From 128a674db9514a6420b2b703a4edc65aad2b5c06 Mon Sep 17 00:00:00 2001
From: Star Chang <starchang@google.com>
Date: Wed, 29 Jun 2022 02:07:32 +0000
Subject: wifi_sniffer: add tcpdump related sepolicy

Bug: 237465412
Test: wifi_sniffer is workable
Ignore-AOSP-First: internal review from here first
Change-Id: I308c2cc32d0a2726daeb2271fca95ebf49babd35
---
 wifi_sniffer/property_contexts |  3 +--
 wifi_sniffer/wifi_sniffer.te   | 14 +++++++++++++-
 2 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/wifi_sniffer/property_contexts b/wifi_sniffer/property_contexts
index 19f7e76..cb55d65 100644
--- a/wifi_sniffer/property_contexts
+++ b/wifi_sniffer/property_contexts
@@ -1,3 +1,2 @@
-persist.vendor.wifi.sniffer.freq                u:object_r:vendor_wifi_sniffer_prop:s0
-persist.vendor.wifi.sniffer.bandwidth           u:object_r:vendor_wifi_sniffer_prop:s0
+persist.vendor.wifi.sniffer.                    u:object_r:vendor_wifi_sniffer_prop:s0
 vendor.wifi.sniffer.start                       u:object_r:vendor_wifi_sniffer_prop:s0
diff --git a/wifi_sniffer/wifi_sniffer.te b/wifi_sniffer/wifi_sniffer.te
index 3c9ad62..977d6da 100644
--- a/wifi_sniffer/wifi_sniffer.te
+++ b/wifi_sniffer/wifi_sniffer.te
@@ -12,7 +12,19 @@ userdebug_or_eng(`
 
 # interface up
   allowxperm wifi_sniffer self:udp_socket ioctl SIOCSIFFLAGS;
-  allow wifi_sniffer self:netlink_generic_socket create_socket_perms_no_ioctl;
+  allow wifi_sniffer self:netlink_generic_socket create_socket_perms;
+  allowxperm wifi_sniffer self:netlink_generic_socket ioctl { 0x8910 0x8946 };
+
+# tcpdump
+  allow wifi_sniffer self:packet_socket create_socket_perms;
+  allowxperm wifi_sniffer self:packet_socket ioctl { 0x8933 0x8927 };
+  allow wifi_sniffer self:unix_dgram_socket ioctl;
+  allowxperm wifi_sniffer self:unix_dgram_socket ioctl 0x8946;
+  allow wifi_sniffer sysfs_net:dir search;
+  allow wifi_sniffer sysfs_net:file r_file_perms;
+  allow wifi_sniffer tcpdump_exec:file rx_file_perms;
+  allow wifi_sniffer wifi_logging_data_file:file create_file_perms;
+  allow wifi_sniffer wifi_logging_data_file:dir create_dir_perms;
 
   get_prop(wifi_sniffer, vendor_wifi_sniffer_prop)
 ')
-- 
cgit v1.2.3