goldfish: enable iw_vendor and use it
BUG: 119665526
Test:
lunch sdk_phone_x86-user
make -j
emulator
wifi should work
Change-Id: I1b1c529fb00b8b64c2466d7fde52dc990c639a0e
Merged-In: I1b1c529fb00b8b64c2466d7fde52dc990c639a0e
diff --git a/sepolicy/common/file_contexts b/sepolicy/common/file_contexts
index a3f08ad..01f2c3a 100644
--- a/sepolicy/common/file_contexts
+++ b/sepolicy/common/file_contexts
@@ -23,6 +23,7 @@
/vendor/bin/createns u:object_r:createns_exec:s0
/vendor/bin/execns u:object_r:execns_exec:s0
/vendor/bin/ipv6proxy u:object_r:ipv6proxy_exec:s0
+/vendor/bin/iw u:object_r:goldfish_iw_exec:s0
/vendor/bin/dhcpclient u:object_r:dhcpclient_exec:s0
/vendor/bin/dhcpserver u:object_r:dhcpserver_exec:s0
/vendor/bin/hostapd_nohidl u:object_r:hostapd_nohidl_exec:s0
diff --git a/sepolicy/common/goldfish_iw.te b/sepolicy/common/goldfish_iw.te
new file mode 100644
index 0000000..734e9f6
--- /dev/null
+++ b/sepolicy/common/goldfish_iw.te
@@ -0,0 +1,6 @@
+type goldfish_iw, domain;
+type goldfish_iw_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(goldfish_iw)
+net_domain(goldfish_iw)
+
diff --git a/sepolicy/common/goldfish_setup.te b/sepolicy/common/goldfish_setup.te
index fac6847..a84a0dc 100644
--- a/sepolicy/common/goldfish_setup.te
+++ b/sepolicy/common/goldfish_setup.te
@@ -12,6 +12,8 @@
allowxperm goldfish_setup self:udp_socket ioctl priv_sock_ioctls;
wakelock_use(goldfish_setup);
allow goldfish_setup vendor_shell_exec:file { rx_file_perms };
+#============= goldfish_setup ==============
+allow goldfish_setup goldfish_iw_exec:file execute_no_trans;
# Set system properties to start services
set_prop(goldfish_setup, ctl_default_prop);
diff --git a/sepolicy/common/hostapd_nohidl.te b/sepolicy/common/hostapd_nohidl.te
index add648a..dad8b07 100644
--- a/sepolicy/common/hostapd_nohidl.te
+++ b/sepolicy/common/hostapd_nohidl.te
@@ -6,7 +6,11 @@
allow hostapd_nohidl execns:fd use;
-allow hostapd_nohidl self:capability { net_admin net_raw };
+allow hostapd_nohidl kernel:system module_request;
+
+allow hostapd_nohidl hostapd_data_file:file r_file_perms;
+allow hostapd_nohidl hostapd_data_file:dir r_dir_perms;
+allow hostapd_nohidl self:capability { net_admin net_raw setgid setuid };
allow hostapd_nohidl self:netlink_generic_socket { bind create getattr read setopt write };
allow hostapd_nohidl self:netlink_route_socket nlmsg_write;
allow hostapd_nohidl self:packet_socket { create setopt };
diff --git a/vendor.mk b/vendor.mk
index 08454f1..92d083a 100644
--- a/vendor.mk
+++ b/vendor.mk
@@ -62,6 +62,7 @@
android.hardware.wifi@1.0-service \
android.hardware.biometrics.fingerprint@2.1-service \
sh_vendor \
+ iw_vendor \
audio.r_submix.default \
local_time.default \
SdkSetup
diff --git a/wifi/init.wifi.sh b/wifi/init.wifi.sh
index 9c08654..0d6067b 100755
--- a/wifi/init.wifi.sh
+++ b/wifi/init.wifi.sh
@@ -72,7 +72,8 @@
# time. Keep this short so we don't slow down startup too much.
execns ${NAMESPACE} /system/bin/iptables -w -W 50000 -t nat -A POSTROUTING -s 192.168.232.0/21 -o eth0 -j MASQUERADE
execns ${NAMESPACE} /system/bin/iptables -w -W 50000 -t nat -A POSTROUTING -s 192.168.200.0/24 -o eth0 -j MASQUERADE
-/system/bin/iw phy phy1 set netns $PID
+/vendor/bin/iw phy phy1 set netns $PID
+
execns ${NAMESPACE} /system/bin/ip addr add 192.168.232.1/21 dev wlan1
execns ${NAMESPACE} /system/bin/ip link set wlan1 up
# Start the IPv6 proxy that will enable use of IPv6 in the main namespace
