Add support for WiFi in emulator

Add required SELinux permissions to run services required for WiFi and
network namespaces. Add required executables and files required to run
WiFi services such as hostapd to create an access point and
wpa_supplicant to connect to it.

BUG: 74514143
Test: Build emulator image and manually verify WiFi functionality
Change-Id: I38461b878abcaae842b4656dea82792e23100174
(cherry picked from commit 21c5c3dcf91b1be71abe8618e2eb31529438e325)
(cherry picked from commit 68a36140f7a3a766b8adc16cd85c2f0c81bfb44b)
(cherry picked from commit e6dab593b8eebccb1e6311e626c8aca943ba6933)
This commit is contained in:
Bjoern Johansson 2017-02-09 22:28:47 -08:00
parent 3972c88026
commit 127395fc8f
8 changed files with 76 additions and 1 deletions

View File

@ -0,0 +1,20 @@
# Network namespace transitions
type execns, domain, domain_deprecated;
type execns_exec, exec_type, file_type;
init_daemon_domain(execns)
allow execns varrun_file:dir search;
allow execns self:capability sys_admin;
#Allow execns itself to be run by init in its own domain
domain_auto_trans(init, execns_exec, execns);
# Allow hostapd to be run by execns in its own domain
domain_auto_trans(execns, hostapd_exec, hostapd);
allow hostapd execns:fd use;
# Allow dnsmasq to be run by execns in its own domain
domain_auto_trans(execns, dnsmasq_exec, dnsmasq);
allow dnsmasq execns:fd use;

View File

@ -1 +1,3 @@
type sysfs_writable, fs_type, sysfs_type, mlstrustedobject;
type varrun_file, file_type, data_file_type, mlstrustedobject;
type mediadrm_vendor_data_file, file_type, data_file_type;

View File

@ -18,6 +18,8 @@
/vendor/bin/init\.ranchu-core\.sh u:object_r:goldfish_setup_exec:s0
/vendor/bin/init\.ranchu-net\.sh u:object_r:goldfish_setup_exec:s0
/vendor/bin/qemu-props u:object_r:qemu_props_exec:s0
/system/bin/execns u:object_r:execns_exec:s0
/system/bin/ipv6proxy u:object_r:ipv6proxy_exec:s0
/vendor/bin/hw/android\.hardware\.drm@1\.0-service\.widevine u:object_r:hal_drm_widevine_exec:s0
@ -36,4 +38,5 @@
# data
/data/vendor/mediadrm(/.*)? u:object_r:mediadrm_vendor_data_file:s0
/data/var/run(/.*)? u:object_r:varrun_file:s0

View File

@ -11,3 +11,15 @@ allow goldfish_setup vendor_toolbox_exec:file execute_no_trans;
allowxperm goldfish_setup self:udp_socket ioctl priv_sock_ioctls;
wakelock_use(goldfish_setup);
allow goldfish_setup vendor_shell_exec:file { rx_file_perms };
# Set system properties to start services
set_prop(goldfish_setup, ctl_default_prop);
# Set up WiFi
allow goldfish_setup self:netlink_route_socket nlmsg_write;
allow goldfish_setup self:netlink_socket create_socket_perms;
allow goldfish_setup self:capability { sys_module sys_admin };
allow goldfish_setup varrun_file:dir { mounton write add_name search remove_name };
allow goldfish_setup varrun_file:file { mounton getattr create read write open unlink };
allow goldfish_setup execns_exec:file rx_file_perms;
allow goldfish_setup proc_net:file w_file_perms;

View File

@ -0,0 +1,15 @@
# IPv6 proxying
type ipv6proxy, domain, domain_deprecated;
type ipv6proxy_exec, exec_type, file_type;
init_daemon_domain(ipv6proxy)
net_domain(ipv6proxy)
# Allow ipv6proxy to be run by execns in its own domain
domain_auto_trans(execns, ipv6proxy_exec, ipv6proxy);
allow ipv6proxy execns:fd use;
allow ipv6proxy self:capability { sys_admin sys_module net_admin net_raw };
allow ipv6proxy self:packet_socket { bind create read };
allow ipv6proxy self:netlink_route_socket nlmsg_write;
allow ipv6proxy varrun_file:dir search;

View File

@ -67,3 +67,14 @@ BOARD_VNDK_VERSION := current
# Enable A/B update
TARGET_NO_RECOVERY := true
BOARD_BUILD_SYSTEM_ROOT_IMAGE := true
# Wifi.
BOARD_WLAN_DEVICE := wlan0
BOARD_HOSTAPD_DRIVER := NL80211
BOARD_WPA_SUPPLICANT_DRIVER := NL80211
BOARD_HOSTAPD_PRIVATE_LIB := lib_driver_cmd_simulated
BOARD_WPA_SUPPLICANT_PRIVATE_LIB := lib_driver_cmd_simulated
WPA_SUPPLICANT_VERSION := VER_0_8_X
WIFI_DRIVER_FW_PATH_PARAM := "/dev/null"
WIFI_DRIVER_FW_PATH_STA := "/dev/null"
WIFI_DRIVER_FW_PATH_AP := "/dev/null"

View File

@ -116,9 +116,19 @@ PRODUCT_PACKAGES += \
PRODUCT_PACKAGES += \
vndk-sp
# WiFi
PRODUCT_PACKAGES += \
execns \
hostapd \
ip \
ipv6proxy \
iw \
wpa_supplicant \
PRODUCT_COPY_FILES += \
device/generic/goldfish/init.ranchu-core.sh:$(TARGET_COPY_OUT_VENDOR)/bin/init.ranchu-core.sh \
device/generic/goldfish/init.ranchu-net.sh:$(TARGET_COPY_OUT_VENDOR)/bin/init.ranchu-net.sh \
device/generic/goldfish/wifi/init.wifi.sh:$(TARGET_COPY_OUT_VENDOR)/bin/init.wifi.sh \
device/generic/goldfish/init.ranchu.rc:root/init.ranchu.rc \
device/generic/goldfish/fstab.ranchu:root/fstab.ranchu \
device/generic/goldfish/fstab.ranchu.early:root/fstab.ranchu.early \
@ -127,6 +137,8 @@ PRODUCT_COPY_FILES += \
device/generic/goldfish/manifest.xml:$(TARGET_COPY_OUT_VENDOR)/manifest.xml \
device/generic/goldfish/data/etc/permissions/privapp-permissions-goldfish.xml:$(TARGET_COPY_OUT_VENDOR)/etc/permissions/privapp-permissions-goldfish.xml \
device/generic/goldfish/data/etc/config.ini:config.ini \
device/generic/goldfish/wifi/simulated_hostapd.conf:system/etc/simulated_hostapd.conf \
device/generic/goldfish/wifi/wpa_supplicant.conf:data/misc/wifi/wpa_supplicant.conf \
frameworks/native/data/etc/android.hardware.wifi.xml:$(TARGET_COPY_OUT_VENDOR)/etc/permissions/android.hardware.wifi.xml
PRODUCT_PACKAGE_OVERLAYS := device/generic/goldfish/overlay

View File

@ -44,7 +44,7 @@ PRODUCT_PACKAGES := \
SysuiDarkThemeOverlay \
EasterEgg \
WallpaperPicker \
WidgetPreview
WidgetPreview \
# Define the host tools and libs that are parts of the SDK.
-include sdk/build/product_sdk.mk