diff options
author | Adam Shih <adamshih@google.com> | 2019-11-04 15:48:24 +0800 |
---|---|---|
committer | Adam Shih <adamshih@google.com> | 2019-11-06 07:20:46 +0000 |
commit | c443900b4644d5fe9ace16eb77cbc4181a606aae (patch) | |
tree | a4d97d7c6ea48bfbeaf15f3c0e759bc3b71a7123 /vendor/qcom/common/location.te | |
parent | 4d16ebb4cd22a14dc363bef4baa53b7913058d9d (diff) | |
download | sunfish-sepolicy-c443900b4644d5fe9ace16eb77cbc4181a606aae.tar.gz |
copy sepolicy from previous project on location
Bug: 143854052
Test: flash selinux modules to device and find avc errors gone
Change-Id: I340ba999dd292e74d9e825395b9ad16816aee8c9
Diffstat (limited to 'vendor/qcom/common/location.te')
-rw-r--r-- | vendor/qcom/common/location.te | 43 |
1 files changed, 43 insertions, 0 deletions
diff --git a/vendor/qcom/common/location.te b/vendor/qcom/common/location.te index 267faf3..af5f83d 100644 --- a/vendor/qcom/common/location.te +++ b/vendor/qcom/common/location.te @@ -1,3 +1,46 @@ +# location - Location daemon type location, domain; type location_exec, exec_type, vendor_file_type, file_type; + init_daemon_domain(location) + +allow location self:capability setgid; + +# files in /sys +r_dir_file(location, sysfs_soc) +r_dir_file(location, sysfs_esoc) +r_dir_file(location, sysfs_msm_subsys) +r_dir_file(location, sysfs_ssr) + +# Execute /vendor/bin/lowi-server +allow location location_exec:file rx_file_perms; + +# Enable standard network access (for XTRA download) +net_domain(location) + +## And some additional network access +allow location self:{ + netlink_generic_socket + qipcrtr_socket +} create_socket_perms_no_ioctl; +allowxperm location self:udp_socket ioctl { SIOCGIFINDEX SIOCGIFHWADDR SIOCIWFIRSTPRIV_05 }; + +# /data/vendor/location +allow location location_data_file:dir create_dir_perms; +allow location location_data_file:file create_file_perms; + +# /data/vendor/wifi/wpa +allow location wpa_data_file:dir rw_dir_perms; +allow location wpa_data_file:sock_file create_file_perms; +allow location hal_wifi_supplicant_default:unix_dgram_socket sendto; + +# /dev/socket/location +allow location location_socket:sock_file create_file_perms; +allow location location_socket:dir w_dir_perms; + +allow location hal_gnss_qti:unix_dgram_socket sendto; + +userdebug_or_eng(` + allow location diag_device:chr_file rw_file_perms; +') + |