google-gs201/android_device_google_lynx
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

wifi: Add sepolicy for LOWI tools am: 374602a559

Browse Source 
Original change: https://googleplex-android-review.googlesource.com/c/device/google/lynx-sepolicy/+/17055632

Change-Id: Ida6ded1365a507b07eb92f7eeabf619cc501e932
This commit is contained in:
Hsiu-Chang Chen
2022-03-16 06:42:05 +00:00
committed by Automerger Merge Worker
parent cb1d5fab40 374602a559
commit ea39396cd5
9 changed files with 85 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
vendor/file.te vendored Normal file
View File

@@ -0,0 +1,5 @@
type vendor_location_data_file, file_type, data_file_type;
type vendor_location_socket, file_type;
type vendor_wifi_vendor_data_file, file_type, data_file_type;
type vendor_wifihal_socket, file_type;
type vendor_location_sysfs, fs_type, sysfs_type;

5
vendor/file_contexts vendored
View File

@@ -9,4 +9,9 @@
/dev/lwis-sensor-imx787 u:object_r:lwis_device:s0 /dev/lwis-sensor-imx787 u:object_r:lwis_device:s0
# Wifi # Wifi
/data/vendor/wifi(/.*)? u:object_r:vendor_wifi_vendor_data_file:s0
/dev/wlan u:object_r:vendor_wlan_device:s0 /dev/wlan u:object_r:vendor_wlan_device:s0
/dev/socket/location(/.*)? u:object_r:vendor_location_socket:s0
/dev/socket/wifihal(/.*)? u:object_r:vendor_wifihal_socket:s0
/vendor/bin/loc_launcher u:object_r:vendor_location_exec:s0
/vendor/bin/lowi-server u:object_r:lowi_server_exec:s0

3
vendor/genfs_contexts vendored
View File

@@ -1,2 +1,5 @@
# Haptics # Haptics
genfscon sysfs /devices/platform/10970000.hsi2c/i2c-4/i2c-cs40l26a u:object_r:sysfs_vibrator:s0 genfscon sysfs /devices/platform/10970000.hsi2c/i2c-4/i2c-cs40l26a u:object_r:sysfs_vibrator:s0
# Wifi
genfscon sysfs /devices/soc0/soc_id u:object_r:vendor_location_sysfs:s0

11
vendor/hal_wifi_ext.te vendored
View File

@@ -1 +1,12 @@
allow hal_wifi_ext vendor_wlan_device:chr_file w_file_perms; allow hal_wifi_ext vendor_wlan_device:chr_file w_file_perms;
# write to files owned by location daemon
allow hal_wifi_ext vendor_location_socket:dir rw_dir_perms;
allow hal_wifi_ext vendor_location_socket:{sock_file lnk_file} create_file_perms;
allow hal_wifi_ext vendor_location:unix_dgram_socket sendto;
allow hal_wifi_ext lowi_server:unix_dgram_socket sendto;
# Connect to vendor_location via vendor_location socket.
unix_socket_connect(hal_wifi, vendor_location, vendor_location)
allow hal_wifi_ext vendor_wifihal_socket:dir rw_dir_perms;
allow hal_wifi_ext vendor_wifihal_socket:sock_file create_file_perms;

1
vendor/hal_wifi_hostapd.te vendored Normal file
View File

@@ -0,0 +1 @@
allow hal_wifi_hostapd_default vendor_wifi_vendor_data_file:dir rw_dir_perms;

1
vendor/hal_wifi_supplicant.te vendored Normal file
View File

@@ -0,0 +1 @@
allow hal_wifi_supplicant_default vendor_wifi_vendor_data_file:dir rw_dir_perms;

9
vendor/ioctl_macros vendored Normal file
View File

@@ -0,0 +1,9 @@
define(`lowi_server_ioctls', `{
SIOCGIFINDEX
SIOCGIFHWADDR
SIOCGIFFLAGS
SIOCIWFIRSTPRIV_05
SIOCIWFIRSTPRIV_11
SIOCIWFIRSTPRIV_13
SIOCDEVPRIVATE_1
}')

35
vendor/lowi_server.te vendored Normal file
View File

@@ -0,0 +1,35 @@
# lowi_server service
# which launches various other services supporting Wifi-RTT (LOWI) vendor_location
type lowi_server, domain;
type lowi_server_exec, exec_type, vendor_file_type, file_type;
hwbinder_use(lowi_server)
allow lowi_server self:udp_socket create_socket_perms;
allow lowi_server self:netlink_route_socket create_socket_perms_no_ioctl;
## lowi-server
##############
allow lowi_server vendor_location:fd use;
allow lowi_server vendor_location:unix_dgram_socket sendto;
# some additional network access
allow lowi_server self:netlink_generic_socket create_socket_perms_no_ioctl;
allowxperm lowi_server self:udp_socket ioctl lowi_server_ioctls;
# /data/vendor/wifi
allow lowi_server vendor_wifi_vendor_data_file:dir rw_dir_perms;
# /data/vendor/wifi/wpa
allow lowi_server wpa_data_file:dir rw_dir_perms;
allow lowi_server wpa_data_file:sock_file create_file_perms;
allow lowi_server hal_wifi_supplicant_default:unix_dgram_socket sendto;
# /dev/socket/wifihal
allow lowi_server vendor_wifihal_socket:dir rw_dir_perms;
allow lowi_server vendor_wifihal_socket:sock_file create_file_perms;
allow lowi_server vendor_wifihal_socket:unix_dgram_socket sendto;
unix_socket_send(lowi_server, vendor_wifihal, hal_wifi_ext);
# /dev/socket/vendor_location
allow lowi_server vendor_location_socket:{sock_file lnk_file} create_file_perms;
allow lowi_server vendor_location_socket:dir rw_dir_perms;

15
vendor/vendor_location.te vendored Normal file
View File

@@ -0,0 +1,15 @@
# loc_launcher service
# which launches various other services supporting Wifi-RTT (LOWI) vendor_location
type vendor_location, domain;
type vendor_location_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(vendor_location)
# execute permission for vendor_location daemons in /vendor/bin/
domain_auto_trans(vendor_location, lowi_server_exec, lowi_server)
# /dev/socket/vendor_location
allow vendor_location vendor_location_socket:{sock_file lnk_file} create_file_perms;
allow vendor_location vendor_location_socket:dir rw_dir_perms;
# /sys/devices/soc0/soc_id
allow vendor_location vendor_location_sysfs:file create_file_perms;