p96705831
/
platform_build
forked from openkylin/platform_build
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Support new hostapd build target without HIDL 

The new build target for hostapd does not include the HIDL control
interface and it's a separate binary from the hostapd used for WiFi
hotspots. This new binary needs its own SELinux rules and it should be
included in emulator builds since it's used to provide virtual access
points.

BUG: 74401469
Test: run cts -m CtsNetTestCases

(cherry picked from commit a53c522678)

Change-Id: I8fa4908d1bef8ff25573abb72bbac433ae3151de
This commit is contained in:
Bjoern Johansson 2018-05-15 15:03:12 -07:00 committed by bohu
parent 3af2baad0a
commit a2d754ce3a
3 changed files with 20 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
target/board/generic/sepolicy/execns.te
View File

@ -6,7 +6,7 @@ init_daemon_domain(execns)
allow execns varrun_file:dir search;
allow execns varrun_file:file r_file_perms;
allow execns self:capability sys_admin;
allow execns self:capability { sys_admin setuid setgid };
allow execns nsfs:file { open read };
#Allow execns itself to be run by init in its own domain
@ -18,15 +18,8 @@ domain_auto_trans(execns, dhcpclient_exec, dhcpclient);
# Allow dhcpserver to be run by execns in its own domain
domain_auto_trans(execns, dhcpserver_exec, dhcpserver);
# Rules to allow execution of hostapd and allow it to run
allow execns hal_wifi_hostapd_default_exec:file { execute_no_trans };
allow execns self:capability { net_admin net_raw };
allow execns self:netlink_generic_socket { bind create getattr read setopt write };
allow execns self:netlink_route_socket { bind create read write nlmsg_write };
allow execns execns:udp_socket { create ioctl };
allow execns self:packet_socket { create setopt };
allow execns sysfs_net:dir { search };
allowxperm execns self:udp_socket ioctl priv_sock_ioctls;
# Allow hostapd_nohidl to be run by execns in its own domain
domain_auto_trans(execns, hostapd_nohidl_exec, hostapd_nohidl);
# Allow execns to read createns proc file to get the namespace file
allow execns createns:file read;

1
target/board/generic/sepolicy/file_contexts
View File

@ -24,6 +24,7 @@
/vendor/bin/ipv6proxy u:object_r:ipv6proxy_exec:s0
/vendor/bin/dhcpclient u:object_r:dhcpclient_exec:s0
/vendor/bin/dhcpserver u:object_r:dhcpserver_exec:s0
/vendor/bin/hostapd_nohidl u:object_r:hostapd_nohidl_exec:s0
/vendor/bin/hw/android\.hardware\.drm@1\.0-service\.widevine u:object_r:hal_drm_widevine_exec:s0

16
target/board/generic/sepolicy/hostapd_nohidl.te Normal file
View File

@ -0,0 +1,16 @@
type hostapd_nohidl, domain;
type hostapd_nohidl_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(hostapd_nohidl)
net_domain(hostapd_nohidl)
allow hostapd_nohidl execns:fd use;
allow hostapd_nohidl self:capability { net_admin net_raw };
allow hostapd_nohidl self:netlink_generic_socket { bind create getattr read setopt write };
allow hostapd_nohidl self:netlink_route_socket nlmsg_write;
allow hostapd_nohidl self:packet_socket { create setopt };
allowxperm hostapd_nohidl self:udp_socket ioctl priv_sock_ioctls;
# hostapd will attempt to search sysfs but it's not needed and will spam the log
dontaudit hostapd_nohidl sysfs_net:dir search;