From 127395fc8fefcb67ce3b2957db1cccfc7d7ab099 Mon Sep 17 00:00:00 2001
From: Bjoern Johansson <bjoernj@google.com>
Date: Thu, 9 Feb 2017 22:28:47 -0800
Subject: [PATCH] Add support for WiFi in emulator

Add required SELinux permissions to run services required for WiFi and
network namespaces. Add required executables and files required to run
WiFi services such as hostapd to create an access point and
wpa_supplicant to connect to it.

BUG: 74514143
Test: Build emulator image and manually verify WiFi functionality
Change-Id: I38461b878abcaae842b4656dea82792e23100174
(cherry picked from commit 21c5c3dcf91b1be71abe8618e2eb31529438e325)
(cherry picked from commit 68a36140f7a3a766b8adc16cd85c2f0c81bfb44b)
(cherry picked from commit e6dab593b8eebccb1e6311e626c8aca943ba6933)
---
 target/board/generic/sepolicy/execns.te       | 20 +++++++++++++++++++
 target/board/generic/sepolicy/file.te         |  2 ++
 target/board/generic/sepolicy/file_contexts   |  3 +++
 .../board/generic/sepolicy/goldfish_setup.te  | 12 +++++++++++
 target/board/generic/sepolicy/ipv6proxy.te    | 15 ++++++++++++++
 target/board/generic_x86/BoardConfig.mk       | 11 ++++++++++
 target/product/emulator.mk                    | 12 +++++++++++
 target/product/sdk_base.mk                    |  2 +-
 8 files changed, 76 insertions(+), 1 deletion(-)
 create mode 100644 target/board/generic/sepolicy/execns.te
 create mode 100644 target/board/generic/sepolicy/ipv6proxy.te

diff --git a/target/board/generic/sepolicy/execns.te b/target/board/generic/sepolicy/execns.te
new file mode 100644
index 0000000000..af8fd887d8
--- /dev/null
+++ b/target/board/generic/sepolicy/execns.te
@@ -0,0 +1,20 @@
+# Network namespace transitions
+type execns, domain, domain_deprecated;
+type execns_exec, exec_type, file_type;
+
+init_daemon_domain(execns)
+
+allow execns varrun_file:dir search;
+allow execns self:capability sys_admin;
+
+#Allow execns itself to be run by init in its own domain
+domain_auto_trans(init, execns_exec, execns);
+
+# Allow hostapd to be run by execns in its own domain
+domain_auto_trans(execns, hostapd_exec, hostapd);
+allow hostapd execns:fd use;
+
+# Allow dnsmasq to be run by execns in its own domain
+domain_auto_trans(execns, dnsmasq_exec, dnsmasq);
+allow dnsmasq execns:fd use;
+
diff --git a/target/board/generic/sepolicy/file.te b/target/board/generic/sepolicy/file.te
index 3afd706d26..4762e0d7af 100644
--- a/target/board/generic/sepolicy/file.te
+++ b/target/board/generic/sepolicy/file.te
@@ -1 +1,3 @@
+type sysfs_writable, fs_type, sysfs_type, mlstrustedobject;
+type varrun_file, file_type, data_file_type, mlstrustedobject;
 type mediadrm_vendor_data_file, file_type, data_file_type;
diff --git a/target/board/generic/sepolicy/file_contexts b/target/board/generic/sepolicy/file_contexts
index c65aaecd28..86d7dd51c9 100644
--- a/target/board/generic/sepolicy/file_contexts
+++ b/target/board/generic/sepolicy/file_contexts
@@ -18,6 +18,8 @@
 /vendor/bin/init\.ranchu-core\.sh u:object_r:goldfish_setup_exec:s0
 /vendor/bin/init\.ranchu-net\.sh u:object_r:goldfish_setup_exec:s0
 /vendor/bin/qemu-props       u:object_r:qemu_props_exec:s0
+/system/bin/execns           u:object_r:execns_exec:s0
+/system/bin/ipv6proxy        u:object_r:ipv6proxy_exec:s0
 
 /vendor/bin/hw/android\.hardware\.drm@1\.0-service\.widevine          u:object_r:hal_drm_widevine_exec:s0
 
@@ -36,4 +38,5 @@
 
 # data
 /data/vendor/mediadrm(/.*)?            u:object_r:mediadrm_vendor_data_file:s0
+/data/var/run(/.*)?                    u:object_r:varrun_file:s0
 
diff --git a/target/board/generic/sepolicy/goldfish_setup.te b/target/board/generic/sepolicy/goldfish_setup.te
index eb913e921e..1ce8ec7caa 100644
--- a/target/board/generic/sepolicy/goldfish_setup.te
+++ b/target/board/generic/sepolicy/goldfish_setup.te
@@ -11,3 +11,15 @@ allow goldfish_setup vendor_toolbox_exec:file execute_no_trans;
 allowxperm goldfish_setup self:udp_socket ioctl priv_sock_ioctls;
 wakelock_use(goldfish_setup);
 allow goldfish_setup vendor_shell_exec:file { rx_file_perms };
+
+# Set system properties to start services
+set_prop(goldfish_setup, ctl_default_prop);
+
+# Set up WiFi
+allow goldfish_setup self:netlink_route_socket nlmsg_write;
+allow goldfish_setup self:netlink_socket create_socket_perms;
+allow goldfish_setup self:capability { sys_module sys_admin };
+allow goldfish_setup varrun_file:dir { mounton write add_name search remove_name };
+allow goldfish_setup varrun_file:file { mounton getattr create read write open unlink };
+allow goldfish_setup execns_exec:file rx_file_perms;
+allow goldfish_setup proc_net:file w_file_perms;
diff --git a/target/board/generic/sepolicy/ipv6proxy.te b/target/board/generic/sepolicy/ipv6proxy.te
new file mode 100644
index 0000000000..009d545f2b
--- /dev/null
+++ b/target/board/generic/sepolicy/ipv6proxy.te
@@ -0,0 +1,15 @@
+# IPv6 proxying
+type ipv6proxy, domain, domain_deprecated;
+type ipv6proxy_exec, exec_type, file_type;
+
+init_daemon_domain(ipv6proxy)
+net_domain(ipv6proxy)
+
+# Allow ipv6proxy to be run by execns in its own domain
+domain_auto_trans(execns, ipv6proxy_exec, ipv6proxy);
+allow ipv6proxy execns:fd use;
+
+allow ipv6proxy self:capability { sys_admin sys_module net_admin net_raw };
+allow ipv6proxy self:packet_socket { bind create read };
+allow ipv6proxy self:netlink_route_socket nlmsg_write;
+allow ipv6proxy varrun_file:dir search;
diff --git a/target/board/generic_x86/BoardConfig.mk b/target/board/generic_x86/BoardConfig.mk
index d1cbeb9513..76463cb02e 100644
--- a/target/board/generic_x86/BoardConfig.mk
+++ b/target/board/generic_x86/BoardConfig.mk
@@ -67,3 +67,14 @@ BOARD_VNDK_VERSION := current
 # Enable A/B update
 TARGET_NO_RECOVERY := true
 BOARD_BUILD_SYSTEM_ROOT_IMAGE := true
+
+# Wifi.
+BOARD_WLAN_DEVICE           := wlan0
+BOARD_HOSTAPD_DRIVER        := NL80211
+BOARD_WPA_SUPPLICANT_DRIVER := NL80211
+BOARD_HOSTAPD_PRIVATE_LIB   := lib_driver_cmd_simulated
+BOARD_WPA_SUPPLICANT_PRIVATE_LIB := lib_driver_cmd_simulated
+WPA_SUPPLICANT_VERSION      := VER_0_8_X
+WIFI_DRIVER_FW_PATH_PARAM   := "/dev/null"
+WIFI_DRIVER_FW_PATH_STA     := "/dev/null"
+WIFI_DRIVER_FW_PATH_AP      := "/dev/null"
diff --git a/target/product/emulator.mk b/target/product/emulator.mk
index 67ebe047a8..10eb4c87e4 100644
--- a/target/product/emulator.mk
+++ b/target/product/emulator.mk
@@ -116,9 +116,19 @@ PRODUCT_PACKAGES += \
 PRODUCT_PACKAGES += \
     vndk-sp
 
+# WiFi
+PRODUCT_PACKAGES += \
+	execns \
+	hostapd \
+	ip \
+	ipv6proxy \
+	iw \
+	wpa_supplicant \
+
 PRODUCT_COPY_FILES += \
     device/generic/goldfish/init.ranchu-core.sh:$(TARGET_COPY_OUT_VENDOR)/bin/init.ranchu-core.sh \
     device/generic/goldfish/init.ranchu-net.sh:$(TARGET_COPY_OUT_VENDOR)/bin/init.ranchu-net.sh \
+    device/generic/goldfish/wifi/init.wifi.sh:$(TARGET_COPY_OUT_VENDOR)/bin/init.wifi.sh \
     device/generic/goldfish/init.ranchu.rc:root/init.ranchu.rc \
     device/generic/goldfish/fstab.ranchu:root/fstab.ranchu \
     device/generic/goldfish/fstab.ranchu.early:root/fstab.ranchu.early \
@@ -127,6 +137,8 @@ PRODUCT_COPY_FILES += \
     device/generic/goldfish/manifest.xml:$(TARGET_COPY_OUT_VENDOR)/manifest.xml \
     device/generic/goldfish/data/etc/permissions/privapp-permissions-goldfish.xml:$(TARGET_COPY_OUT_VENDOR)/etc/permissions/privapp-permissions-goldfish.xml \
     device/generic/goldfish/data/etc/config.ini:config.ini \
+    device/generic/goldfish/wifi/simulated_hostapd.conf:system/etc/simulated_hostapd.conf \
+    device/generic/goldfish/wifi/wpa_supplicant.conf:data/misc/wifi/wpa_supplicant.conf \
     frameworks/native/data/etc/android.hardware.wifi.xml:$(TARGET_COPY_OUT_VENDOR)/etc/permissions/android.hardware.wifi.xml
 
 PRODUCT_PACKAGE_OVERLAYS := device/generic/goldfish/overlay
diff --git a/target/product/sdk_base.mk b/target/product/sdk_base.mk
index df68d026c7..e3f2db2b3a 100644
--- a/target/product/sdk_base.mk
+++ b/target/product/sdk_base.mk
@@ -44,7 +44,7 @@ PRODUCT_PACKAGES := \
 	SysuiDarkThemeOverlay \
 	EasterEgg \
 	WallpaperPicker \
-	WidgetPreview
+	WidgetPreview \
 
 # Define the host tools and libs that are parts of the SDK.
 -include sdk/build/product_sdk.mk