1# HwBinder IPC from client to server
2binder_call(hal_wifi_hostapd_client, hal_wifi_hostapd_server)
3binder_call(hal_wifi_hostapd_server, hal_wifi_hostapd_client)
4
5hal_attribute_hwservice(hal_wifi_hostapd, hal_wifi_hostapd_hwservice)
6hal_attribute_service(hal_wifi_hostapd, hal_wifi_hostapd_service)
7
8binder_use(hal_wifi_hostapd_server)
9
10allow hal_wifi_hostapd_server dumpstate:fifo_file write;
11
12allow hal_wifi_hostapd_server self:global_capability_class_set { net_admin net_raw };
13
14allow hal_wifi_hostapd_server sysfs_net:dir search;
15
16# Allow hal_wifi_hostapd to access /proc/net/psched
17allow hal_wifi_hostapd_server proc_net_type:file { getattr open read };
18
19# Various socket permissions.
20allowxperm hal_wifi_hostapd_server self:udp_socket ioctl priv_sock_ioctls;
21allow hal_wifi_hostapd_server self:netlink_socket create_socket_perms_no_ioctl;
22allow hal_wifi_hostapd_server self:netlink_generic_socket create_socket_perms_no_ioctl;
23allow hal_wifi_hostapd_server self:packet_socket create_socket_perms_no_ioctl;
24allow hal_wifi_hostapd_server self:netlink_route_socket nlmsg_write;
25
26###
27### neverallow rules
28###
29
30# hal_wifi_hostapd should not trust any data from sdcards
31neverallow hal_wifi_hostapd_server { sdcard_type fuse }:dir ~getattr;
32neverallow hal_wifi_hostapd_server { sdcard_type fuse }:file *;
33