| Stephen Smalley | 2dd4e51 | 2012-01-04 12:33:27 -0500 | [diff] [blame] | 1 | # wpa - wpa supplicant or equivalent |
| 2 | type wpa, domain; |
| 3 | type wpa_exec, exec_type, file_type; |
| 4 | |
| 5 | init_daemon_domain(wpa) |
| Stephen Smalley | b1cb320 | 2013-10-29 14:42:41 -0400 | [diff] [blame] | 6 | allow wpa kernel:system module_request; |
| 7 | allow wpa self:capability { setuid net_admin setgid net_raw }; |
| 8 | allow wpa cgroup:dir create_dir_perms; |
| 9 | allow wpa self:netlink_route_socket *; |
| 10 | allow wpa self:netlink_socket *; |
| 11 | allow wpa self:packet_socket *; |
| 12 | allow wpa self:udp_socket *; |
| 13 | allow wpa wifi_data_file:dir create_dir_perms; |
| 14 | allow wpa wifi_data_file:file create_file_perms; |
| 15 | unix_socket_send(wpa, system_wpa, system_server) |
| 16 | allow wpa random_device:chr_file r_file_perms; |
| 17 | |
| 18 | # Create a socket for receiving info from wpa |
| Stephen Smalley | 7ade68d | 2014-02-21 11:28:20 -0500 | [diff] [blame] | 19 | type_transition wpa wifi_data_file:dir wpa_socket "sockets"; |
| 20 | allow wpa wpa_socket:dir create_dir_perms; |
| Stephen Smalley | b1cb320 | 2013-10-29 14:42:41 -0400 | [diff] [blame] | 21 | allow wpa wpa_socket:sock_file create_file_perms; |
| Nick Kralevich | ba1a731 | 2014-01-24 15:46:27 -0800 | [diff] [blame] | 22 | |
| 23 | # Allow wpa_cli to work. wpa_cli creates a socket in |
| 24 | # /data/misc/wifi/sockets which wpa supplicant communicates with. |
| 25 | userdebug_or_eng(` |
| 26 | unix_socket_send(wpa, wpa, su) |
| 27 | ') |