Seandroid: Adding policy for WLAN.

Adding SEL policies for netd and hostapd.
These policies will allow the netd to bind to
the hostapd as monitor and listen to messages from the
hostapd.Also, these will allow the supplicant to access
the wpa_socket directory if it's created by netd.

CRs-Fixed: 756001
Change-Id: Ib2446898d721a78a5c6a434520f873c69cb65758

2 files changed, 12 insertions, 0 deletions

diff --git a/common/hostapd.te b/common/hostapd.te
index 09a24c21..54cec32d 100644
--- a/common/hostapd.te
+++ b/common/hostapd.te
@@ -42,3 +42,5 @@ allow hostapd cnd:{
 allow hostapd cnd:fifo_file r_file_perms;
 allow hostapd smem_log_device:chr_file rw_file_perms;
 allow hostapd fstman:unix_dgram_socket sendto;
+allow hostapd netd:unix_dgram_socket sendto;
+allow hostapd wpa_socket:sock_file write;
diff --git a/common/net.te b/common/net.te
index f8cacb12..fc39608c 100644
--- a/common/net.te
+++ b/common/net.te
@@ -3,3 +3,13 @@ unix_socket_connect(netdomain, cnd, cnd)
 
 # allow netdomain access to dpmd
 unix_socket_connect(netdomain, dpmwrapper, dpmd)
+
+allow netd self:capability fsetid;
+allow netd hostapd:unix_dgram_socket sendto;
+
+# Allow netd to chmod dir /data/misc/dhcp
+allow netd dhcp_data_file:dir create_dir_perms;
+
+type_transition netd wifi_data_file:dir wpa_socket "sockets";
+allow netd wpa_socket:dir create_dir_perms;
+allow netd wpa_socket:sock_file create_file_perms;