0 +1,19 @@
+allow hal_wifi_default vendor_wlan_device:chr_file w_file_perms;
+allow hal_wifi_default vendor_wifi_vendor_data_file:dir rw_dir_perms;
+
+# write to files owned by location daemon
+allow hal_wifi_default vendor_location_socket:dir rw_dir_perms;
+allow hal_wifi_default vendor_location_socket:{sock_file lnk_file} create_file_perms;
+allow hal_wifi_default vendor_location:unix_dgram_socket sendto;
+allow hal_wifi_default lowi_server:unix_dgram_socket sendto;
+
+# Connect to vendor_location via vendor_location socket.
+unix_socket_connect(hal_wifi, vendor_location, vendor_location)
+allow hal_wifi_default vendor_wifihal_socket:dir rw_dir_perms;
+allow hal_wifi_default vendor_wifihal_socket:sock_file create_file_perms;
+
+# allow hal_wifi to write into /proc/debugdriver/driverdump
+r_dir_file(hal_wifi_default, vendor_proc_wifi_dbg);
+
+# Write wlan driver/fw version into property
+set_prop(hal_wifi_default, vendor_wifi_version)
diff --git a/vendor/lowi_server.te b/vendor/lowi_server.te
index e107cf2..21dfb81 100644
--- a/vendor/lowi_server.te
+++ b/vendor/lowi_server.te
@@ -28,6 +28,7 @@ allow lowi_server hal_wifi_supplicant_default:unix_dgram_socket sendto;
 allow lowi_server vendor_wifihal_socket:dir rw_dir_perms;
 allow lowi_server vendor_wifihal_socket:sock_file create_file_perms;
 allow lowi_server vendor_wifihal_socket:unix_dgram_socket sendto;
+unix_socket_send(lowi_server, vendor_wifihal, hal_wifi_default);
 unix_socket_send(lowi_server, vendor_wifihal, hal_wifi_ext);
 
 # /dev/socket/vendor_location
diff --git a/vendor/vendor_location.te b/vendor/vendor_location.te
index 05f55a6..b41c6a8 100644
--- a/vendor/vendor_location.te
+++ b/vendor/vendor_location.te
@@ -16,4 +16,5 @@ allow vendor_location vendor_location_sysfs:file create_file_perms;
 
 # /dev/socket/location/mq/*
 allow vendor_location lowi_server:unix_dgram_socket {sendto read write};
+allow vendor_location hal_wifi_default:unix_dgram_socket {sendto read write};
 allow vendor_location hal_wifi_ext:unix_dgram_socket {sendto read write};