non_plat: Label wfca binary and grant required permissions

Signed-off-by: Aayush Gupta <aayushgupta219@gmail.com> Change-Id: I22832543e458ad1e3cc597911b8af347c92ccda5
2021-01-02 14:14:55 +05:30 · 2021-01-02 14:14:55 +05:30 · a7d6f83b00
commit a7d6f83b00
parent 965100d2a9
3 changed files with 25 additions and 0 deletions
--- a/non_plat/file.te
+++ b/non_plat/file.te
@ -450,3 +450,4 @@ type vendor_teei_data_file, file_type, data_file_type;
 # IMS
 type volte_ua_socket, file_type;
 type volte_imcb_socket, file_type;
+type wfca_socket, file_type;
--- a/non_plat/file_contexts
+++ b/non_plat/file_contexts
@ -714,9 +714,11 @@
 # IMS
 /dev/socket/volte_ua(/.*)?             u:object_r:volte_ua_socket:s0
 /dev/socket/volte_imcb(/.*)?           u:object_r:volte_imcb_socket:s0
+/dev/socket/wfca(/.*)?         u:object_r:wfca_socket:s0
 /(system\/vendor|vendor)/bin/bip         u:object_r:bip_exec:s0
 /(system\/vendor|vendor)/bin/epdg_wod           u:object_r:epdg_wod_exec:s0
 /(system\/vendor|vendor)/bin/volte_imsm_93              u:object_r:volte_imsm_93_exec:s0
 /(system\/vendor|vendor)/bin/volte_md_status            u:object_r:volte_md_status_exec:s0
 /(system\/vendor|vendor)/bin/volte_ua           u:object_r:volte_ua_exec:s0
 /(system\/vendor|vendor)/bin/volte_imcb         u:object_r:volte_imcb_exec:s0
+/(system\/vendor|vendor)/bin/wfca                u:object_r:wfca_exec:s0
--- a/non_plat/wfca.te
+++ b/non_plat/wfca.te
@ -0,0 +1,22 @@
+type wfca, domain, netdomain, mtkimsmddomain;
+type wfca_exec, exec_type, file_type, vendor_file_type;
+
+init_daemon_domain(wfca)
+
+allow wfca wfca_socket:sock_file write;
+
+allow wfca self:capability2 block_suspend;
+allow wfca self:capability { setgid setuid net_admin net_raw };
+allow wfca self:udp_socket { ioctl read write create getattr bind setopt shutdown };
+allow wfca self:rawip_socket { read write create getattr bind setopt };
+allow wfca self:packet_socket { read create setopt };
+
+allow wfca socket_device:sock_file { write create unlink };
+allow wfca socket_device:dir { write add_name remove_name };
+
+allow wfca { node port }:{ udp_socket rawip_socket } node_bind;
+allow wfca fwmarkd_socket:sock_file write;
+allow wfca ccci_device:chr_file { ioctl read write open };
+allow wfca sysfs_wake_lock:file { read write open };
+
+dontaudit wfca self:capability dac_override;