SELinux: Allow hostapd to read wifi data files under /persist.

Addresses the following denials: avc: denied { search } for pid=9143 comm="hostapd" name="wifi" dev="mmcblk0p16" ino=12 scontext=u:r:hostapd:s0 tcontext=u:object_r:persist_wifi_file:s0 tclass=dir avc: denied { getattr } for pid=9143 comm="hostapd" path="/persist/wifi/.macaddr" dev="mmcblk0p16" ino=19 scontext=u:r:hostapd:s0 tcontext=u:object_r:persist_wifi_file:s0 tclass=file avc: denied { read } for pid=9143 comm="hostapd" name=".macaddr" dev="mmcblk0p16" ino=19 scontext=u:r:hostapd:s0 tcontext=u:object_r:persist_wifi_file:s0 tclass=file avc: denied { open } for pid=9143 comm="hostapd" name=".macaddr" dev="mmcblk0p16" ino=19 scontext=u:r:hostapd:s0 tcontext=u:object_r:persist_wifi_file:s0 tclass=file Change-Id: I090446b7b330fbeccf828a01bc539d10d51d51ca Signed-off-by: rpcraig <[email protected]>
CyanogenMod · Mar 6, 2014 · 8ddba72 · 8ddba72
1 parent 5d4c283
commit 8ddba72
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 0 deletions.
diff --git a/BoardConfig.mk b/BoardConfig.mk
@@ -106,6 +106,7 @@ BOARD_SEPOLICY_UNION += \
        device.te \
        domain.te \
        file.te \
+       hostapd.te \
        irsc_util.te \
        mediaserver.te \
        mpdecision.te \

diff --git a/sepolicy/hostapd.te b/sepolicy/hostapd.te
@@ -0,0 +1,3 @@
+# Reading from /persist/wifi/.macaddr
+allow hostapd persist_file:dir r_dir_perms;
+r_dir_file(hostapd, persist_wifi_file)