From 98da724c364ae671edd7ba6b8e4965942cd20407 Mon Sep 17 00:00:00 2001
From: Roshan Pius <rpius@google.com>
Date: Mon, 13 Mar 2017 13:01:17 -0700
Subject: [PATCH] hal_wifi: Allow wifi hal to access /proc/debug

This is needed for fetching debug info from the wifi driver.

Denials:
03-10 19:16:58.207   452   452 W android.hardwar: type=1400
audit(0.0:319): avc: denied { read } for name="fwdump" dev="proc"
ino=4026547172 scontext=u:r:hal_wifi_default:s0
tcontext=u:object_r:proc:s0 tclass=file permissive=0
03-10 19:16:58.207   452   452 W android.hardwar: type=1400
audit(0.0:320): avc: denied { read } for name="driverdump" dev="proc"
ino=4026547174 scontext=u:r:hal_wifi_default:s0
tcontext=u:object_r:proc:s0 tclass=file permissive=0

03-10 19:16:58.209   452   452 I WifiHAL : handleResponse: Memory Dump
size: 327680
03-10 19:16:58.209   452   452 E WifiHAL : Failed to open
/proc/debug/fwdump file
03-10 19:16:58.209   452   452 V WifiHAL : Successfully removed event
handler for vendor 0x1374
03-10 19:16:58.210   452   452 E WifiHAL : Failed to open
/proc/debugdriver/driverdump file

BUG: 36126608
Test: Device boots up and the denials no longer seen.
Change-Id: Id3789f4ceeb90c36df14989e6d5d9dc09f9bf558
---
 sepolicy/file.te        | 3 +++
 sepolicy/genfs_contexts | 2 ++
 sepolicy/hal_wifi.te    | 3 +++
 3 files changed, 8 insertions(+)
 create mode 100644 sepolicy/genfs_contexts

diff --git a/sepolicy/file.te b/sepolicy/file.te
index f93a8993..0e6c344f 100644
--- a/sepolicy/file.te
+++ b/sepolicy/file.te
@@ -9,6 +9,9 @@ type sysfs_msm_subsys_restart, sysfs_type, fs_type;
 
 type debugfs_rmt_storage, debugfs_type, fs_type;
 
+# /proc
+type proc_wifi_dbg, fs_type;
+
 type qmuxd_socket, file_type;
 type netmgrd_socket, file_type;
 type thermal_socket, file_type;
diff --git a/sepolicy/genfs_contexts b/sepolicy/genfs_contexts
new file mode 100644
index 00000000..d578ece2
--- /dev/null
+++ b/sepolicy/genfs_contexts
@@ -0,0 +1,2 @@
+genfscon proc /debug/fwdump                           u:object_r:proc_wifi_dbg:s0
+genfscon proc /debugdriver/driverdump                 u:object_r:proc_wifi_dbg:s0
diff --git a/sepolicy/hal_wifi.te b/sepolicy/hal_wifi.te
index 3a2fa5ee..bd7ebc1a 100644
--- a/sepolicy/hal_wifi.te
+++ b/sepolicy/hal_wifi.te
@@ -5,3 +5,6 @@ allow hal_wifi location_data_file:sock_file write;
 # write to files owned by location daemon
 allow hal_wifi location_data_file:dir create_dir_perms;
 allow hal_wifi location_data_file:{ file fifo_file } create_file_perms;
+
+# Allow wifi hal to read debug info from the driver.
+r_dir_file(hal_wifi, proc_wifi_dbg)