Address new system server denial. Allow system_server to unlink sockets created by the wpa supplicant. This will resolve the following denial seen across mutliple devices. avc: denied { unlink } for pid=584 comm="WifiStateMachin" name="wlan0" dev=mmcblk0p10 ino=138762 scontext=u:r:system_server:s0 tcontext=u:object_r:wpa_socket:s0 tclass=sock_file Change-Id: If3a8b1f270dfcd3dc6838eb8ac72e3d5004cc36d Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>

commit: c50bf17d4f4ae4615c9f189236f593db5ff21180 [log] [tgz]
author: Robert Craig <rpcraig@tycho.ncsc.mil> Wed Jan 08 08:15:04 2014 -0500
committer: Robert Craig <rpcraig@tycho.ncsc.mil> Thu Jan 09 18:07:47 2014 +0000
tree: 3f14a83277ff51f3f7f91ba257da087a7d4f67db
parent: 1dd3184ebcf9daab4e61e06c5437f786f76d237a [diff] [blame]
diff --git a/system_server.te b/system_server.te
index 09e6ec5..37d4cc6 100644
--- a/system_server.te
+++ b/system_server.te

@@ -174,6 +174,9 @@
 type_transition system_server wifi_data_file:sock_file system_wpa_socket;
 allow system_server system_wpa_socket:sock_file create_file_perms;
 
+# Remove sockets created by wpa_supplicant
+allow system_server wpa_socket:sock_file unlink;
+
 # Create a socket for connections from debuggerd.
 type_transition system_server system_data_file:sock_file system_ndebug_socket "ndebugsocket";
 allow system_server system_ndebug_socket:sock_file create_file_perms;
commit	c50bf17d4f4ae4615c9f189236f593db5ff21180	[log] [tgz]
author	Robert Craig <rpcraig@tycho.ncsc.mil>	Wed Jan 08 08:15:04 2014 -0500
committer	Robert Craig <rpcraig@tycho.ncsc.mil>	Thu Jan 09 18:07:47 2014 +0000
tree	3f14a83277ff51f3f7f91ba257da087a7d4f67db
parent	1dd3184ebcf9daab4e61e06c5437f786f76d237a [diff] [blame]