commit e1a350a0351050d89ad9c384d6787044b547e775
author Treehugger Robot <treehugger-gerrit@google.com> Wed Mar 22 20:17:08 2017 +0000
committer Gerrit Code Review <noreply-gerritcodereview@google.com> Wed Mar 22 20:17:09 2017 +0000
tree bc5317ed2da0e6f23e52640c4eb05b4c1919d82f
parent cc45b87cfa33369ec04d5f9b85c95469ff21054b
parent f27e8f09c274932c082e5ff2269df68dd47025c5

Merge "wpa_supplicant: Remove unnecessary permissions from system_server"

private/system_server.te

diff --git a/private/system_server.te b/private/system_server.te
index 6029243..7361307 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -14,10 +14,6 @@
 
 allow system_server zygote_tmpfs:file read;
 
-# Create a socket for receiving info from wpa.
-type_transition system_server wifi_data_file:sock_file system_wpa_socket;
-type_transition system_server wpa_socket:sock_file system_wpa_socket;
-
 # For art.
 allow system_server dalvikcache_data_file:dir r_dir_perms;
 allow system_server dalvikcache_data_file:file { r_file_perms execute };
@@ -151,8 +147,6 @@
 unix_socket_connect(system_server, webview_zygote, webview_zygote)
 unix_socket_connect(system_server, zygote, zygote)
 unix_socket_connect(system_server, racoon, racoon)
-# TODO(b/35707797): Remove this socket access.
-unix_socket_send(system_server, wpa, hal_wifi_supplicant_server)
 unix_socket_connect(system_server, uncrypt, uncrypt)
 
 # Communicate over a socket created by surfaceflinger.
@@ -423,13 +417,6 @@
 # Read/write the property which keeps track of whether this is the first start of system_server
 set_prop(system_server, firstboot_prop)
 
-# Create a socket for receiving info from wpa.
-allow system_server wpa_socket:dir rw_dir_perms;
-allow system_server system_wpa_socket:sock_file create_file_perms;
-
-# Remove sockets created by wpa_supplicant
-allow system_server wpa_socket:sock_file unlink;
-
 # Create a socket for connections from debuggerd.
 allow system_server system_ndebug_socket:sock_file create_file_perms;
 

public/hal_wifi_supplicant.te

diff --git a/public/hal_wifi_supplicant.te b/public/hal_wifi_supplicant.te
index 8d2c0ea..ed10f8d 100644
--- a/public/hal_wifi_supplicant.te
+++ b/public/hal_wifi_supplicant.te
@@ -18,12 +18,6 @@
 allowxperm hal_wifi_supplicant self:packet_socket ioctl { unpriv_sock_ioctls priv_sock_ioctls unpriv_tty_ioctls };
 allow hal_wifi_supplicant wifi_data_file:dir create_dir_perms;
 allow hal_wifi_supplicant wifi_data_file:file create_file_perms;
-# TODO(b/35707797): Remove this socket access.
-unix_socket_send(hal_wifi_supplicant, system_wpa, system_server)
-
-# HIDL interface exposed by WPA.
-hwbinder_use(hal_wifi_supplicant)
-binder_call(hal_wifi_supplicant, system_server)
 
 # Create a socket for receiving info from wpa
 allow hal_wifi_supplicant wpa_socket:dir create_dir_perms;