Allow wifi_sniffer to enable sniffer mode.
In this commit, we add necessary sepolicy rule for
wifi_sniffer. Including setup sniffer mode and up
wlan0 interface.
Bug: 141439795
Test: function works
Change-Id: Ia937309de0db960166370ac1cc0d4900d430c03f
diff --git a/vendor/qcom/common/file.te b/vendor/qcom/common/file.te
index e9ea07d..eb06150 100644
--- a/vendor/qcom/common/file.te
+++ b/vendor/qcom/common/file.te
@@ -29,6 +29,7 @@
type sysfs_rpm, sysfs_type, fs_type;
type sysfs_wlc, sysfs_type, fs_type;
type sysfs_esim, sysfs_type, fs_type;
+type sysfs_wifi_conmode, sysfs_type, fs_type;
type debugfs_clk, debugfs_type, fs_type;
type debugfs_ion, debugfs_type, fs_type;
@@ -103,7 +104,7 @@
type audio_vendor_data_file, file_type, data_file_type;
type modem_fdr_file, file_type, data_file_type;
type mediadrm_vendor_data_file, file_type, data_file_type;
-type tcpdump_vendor_data_file, file_type, data_file_type;
+type tcpdump_vendor_data_file, file_type, data_file_type, mlstrustedobject;
type data_qsee_file, file_type, data_file_type;
type vendor_tui_data_file, file_type, data_file_type;
type wifi_vendor_log_data_file, file_type, data_file_type;
diff --git a/vendor/qcom/common/file_contexts b/vendor/qcom/common/file_contexts
index 2729ce4..b0f72d9 100644
--- a/vendor/qcom/common/file_contexts
+++ b/vendor/qcom/common/file_contexts
@@ -129,6 +129,7 @@
/vendor/bin/ftmdaemon u:object_r:ftmd_exec:s0
/vendor/bin/hw/qcrild u:object_r:rild_exec:s0
/vendor/bin/mm-pp-dpps u:object_r:mm-pp-daemon_exec:s0
+/vendor/bin/wifi_sniffer u:object_r:wifi_sniffer_exec:s0
/vendor/bin/hw/android\.hardware\.confirmationui@1\.0-service-crosshatch u:object_r:hal_confirmationui_default_exec:s0
/vendor/bin/hw/android\.hardware\.drm@1\.2-service\.clearkey u:object_r:hal_drm_clearkey_exec:s0
diff --git a/vendor/qcom/common/genfs_contexts b/vendor/qcom/common/genfs_contexts
index 38c55c6..fb8fae8 100644
--- a/vendor/qcom/common/genfs_contexts
+++ b/vendor/qcom/common/genfs_contexts
@@ -99,6 +99,7 @@
genfscon sysfs /module/diagchar u:object_r:sysfs_diag:s0
genfscon sysfs /module/msm_poweroff u:object_r:sysfs_poweroff:s0
+genfscon sysfs /module/wlan/parameters/con_mode u:object_r:sysfs_wifi_conmode:s0
genfscon sysfs /class/gpio/export u:object_r:sysfs_gpio_export:s0
genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-00/c440000.qcom,spmi:qcom,pm8998@0:pinctrl@c000 u:object_r:sysfs_pinctrl:s0
diff --git a/vendor/qcom/common/logger_app.te b/vendor/qcom/common/logger_app.te
index 79de7e5..dd68926 100644
--- a/vendor/qcom/common/logger_app.te
+++ b/vendor/qcom/common/logger_app.te
@@ -16,10 +16,14 @@
allow logger_app cnss_vendor_data_file:dir create_dir_perms;
allow logger_app cnss_vendor_data_file:file create_file_perms;
+ allow logger_app tcpdump_vendor_data_file:dir create_dir_perms;
+ allow logger_app tcpdump_vendor_data_file:file create_file_perms;
+
set_prop(logger_app, vendor_cnss_diag_prop)
set_prop(logger_app, vendor_modem_diag_prop)
set_prop(logger_app, vendor_bluetooth_log_prop)
set_prop(logger_app, vendor_tcpdump_log_prop)
+ set_prop(logger_app, vendor_wifi_sniffer_prop)
get_prop(logger_app, vendor_usb_config_prop)
')
diff --git a/vendor/qcom/common/property.te b/vendor/qcom/common/property.te
index 120f2d8..0939221 100644
--- a/vendor/qcom/common/property.te
+++ b/vendor/qcom/common/property.te
@@ -28,6 +28,7 @@
type vendor_radio_sku_prop, property_type;
type vendor_tcpdump_log_prop, property_type;
type ctl_vendor_rmt_storage_prop, property_type;
+type vendor_wifi_sniffer_prop, property_type;
#imsrcsservice
type ctl_vendor_imsrcsservice_prop, property_type;
diff --git a/vendor/qcom/common/property_contexts b/vendor/qcom/common/property_contexts
index 3dc99bd..cc53d03 100644
--- a/vendor/qcom/common/property_contexts
+++ b/vendor/qcom/common/property_contexts
@@ -213,3 +213,8 @@
vendor.tcpdump.log.ondemand u:object_r:vendor_tcpdump_log_prop:s0
vendor.tcpdump.log.alwayson u:object_r:vendor_tcpdump_log_prop:s0
vendor.tcpdump.output.dir u:object_r:vendor_tcpdump_log_prop:s0
+
+# wifi_sniffer
+persist.vendor.wifi.sniffer.freq u:object_r:vendor_wifi_sniffer_prop:s0
+persist.vendor.wifi.sniffer.bandwidth u:object_r:vendor_wifi_sniffer_prop:s0
+vendor.wifi.sniffer.start u:object_r:vendor_wifi_sniffer_prop:s0
diff --git a/vendor/qcom/common/wifi_sniffer.te b/vendor/qcom/common/wifi_sniffer.te
new file mode 100644
index 0000000..70cfa31
--- /dev/null
+++ b/vendor/qcom/common/wifi_sniffer.te
@@ -0,0 +1,20 @@
+type wifi_sniffer, domain;
+type wifi_sniffer_exec, exec_type, vendor_file_type, file_type;
+
+userdebug_or_eng(`
+ # make transition from init to its domain
+ init_daemon_domain(wifi_sniffer)
+ net_domain(wifi_sniffer)
+
+# configurate con mode
+ allow wifi_sniffer self:capability { net_admin net_raw };
+ allow wifi_sniffer sysfs_wifi_conmode:file rw_file_perms;
+
+# interface up
+ allowxperm wifi_sniffer self:udp_socket ioctl SIOCSIFFLAGS;
+ allow wifi_sniffer self:netlink_generic_socket create_socket_perms_no_ioctl;
+
+ get_prop(wifi_sniffer, vendor_wifi_sniffer_prop)
+
+ dontaudit wifi_sniffer debugfs_wlan:dir search;
+')
