| # wificond |
| type wificond, domain; |
| type wificond_exec, system_file_type, exec_type, file_type; |
| |
| binder_use(wificond) |
| binder_call(wificond, system_server) |
| binder_call(wificond, keystore) |
| |
| add_service(wificond, wifinl80211_service) |
| |
| # create sockets to set interfaces up and down |
| allow wificond self:udp_socket create_socket_perms; |
| # setting interface state up/down is a privileged ioctl |
| allowxperm wificond self:udp_socket ioctl { SIOCSIFFLAGS SIOCSIFHWADDR }; |
| allow wificond self:global_capability_class_set { net_admin net_raw }; |
| # allow wificond to speak to nl80211 in the kernel |
| allow wificond self:netlink_socket create_socket_perms_no_ioctl; |
| # newer kernels (e.g. 4.4 but not 4.1) have a new class for sockets |
| allow wificond self:netlink_generic_socket create_socket_perms_no_ioctl; |
| |
| r_dir_file(wificond, proc_net_type) |
| |
| # allow wificond to check permission for dumping logs |
| allow wificond permission_service:service_manager find; |
| |
| # dumpstate support |
| allow wificond dumpstate:fd use; |
| allow wificond dumpstate:fifo_file write; |
| |
| #### Offer the Wifi Keystore HwBinder service ### |
| hwbinder_use(wificond) |
| typeattribute wificond wifi_keystore_service_server; |
| add_hwservice(wificond, system_wifi_keystore_hwservice) |
| |
| # Allow keystore binder access to serve the HwBinder service. |
| allow wificond keystore_service:service_manager find; |
| allow wificond keystore:keystore_key get; |
| |
| # Allow keystore2 binder access to serve the HwBinder service. |
| allow wificond wifi_key:keystore2_key { |
| get_info |
| use |
| }; |