1# HwBinder IPC from client to server 2binder_call(hal_wifi_hostapd_client, hal_wifi_hostapd_server) 3binder_call(hal_wifi_hostapd_server, hal_wifi_hostapd_client) 4 5hal_attribute_hwservice(hal_wifi_hostapd, hal_wifi_hostapd_hwservice) 6hal_attribute_service(hal_wifi_hostapd, hal_wifi_hostapd_service) 7 8binder_use(hal_wifi_hostapd_server) 9 10allow hal_wifi_hostapd_server dumpstate:fifo_file write; 11 12allow hal_wifi_hostapd_server self:global_capability_class_set { net_admin net_raw }; 13 14allow hal_wifi_hostapd_server sysfs_net:dir search; 15 16# Allow hal_wifi_hostapd to access /proc/net/psched 17allow hal_wifi_hostapd_server proc_net_type:file { getattr open read }; 18 19# Various socket permissions. 20allowxperm hal_wifi_hostapd_server self:udp_socket ioctl priv_sock_ioctls; 21allow hal_wifi_hostapd_server self:netlink_socket create_socket_perms_no_ioctl; 22allow hal_wifi_hostapd_server self:netlink_generic_socket create_socket_perms_no_ioctl; 23allow hal_wifi_hostapd_server self:packet_socket create_socket_perms_no_ioctl; 24allow hal_wifi_hostapd_server self:netlink_route_socket nlmsg_write; 25 26### 27### neverallow rules 28### 29 30# hal_wifi_hostapd should not trust any data from sdcards 31neverallow hal_wifi_hostapd_server { sdcard_type fuse }:dir ~getattr; 32neverallow hal_wifi_hostapd_server { sdcard_type fuse }:file *; 33