Sepolicy changes for new mutualex daemon
Change-Id: Ie3cd5f9c1ced4f40fba5144cc079344c0ab4e2d9
diff --git a/generic/vendor/common/hal_wifi_supplicant.te b/generic/vendor/common/hal_wifi_supplicant.te
index cffb540..5beaad8 100644
--- a/generic/vendor/common/hal_wifi_supplicant.te
+++ b/generic/vendor/common/hal_wifi_supplicant.te
@@ -1,4 +1,4 @@
-#Copyright (c) 2017-2018, The Linux Foundation. All rights reserved.
+#Copyright (c) 2017-2020, The Linux Foundation. All rights reserved.
#
#Redistribution and use in source and binary forms, with or without
#modification, are permitted provided that the following conditions are
@@ -37,7 +37,7 @@
allow hal_wifi_supplicant_default wpa_data_file:file create_file_perms;
# Permission for wpa socket which IMS use to communicate
# # Allow wpa_supplicant to send back wifi information to cnd
-allow hal_wifi_supplicant_default { vendor_cnd vendor_ims }:unix_dgram_socket sendto;
+allow hal_wifi_supplicant_default { vendor_cnd vendor_ims vendor_mutualex}:unix_dgram_socket sendto;
# # Allow wpa_supplicant to send back wifi information to vendor_location
allow hal_wifi_supplicant_default vendor_location:unix_dgram_socket sendto;
diff --git a/qva/vendor/common/file_contexts b/qva/vendor/common/file_contexts
index fd87c66..6586100 100644
--- a/qva/vendor/common/file_contexts
+++ b/qva/vendor/common/file_contexts
@@ -1,4 +1,4 @@
-# Copyright (c) 2018-2019, The Linux Foundation. All rights reserved.
+# Copyright (c) 2018-2020, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
@@ -53,8 +53,8 @@
/dev/socket/ssgtzd u:object_r:vendor_ssgtzd_socket:s0
/dev/socket/qdma(/.*)? u:object_r:vendor_qdma_socket:s0
/dev/socket/adpl_cmd_uds_file u:object_r:vendor_dataadpl_socket:s0
+/dev/socket/vendor_wpa_wlan[0-9] u:object_r:vendor_wifi_vendor_wpa_socket:s0
/dev/socket/wigig/wpa_wigig[0-9] u:object_r:vendor_wigig_vendor_wpa_socket:s0
-/dev/socket/wigig/vendor_wpa_wlan[0-9] u:object_r:vendor_wigig_vendor_wpa_socket:s0
/dev/socket/wigig/wigignpt u:object_r:vendor_wigignpt_socket:s0
/dev/socket/wigig/sensingdaemon u:object_r:vendor_sensingdaemon_socket:s0
@@ -115,6 +115,7 @@
/(vendor|system/vendor)/bin/sensingdaemon u:object_r:vendor_sensingdaemon_exec:s0
/vendor/bin/hw/android\.hardware\.usb\@1\.[0-2]-service-qti u:object_r:vendor_hal_usb_qti_exec:s0
/vendor/bin/vendor\.qti\.qspmhal@1\.0-service u:object_r:vendor_hal_qspmhal_default_exec:s0
+/(vendor|system/vendor)/bin/mutualex u:object_r:vendor_mutualex_exec:s0
#### Context for location features
diff --git a/qva/vendor/common/hal_wifi_hostapd.te b/qva/vendor/common/hal_wifi_hostapd.te
index 3d6bf37..1833e6d 100644
--- a/qva/vendor/common/hal_wifi_hostapd.te
+++ b/qva/vendor/common/hal_wifi_hostapd.te
@@ -1,4 +1,4 @@
-# Copyright (c) 2019, The Linux Foundation. All rights reserved.
+# Copyright (c) 2019-2020, The Linux Foundation. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
@@ -34,6 +34,8 @@
# Allow hostapd to connect to fstman using control socket
allow hal_wifi_hostapd_default vendor_fstman:unix_dgram_socket sendto;
+# Allow hostapd to connect to mutualex using control socket
+allow hal_wifi_hostapd_default vendor_mutualex:unix_dgram_socket sendto;
# wigig_hostapd has its own directory for sockets,
# in order to prevent conflicts with wifi hostapd
# allow wigig_hostapd to create the directory holding its control socket
diff --git a/qva/vendor/common/mutualex.te b/qva/vendor/common/mutualex.te
new file mode 100644
index 0000000..b725258
--- /dev/null
+++ b/qva/vendor/common/mutualex.te
@@ -0,0 +1,55 @@
+# Copyright (c) 2019-2020, The Linux Foundation. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# * Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# * Redistributions in binary form must reproduce the above
+# copyright notice, this list of conditions and the following
+# disclaimer in the documentation and/or other materials provided
+# with the distribution.
+# * Neither the name of The Linux Foundation nor the names of its
+# contributors may be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
+# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
+# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+type vendor_mutualex, domain;
+type vendor_mutualex_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(vendor_mutualex)
+
+allow vendor_mutualex vendor_mutualex:{
+ qipcrtr_socket
+ netlink_generic_socket
+}create_socket_perms_no_ioctl;
+
+hal_client_domain(vendor_mutualex,hal_wifi_hostapd)
+hal_client_domain(vendor_mutualex,hal_wifi_supplicant)
+
+# allow mutualex to access wpa_socket
+allow vendor_mutualex vendor_wifi_vendor_data_file:dir r_dir_perms;
+allow vendor_mutualex vendor_wifi_vendor_wpa_socket:sock_file write;
+
+#communicating with wpa supplicant for sending commands/listening to events
+unix_socket_send(vendor_mutualex, wpa, hal_wifi_supplicant)
+allow vendor_mutualex wpa_data_file:dir w_dir_perms;
+allow vendor_mutualex wpa_data_file:sock_file create_file_perms;
+
+#communicating with hostapd for sending commands/listening to events
+allow vendor_mutualex hostapd_data_file:dir rw_dir_perms;
+allow vendor_mutualex hostapd_data_file:sock_file create_file_perms;
+allow vendor_mutualex { hal_wifi_hostapd_default }:unix_dgram_socket sendto;
+
+wakelock_use(vendor_mutualex)
+