1*e4a36f41SAndroid Build Coastguard Workertype wifi_mainline_supplicant, domain, coredomain; 2*e4a36f41SAndroid Build Coastguard Workertype wifi_mainline_supplicant_exec, system_file_type, exec_type, file_type; 3*e4a36f41SAndroid Build Coastguard Worker 4*e4a36f41SAndroid Build Coastguard Workerbinder_use(wifi_mainline_supplicant) 5*e4a36f41SAndroid Build Coastguard Workerinit_daemon_domain(wifi_mainline_supplicant) 6*e4a36f41SAndroid Build Coastguard Workeradd_service(wifi_mainline_supplicant, wifi_mainline_supplicant_service) 7*e4a36f41SAndroid Build Coastguard Worker 8*e4a36f41SAndroid Build Coastguard Workerallow wifi_mainline_supplicant self:global_capability_class_set { setuid setgid net_admin net_raw }; 9*e4a36f41SAndroid Build Coastguard Workerallow wifi_mainline_supplicant proc_net:file rw_file_perms; 10*e4a36f41SAndroid Build Coastguard Workerallow wifi_mainline_supplicant sysfs_net:dir search; 11*e4a36f41SAndroid Build Coastguard Worker 12*e4a36f41SAndroid Build Coastguard Worker# Allow limited access to the parent directory /data/misc/wifi/ 13*e4a36f41SAndroid Build Coastguard Workerallow wifi_mainline_supplicant wifi_data_file:dir { getattr search }; 14*e4a36f41SAndroid Build Coastguard Worker 15*e4a36f41SAndroid Build Coastguard Worker# Create temporary socket files in /data/misc/wifi/mainline_supplicant/sockets 16*e4a36f41SAndroid Build Coastguard Workerallow wifi_mainline_supplicant mainline_supplicant_data_file:dir create_dir_perms; 17*e4a36f41SAndroid Build Coastguard Workerallow wifi_mainline_supplicant mainline_supplicant_data_file:file create_file_perms; 18*e4a36f41SAndroid Build Coastguard Workerallow wifi_mainline_supplicant mainline_supplicant_data_file:sock_file { create write setattr unlink }; 19*e4a36f41SAndroid Build Coastguard Worker 20*e4a36f41SAndroid Build Coastguard Worker# UDP sockets 21*e4a36f41SAndroid Build Coastguard Workerallow wifi_mainline_supplicant self:udp_socket create_socket_perms; 22*e4a36f41SAndroid Build Coastguard Workerallowxperm wifi_mainline_supplicant self:udp_socket ioctl { priv_sock_ioctls SIOCSIFFLAGS SIOCSIFHWADDR }; 23*e4a36f41SAndroid Build Coastguard Worker 24*e4a36f41SAndroid Build Coastguard Worker# Packet sockets 25*e4a36f41SAndroid Build Coastguard Workerallow wifi_mainline_supplicant self:packet_socket create_socket_perms; 26*e4a36f41SAndroid Build Coastguard Workerallowxperm wifi_mainline_supplicant self:packet_socket ioctl { unpriv_sock_ioctls priv_sock_ioctls unpriv_tty_ioctls }; 27*e4a36f41SAndroid Build Coastguard Worker 28*e4a36f41SAndroid Build Coastguard Worker# Netlink sockets 29*e4a36f41SAndroid Build Coastguard Workerallow wifi_mainline_supplicant self:netlink_route_socket { bind create read write nlmsg_readpriv nlmsg_write }; 30*e4a36f41SAndroid Build Coastguard Workerallow wifi_mainline_supplicant self:netlink_socket create_socket_perms_no_ioctl; 31*e4a36f41SAndroid Build Coastguard Workerallow wifi_mainline_supplicant self:netlink_generic_socket create_socket_perms_no_ioctl; 32