Merge "wpa_supplicant: Remove unnecessary permissions from system_server"
diff --git a/private/system_server.te b/private/system_server.te
index 6029243..7361307 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -14,10 +14,6 @@
allow system_server zygote_tmpfs:file read;
-# Create a socket for receiving info from wpa.
-type_transition system_server wifi_data_file:sock_file system_wpa_socket;
-type_transition system_server wpa_socket:sock_file system_wpa_socket;
-
# For art.
allow system_server dalvikcache_data_file:dir r_dir_perms;
allow system_server dalvikcache_data_file:file { r_file_perms execute };
@@ -151,8 +147,6 @@
unix_socket_connect(system_server, webview_zygote, webview_zygote)
unix_socket_connect(system_server, zygote, zygote)
unix_socket_connect(system_server, racoon, racoon)
-# TODO(b/35707797): Remove this socket access.
-unix_socket_send(system_server, wpa, hal_wifi_supplicant_server)
unix_socket_connect(system_server, uncrypt, uncrypt)
# Communicate over a socket created by surfaceflinger.
@@ -423,13 +417,6 @@
# Read/write the property which keeps track of whether this is the first start of system_server
set_prop(system_server, firstboot_prop)
-# Create a socket for receiving info from wpa.
-allow system_server wpa_socket:dir rw_dir_perms;
-allow system_server system_wpa_socket:sock_file create_file_perms;
-
-# Remove sockets created by wpa_supplicant
-allow system_server wpa_socket:sock_file unlink;
-
# Create a socket for connections from debuggerd.
allow system_server system_ndebug_socket:sock_file create_file_perms;
diff --git a/public/hal_wifi_supplicant.te b/public/hal_wifi_supplicant.te
index 8d2c0ea..ed10f8d 100644
--- a/public/hal_wifi_supplicant.te
+++ b/public/hal_wifi_supplicant.te
@@ -18,12 +18,6 @@
allowxperm hal_wifi_supplicant self:packet_socket ioctl { unpriv_sock_ioctls priv_sock_ioctls unpriv_tty_ioctls };
allow hal_wifi_supplicant wifi_data_file:dir create_dir_perms;
allow hal_wifi_supplicant wifi_data_file:file create_file_perms;
-# TODO(b/35707797): Remove this socket access.
-unix_socket_send(hal_wifi_supplicant, system_wpa, system_server)
-
-# HIDL interface exposed by WPA.
-hwbinder_use(hal_wifi_supplicant)
-binder_call(hal_wifi_supplicant, system_server)
# Create a socket for receiving info from wpa
allow hal_wifi_supplicant wpa_socket:dir create_dir_perms;