commit 38369c41c273d02547c47c6d32ee7cf2335d3ff2
author Roger Wang <wangroger@google.com> Mon Oct 21 13:19:30 2019 +0800
committer Roger Wang <wangroger@google.com> Mon Oct 21 13:22:16 2019 +0800
tree 1330875f4c741a37c91a74f0001807810cdc4308
parent accbf870df9dec26bdee103d844ec4d99d86c0c9

Allow wifi_sniffer to enable sniffer mode.

In this commit, we add necessary sepolicy rule for
wifi_sniffer. Including setup sniffer mode and up
wlan0 interface.

Bug: 141439795
Test: function works
Change-Id: I5c54805a7e7ab62ae89c06ba6ef335228d440af2

sepolicy/vendor/file.te

diff --git a/sepolicy/vendor/file.te b/sepolicy/vendor/file.te
index 8e8e364..f20ed1d 100644
--- a/sepolicy/vendor/file.te
+++ b/sepolicy/vendor/file.te
@@ -19,6 +19,7 @@
 type sysfs_usb_device, sysfs_type, fs_type;
 # b/70518189 vDSO experiments
 type sysfs_vdso, fs_type, sysfs_type;
+type sysfs_wifi_conmode, sysfs_type, fs_type;
 
 type debugfs_clk, debugfs_type, fs_type;
 type debugfs_ion, debugfs_type, fs_type;

sepolicy/vendor/file_contexts

diff --git a/sepolicy/vendor/file_contexts b/sepolicy/vendor/file_contexts
index ec88ae2..bbda583 100644
--- a/sepolicy/vendor/file_contexts
+++ b/sepolicy/vendor/file_contexts
@@ -181,6 +181,7 @@
 /vendor/bin/ramoops             u:object_r:ramoops_exec:s0
 /vendor/bin/init\.ramoops\.sh   u:object_r:ramoops_exec:s0
 /vendor/bin/init\.fingerprint\.sh                                    u:object_r:init-fingerprint_exec:s0
+/vendor/bin/wifi_sniffer                                             u:object_r:wifi_sniffer_exec:s0
 
 /vendor/bin/hw/android\.hardware\.bluetooth@1\.0-service-qti          u:object_r:hal_bluetooth_default_exec:s0
 /vendor/bin/hw/android\.hardware\.drm@1\.2-service\.clearkey          u:object_r:hal_drm_clearkey_exec:s0

sepolicy/vendor/genfs_contexts

diff --git a/sepolicy/vendor/genfs_contexts b/sepolicy/vendor/genfs_contexts
index 46b5aff..5be60d2 100644
--- a/sepolicy/vendor/genfs_contexts
+++ b/sepolicy/vendor/genfs_contexts
@@ -63,6 +63,7 @@
 genfscon sysfs /devices/soc/800f000.qcom,spmi/spmi-0/spmi0-02/800f000.qcom,spmi:qcom,pmi8998@2:qcom,qpnp-smb2/power_supply                     u:object_r:sysfs_batteryinfo:s0
 genfscon sysfs /bus/msm_subsys                                          u:object_r:sysfs_msm_subsys:s0
 genfscon sysfs /module/subsystem_restart                                u:object_r:sysfs_msm_subsys_restart:s0
+genfscon sysfs /module/wlan/parameters/con_mode                         u:object_r:sysfs_wifi_conmode:s0
 genfscon sysfs /kernel/boot_adsp/boot                                   u:object_r:sysfs_msm_subsys:s0
 genfscon sysfs /kernel/boot_slpi/boot                                   u:object_r:sysfs_msm_subsys:s0
 genfscon sysfs /kernel/wifi/wlan                                        u:object_r:sysfs_msm_wlan:s0

sepolicy/vendor/property.te

diff --git a/sepolicy/vendor/property.te b/sepolicy/vendor/property.te
index f6628b0..69e4cc3 100644
--- a/sepolicy/vendor/property.te
+++ b/sepolicy/vendor/property.te
@@ -25,6 +25,7 @@
 type vendor_charge_prop, property_type;
 type vendor_nfc_prop, property_type;
 type vendor_ramoops_prop, property_type;
+type vendor_wifi_sniffer_prop, property_type;
 
 # fingerprint
 type vendor_fingerprint_prop, property_type;

sepolicy/vendor/property_contexts

diff --git a/sepolicy/vendor/property_contexts b/sepolicy/vendor/property_contexts
index d9234aa..23a6239 100644
--- a/sepolicy/vendor/property_contexts
+++ b/sepolicy/vendor/property_contexts
@@ -229,3 +229,8 @@
 
 # vendor-init-settable
 ro.boot.vr                      u:object_r:exported2_system_prop:s0 exact bool
+
+# wifi_sniffer
+persist.vendor.wifi.sniffer.freq              u:object_r:vendor_wifi_sniffer_prop:s0
+persist.vendor.wifi.sniffer.bandwidth         u:object_r:vendor_wifi_sniffer_prop:s0
+vendor.wifi.sniffer.start                     u:object_r:vendor_wifi_sniffer_prop:s0

sepolicy/vendor/wifi_sniffer.te

diff --git a/sepolicy/vendor/wifi_sniffer.te b/sepolicy/vendor/wifi_sniffer.te
new file mode 100644
index 0000000..70cfa31
--- /dev/null
+++ b/sepolicy/vendor/wifi_sniffer.te
@@ -0,0 +1,20 @@
+type wifi_sniffer, domain;
+type wifi_sniffer_exec, exec_type, vendor_file_type, file_type;
+
+userdebug_or_eng(`
+  # make transition from init to its domain
+  init_daemon_domain(wifi_sniffer)
+  net_domain(wifi_sniffer)
+
+# configurate con mode
+  allow wifi_sniffer self:capability { net_admin net_raw };
+  allow wifi_sniffer sysfs_wifi_conmode:file rw_file_perms;
+
+# interface up
+  allowxperm wifi_sniffer self:udp_socket ioctl SIOCSIFFLAGS;
+  allow wifi_sniffer self:netlink_generic_socket create_socket_perms_no_ioctl;
+
+  get_prop(wifi_sniffer, vendor_wifi_sniffer_prop)
+
+  dontaudit wifi_sniffer debugfs_wlan:dir search;
+')