Allow wifi_sniffer to enable sniffer mode.
In this commit, we add necessary sepolicy rule for
wifi_sniffer. Including setup sniffer mode and up
wlan0 interface.
Bug: 141439795
Test: function works
Change-Id: I5c54805a7e7ab62ae89c06ba6ef335228d440af2
diff --git a/sepolicy/vendor/file.te b/sepolicy/vendor/file.te
index 8e8e364..f20ed1d 100644
--- a/sepolicy/vendor/file.te
+++ b/sepolicy/vendor/file.te
@@ -19,6 +19,7 @@
type sysfs_usb_device, sysfs_type, fs_type;
# b/70518189 vDSO experiments
type sysfs_vdso, fs_type, sysfs_type;
+type sysfs_wifi_conmode, sysfs_type, fs_type;
type debugfs_clk, debugfs_type, fs_type;
type debugfs_ion, debugfs_type, fs_type;
diff --git a/sepolicy/vendor/file_contexts b/sepolicy/vendor/file_contexts
index ec88ae2..bbda583 100644
--- a/sepolicy/vendor/file_contexts
+++ b/sepolicy/vendor/file_contexts
@@ -181,6 +181,7 @@
/vendor/bin/ramoops u:object_r:ramoops_exec:s0
/vendor/bin/init\.ramoops\.sh u:object_r:ramoops_exec:s0
/vendor/bin/init\.fingerprint\.sh u:object_r:init-fingerprint_exec:s0
+/vendor/bin/wifi_sniffer u:object_r:wifi_sniffer_exec:s0
/vendor/bin/hw/android\.hardware\.bluetooth@1\.0-service-qti u:object_r:hal_bluetooth_default_exec:s0
/vendor/bin/hw/android\.hardware\.drm@1\.2-service\.clearkey u:object_r:hal_drm_clearkey_exec:s0
diff --git a/sepolicy/vendor/genfs_contexts b/sepolicy/vendor/genfs_contexts
index 46b5aff..5be60d2 100644
--- a/sepolicy/vendor/genfs_contexts
+++ b/sepolicy/vendor/genfs_contexts
@@ -63,6 +63,7 @@
genfscon sysfs /devices/soc/800f000.qcom,spmi/spmi-0/spmi0-02/800f000.qcom,spmi:qcom,pmi8998@2:qcom,qpnp-smb2/power_supply u:object_r:sysfs_batteryinfo:s0
genfscon sysfs /bus/msm_subsys u:object_r:sysfs_msm_subsys:s0
genfscon sysfs /module/subsystem_restart u:object_r:sysfs_msm_subsys_restart:s0
+genfscon sysfs /module/wlan/parameters/con_mode u:object_r:sysfs_wifi_conmode:s0
genfscon sysfs /kernel/boot_adsp/boot u:object_r:sysfs_msm_subsys:s0
genfscon sysfs /kernel/boot_slpi/boot u:object_r:sysfs_msm_subsys:s0
genfscon sysfs /kernel/wifi/wlan u:object_r:sysfs_msm_wlan:s0
diff --git a/sepolicy/vendor/property.te b/sepolicy/vendor/property.te
index f6628b0..69e4cc3 100644
--- a/sepolicy/vendor/property.te
+++ b/sepolicy/vendor/property.te
@@ -25,6 +25,7 @@
type vendor_charge_prop, property_type;
type vendor_nfc_prop, property_type;
type vendor_ramoops_prop, property_type;
+type vendor_wifi_sniffer_prop, property_type;
# fingerprint
type vendor_fingerprint_prop, property_type;
diff --git a/sepolicy/vendor/property_contexts b/sepolicy/vendor/property_contexts
index d9234aa..23a6239 100644
--- a/sepolicy/vendor/property_contexts
+++ b/sepolicy/vendor/property_contexts
@@ -229,3 +229,8 @@
# vendor-init-settable
ro.boot.vr u:object_r:exported2_system_prop:s0 exact bool
+
+# wifi_sniffer
+persist.vendor.wifi.sniffer.freq u:object_r:vendor_wifi_sniffer_prop:s0
+persist.vendor.wifi.sniffer.bandwidth u:object_r:vendor_wifi_sniffer_prop:s0
+vendor.wifi.sniffer.start u:object_r:vendor_wifi_sniffer_prop:s0
diff --git a/sepolicy/vendor/wifi_sniffer.te b/sepolicy/vendor/wifi_sniffer.te
new file mode 100644
index 0000000..70cfa31
--- /dev/null
+++ b/sepolicy/vendor/wifi_sniffer.te
@@ -0,0 +1,20 @@
+type wifi_sniffer, domain;
+type wifi_sniffer_exec, exec_type, vendor_file_type, file_type;
+
+userdebug_or_eng(`
+ # make transition from init to its domain
+ init_daemon_domain(wifi_sniffer)
+ net_domain(wifi_sniffer)
+
+# configurate con mode
+ allow wifi_sniffer self:capability { net_admin net_raw };
+ allow wifi_sniffer sysfs_wifi_conmode:file rw_file_perms;
+
+# interface up
+ allowxperm wifi_sniffer self:udp_socket ioctl SIOCSIFFLAGS;
+ allow wifi_sniffer self:netlink_generic_socket create_socket_perms_no_ioctl;
+
+ get_prop(wifi_sniffer, vendor_wifi_sniffer_prop)
+
+ dontaudit wifi_sniffer debugfs_wlan:dir search;
+')