Add sepolicy for vendor_location

06-25 21:59:57.532  3922  3922 I auditd  : type=1400 audit(0.0:11):
avc: denied { sendto } for comm="loc_mq_clnt"
path="/dev/socket/location/mq/LOWI-SERVER"
scontext=u:r:vendor_location:s0 tcontext=u:r:lowi_server:s0
tclass=unix_dgram_socket permissive=0
06-29 04:30:11.188  8182  8182 I auditd  : type=1400 audit(0.0:1517):
avc: denied { sendto } for comm="loc_mq_clnt"
path="/dev/socket/location/mq/7b2e9924f8-LC"
scontext=u:r:vendor_location:s0 tcontext=u:r:hal_wifi_ext:s0
tclass=unix_dgram_socket permissive=0

Bug: 237467750
Test: avc error is gone
Change-Id: Ic4ff2bdf30b042c08c38b134c6af086d7033511f

2 files changed, 4 insertions, 1 deletions

diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map
index b252b1b..a51827c 100644
--- a/tracking_denials/bug_map
+++ b/tracking_denials/bug_map
@@ -1,3 +1,2 @@
 hal_radioext_default hal_bluetooth_default binder b/234311798
 init-insmod-sh init-insmod-sh capability b/234311675
-vendor_location lowi_server unix_dgram_socket b/237467750
diff --git a/vendor/vendor_location.te b/vendor/vendor_location.te
index cefcd49..05f55a6 100644
--- a/vendor/vendor_location.te
+++ b/vendor/vendor_location.te
@@ -13,3 +13,7 @@ allow vendor_location vendor_location_socket:dir rw_dir_perms;
 
 # /sys/devices/soc0/soc_id
 allow vendor_location vendor_location_sysfs:file create_file_perms;
+
+# /dev/socket/location/mq/*
+allow vendor_location lowi_server:unix_dgram_socket {sendto read write};
+allow vendor_location hal_wifi_ext:unix_dgram_socket {sendto read write};