From 3245a49fdb8ec52ee331baf7f9226f3f8c772b9f Mon Sep 17 00:00:00 2001
From: Daniel Hillenbrand <codeworkx@cyanogenmod.org>
Date: Sun, 11 Aug 2013 18:24:34 +0200
Subject: p51xx: refine sepolicies

Change-Id: I76104fca535df81717c0a8b3878e59d86c602fb6
---
 BoardConfigCommon.mk       | 3 ++-
 rootdir/init.espresso10.rc | 1 +
 selinux/domain.te          | 3 ---
 selinux/file_contexts      | 3 ++-
 selinux/wpa_supplicant.te  | 2 ++
 5 files changed, 7 insertions(+), 5 deletions(-)
 create mode 100644 selinux/wpa_supplicant.te

diff --git a/BoardConfigCommon.mk b/BoardConfigCommon.mk
index 559aea9..89903d7 100644
--- a/BoardConfigCommon.mk
+++ b/BoardConfigCommon.mk
@@ -99,7 +99,8 @@ BOARD_SEPOLICY_UNION := \
     device.te \
     domain.te \
     pvrsrvinit.te \
-    rild.te
+    rild.te \
+    wpa_supplicant.te
 
 # Recovery
 TARGET_RECOVERY_INITRC := device/samsung/p5100/rootdir/recovery.rc
diff --git a/rootdir/init.espresso10.rc b/rootdir/init.espresso10.rc
index 900ec72..33c63d3 100755
--- a/rootdir/init.espresso10.rc
+++ b/rootdir/init.espresso10.rc
@@ -63,6 +63,7 @@ on fs
     restorecon /efs/FactoryApp/keystr
     restorecon /efs/FactoryApp/serial_no
     restorecon /efs/imei/mps_code.dat
+    restorecon /efs/wifi/.mac.info
 
 # pvr module
     insmod /system/lib/modules/pvrsrvkm_sgx540_120.ko
diff --git a/selinux/domain.te b/selinux/domain.te
index 7cf1def..ebb4d8b 100644
--- a/selinux/domain.te
+++ b/selinux/domain.te
@@ -1,8 +1,5 @@
 ## Pvrsrvinit
 allow domain powervr_device:chr_file rw_file_perms;
 
-## /dev/rfkill for wpa_supp
-allow wpa rfkill_device:chr_file rw_file_perms;
-
 ## Firmwares
 allow ueventd { firmware_ducati }:file r_file_perms;
diff --git a/selinux/file_contexts b/selinux/file_contexts
index a64887a..2c0d875 100644
--- a/selinux/file_contexts
+++ b/selinux/file_contexts
@@ -18,8 +18,9 @@
 # GPS
 /dev/ttyO0                                  u:object_r:gps_device:s0
 
-# for wpa_supp
+# Wifi
 /dev/rfkill                                 u:object_r:rfkill_device:s0
+/efs/wifi/.mac.info                         u:object_r:wifi_data_file:s0
 
 # System binaries
 /system/vendor/bin/pvrsrvinit               u:object_r:pvrsrvinit_exec:s0
diff --git a/selinux/wpa_supplicant.te b/selinux/wpa_supplicant.te
new file mode 100644
index 0000000..f93d624
--- /dev/null
+++ b/selinux/wpa_supplicant.te
@@ -0,0 +1,2 @@
+allow wpa_socket wifi_data_file:sock_file unlink;
+allow wpa rfkill_device:chr_file rw_file_perms;
-- 
cgit v1.1