Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 127395fc authored by Bjoern Johansson's avatar Bjoern Johansson
Browse files

Add support for WiFi in emulator 

Add required SELinux permissions to run services required for WiFi and
network namespaces. Add required executables and files required to run
WiFi services such as hostapd to create an access point and
wpa_supplicant to connect to it.

BUG: 74514143
Test: Build emulator image and manually verify WiFi functionality
Change-Id: I38461b878abcaae842b4656dea82792e23100174
(cherry picked from commit 21c5c3dcf91b1be71abe8618e2eb31529438e325)
(cherry picked from commit 68a36140f7a3a766b8adc16cd85c2f0c81bfb44b)
(cherry picked from commit e6dab593b8eebccb1e6311e626c8aca943ba6933)
parent 3972c880

target/board/generic/sepolicy/execns.te

0 → 100644
+20 −0
Original line number Diff line number Diff line 
# Network namespace transitions

type execns, domain, domain_deprecated;

type execns_exec, exec_type, file_type;



init_daemon_domain(execns)



allow execns varrun_file:dir search;

allow execns self:capability sys_admin;



#Allow execns itself to be run by init in its own domain

domain_auto_trans(init, execns_exec, execns);



# Allow hostapd to be run by execns in its own domain

domain_auto_trans(execns, hostapd_exec, hostapd);

allow hostapd execns:fd use;



# Allow dnsmasq to be run by execns in its own domain

domain_auto_trans(execns, dnsmasq_exec, dnsmasq);

allow dnsmasq execns:fd use;

target/board/generic/sepolicy/file.te

+2 −0
Original line number Diff line number Diff line 
type sysfs_writable, fs_type, sysfs_type, mlstrustedobject;

type varrun_file, file_type, data_file_type, mlstrustedobject;

type mediadrm_vendor_data_file, file_type, data_file_type;

target/board/generic/sepolicy/file_contexts

+3 −0
Original line number Diff line number Diff line
@@ -18,6 +18,8 @@ 
/vendor/bin/init\.ranchu-core\.sh u:object_r:goldfish_setup_exec:s0

/vendor/bin/init\.ranchu-net\.sh u:object_r:goldfish_setup_exec:s0

/vendor/bin/qemu-props       u:object_r:qemu_props_exec:s0

/system/bin/execns           u:object_r:execns_exec:s0

/system/bin/ipv6proxy        u:object_r:ipv6proxy_exec:s0



/vendor/bin/hw/android\.hardware\.drm@1\.0-service\.widevine          u:object_r:hal_drm_widevine_exec:s0
@@ -36,4 +38,5 @@ 


# data

/data/vendor/mediadrm(/.*)?            u:object_r:mediadrm_vendor_data_file:s0

/data/var/run(/.*)?                    u:object_r:varrun_file:s0

target/board/generic/sepolicy/goldfish_setup.te

+12 −0
Original line number Diff line number Diff line
@@ -11,3 +11,15 @@ allow goldfish_setup vendor_toolbox_exec:file execute_no_trans; 
allowxperm goldfish_setup self:udp_socket ioctl priv_sock_ioctls;

wakelock_use(goldfish_setup);

allow goldfish_setup vendor_shell_exec:file { rx_file_perms };



# Set system properties to start services

set_prop(goldfish_setup, ctl_default_prop);



# Set up WiFi

allow goldfish_setup self:netlink_route_socket nlmsg_write;

allow goldfish_setup self:netlink_socket create_socket_perms;

allow goldfish_setup self:capability { sys_module sys_admin };

allow goldfish_setup varrun_file:dir { mounton write add_name search remove_name };

allow goldfish_setup varrun_file:file { mounton getattr create read write open unlink };

allow goldfish_setup execns_exec:file rx_file_perms;

allow goldfish_setup proc_net:file w_file_perms;

target/board/generic/sepolicy/ipv6proxy.te

0 → 100644
+15 −0
Original line number Diff line number Diff line 
# IPv6 proxying

type ipv6proxy, domain, domain_deprecated;

type ipv6proxy_exec, exec_type, file_type;



init_daemon_domain(ipv6proxy)

net_domain(ipv6proxy)



# Allow ipv6proxy to be run by execns in its own domain

domain_auto_trans(execns, ipv6proxy_exec, ipv6proxy);

allow ipv6proxy execns:fd use;



allow ipv6proxy self:capability { sys_admin sys_module net_admin net_raw };

allow ipv6proxy self:packet_socket { bind create read };

allow ipv6proxy self:netlink_route_socket nlmsg_write;

allow ipv6proxy varrun_file:dir search;