| # Copyright (c) 2015,2017, The Linux Foundation. All rights reserved. |
| # |
| # Redistribution and use in source and binary forms, with or without |
| # modification, are permitted provided that the following conditions are |
| # met: |
| # * Redistributions of source code must retain the above copyright |
| # notice, this list of conditions and the following disclaimer. |
| # * Redistributions in binary form must reproduce the above |
| # copyright notice, this list of conditions and the following |
| # disclaimer in the documentation and/or other materials provided |
| # with the distribution. |
| # * Neither the name of The Linux Foundation nor the names of its |
| # contributors may be used to endorse or promote products derived |
| # from this software without specific prior written permission. |
| # |
| # THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED |
| # WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF |
| # MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT |
| # ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS |
| # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR |
| # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF |
| # SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR |
| # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, |
| # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE |
| # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN |
| # IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| |
| # Allow hostapd_cli to work. hostapd_cli creates a socket in |
| # /data/misc/wifi/sockets which hostapd communicates with. |
| # |
| |
| # userspace wifi access points |
| type hostapd, domain; |
| type hostapd_exec, exec_type, vendor_file_type, file_type; |
| |
| userdebug_or_eng(` |
| unix_socket_send(hostapd, wifi_vendor_wpa, su) |
| ') |
| |
| binder_call(hostapd, cnd) |
| unix_socket_connect(hostapd, cnd, cnd) |
| unix_socket_send(hostapd, cnd, cnd) |
| allow hostapd cnd:{ |
| fifo_file |
| netlink_route_socket |
| netlink_tcpdiag_socket |
| unix_stream_socket |
| unix_dgram_socket} { read write }; |
| allow hostapd cnd:fifo_file r_file_perms; |
| allow hostapd smem_log_device:chr_file rw_file_perms; |
| allow hostapd fstman:unix_dgram_socket sendto; |
| allow hostapd wifi_vendor_data_file:dir w_dir_perms; |
| allow hostapd wifi_vendor_data_file:file create_file_perms; |
| allow hostapd hostapd_data_file:dir w_dir_perms; |
| allow hostapd hostapd_data_file:sock_file create_file_perms; |
| # wigig_hostapd has its own directory for sockets, |
| # in order to prevent conflicts with wifi hostapd |
| # allow wigig_hostapd to create the directory holding its control socket |
| allow hostapd wigig_hostapd_socket:dir create_dir_perms; |
| # wigig_hostapd needs to create, bind to, read and write its control socket |
| allow hostapd wigig_hostapd_socket:sock_file create_file_perms; |
| # allow wigig_hostapd to send replies to wigighalsvc |
| allow hostapd wigighalsvc:unix_dgram_socket sendto; |
| # allow hostapd to attach to fstman socket |
| allow hostapd wifi_vendor_wpa_socket:dir r_dir_perms; |
| allow hostapd wifi_vendor_wpa_socket:sock_file rw_file_perms; |
| |
| #diag |
| userdebug_or_eng(` |
| diag_use(hostapd) |
| ') |