hal_wifi: Allow wifi hal to access /proc/debug
This is needed for fetching debug info from the wifi driver.
Denials:
03-10 19:16:58.207 452 452 W android.hardwar: type=1400
audit(0.0:319): avc: denied { read } for name="fwdump" dev="proc"
ino=4026547172 scontext=u:r:hal_wifi_default:s0
tcontext=u:object_r:proc:s0 tclass=file permissive=0
03-10 19:16:58.207 452 452 W android.hardwar: type=1400
audit(0.0:320): avc: denied { read } for name="driverdump" dev="proc"
ino=4026547174 scontext=u:r:hal_wifi_default:s0
tcontext=u:object_r:proc:s0 tclass=file permissive=0
03-10 19:16:58.209 452 452 I WifiHAL : handleResponse: Memory Dump
size: 327680
03-10 19:16:58.209 452 452 E WifiHAL : Failed to open
/proc/debug/fwdump file
03-10 19:16:58.209 452 452 V WifiHAL : Successfully removed event
handler for vendor 0x1374
03-10 19:16:58.210 452 452 E WifiHAL : Failed to open
/proc/debugdriver/driverdump file
BUG: 36126608
Test: Device boots up and the denials no longer seen.
Change-Id: I8a518536f449e11fcf3c28046c0dbd547063743e
diff --git a/sepolicy/file.te b/sepolicy/file.te
index b35cf9a..07d9cca 100644
--- a/sepolicy/file.te
+++ b/sepolicy/file.te
@@ -66,6 +66,7 @@
#type for proc files
type proc_irq, fs_type;
type proc_kernel_sched, fs_type;
+type proc_wifi_dbg, fs_type;
#type for nanoapp_cmd
type sysfs_nanoapp_cmd, sysfs_type, fs_type;
diff --git a/sepolicy/genfs_contexts b/sepolicy/genfs_contexts
index e09397b..cfbde95 100644
--- a/sepolicy/genfs_contexts
+++ b/sepolicy/genfs_contexts
@@ -7,3 +7,5 @@
genfscon proc /sys/kernel/sched_freq_dec_notify u:object_r:proc_kernel_sched:s0
genfscon proc /sys/kernel/sched_small_task u:object_r:proc_kernel_sched:s0
genfscon proc /sys/kernel/sched_boost u:object_r:proc_kernel_sched:s0
+genfscon proc /debug/fwdump u:object_r:proc_wifi_dbg:s0
+genfscon proc /debugdriver/driverdump u:object_r:proc_wifi_dbg:s0
diff --git a/sepolicy/hal_wifi.te b/sepolicy/hal_wifi.te
index 339379c..87e05d7 100644
--- a/sepolicy/hal_wifi.te
+++ b/sepolicy/hal_wifi.te
@@ -3,3 +3,6 @@
allow hal_wifi location_data_file:{ file fifo_file } create_file_perms;
allow hal_wifi location_data_file:dir rw_dir_perms;
allow hal_wifi location_data_file:sock_file create_file_perms;
+
+# Allow wifi hal to read debug info from the driver.
+r_dir_file(hal_wifi, proc_wifi_dbg)