diff options
author | Adam Shih <adamshih@google.com> | 2019-11-04 15:48:24 +0800 |
---|---|---|
committer | Adam Shih <adamshih@google.com> | 2019-11-06 07:20:46 +0000 |
commit | c443900b4644d5fe9ace16eb77cbc4181a606aae (patch) | |
tree | a4d97d7c6ea48bfbeaf15f3c0e759bc3b71a7123 /vendor/qcom/common | |
parent | 4d16ebb4cd22a14dc363bef4baa53b7913058d9d (diff) | |
download | sunfish-sepolicy-c443900b4644d5fe9ace16eb77cbc4181a606aae.tar.gz |
copy sepolicy from previous project on location
Bug: 143854052
Test: flash selinux modules to device and find avc errors gone
Change-Id: I340ba999dd292e74d9e825395b9ad16816aee8c9
Diffstat (limited to 'vendor/qcom/common')
-rw-r--r-- | vendor/qcom/common/hal_gnss_qti.te | 24 | ||||
-rw-r--r-- | vendor/qcom/common/location.te | 43 |
2 files changed, 66 insertions, 1 deletions
diff --git a/vendor/qcom/common/hal_gnss_qti.te b/vendor/qcom/common/hal_gnss_qti.te index 4fb51fe..2f6ff44 100644 --- a/vendor/qcom/common/hal_gnss_qti.te +++ b/vendor/qcom/common/hal_gnss_qti.te @@ -1,3 +1,25 @@ +# hal_gnss_qti - binerized gnss hal type hal_gnss_qti, domain; +hal_server_domain(hal_gnss_qti, hal_gnss) + type hal_gnss_qti_exec, exec_type, vendor_file_type, file_type; -init_daemon_domain(hal_gnss_qti)
\ No newline at end of file +init_daemon_domain(hal_gnss_qti) +vndbinder_use(hal_gnss_qti) + +#files in /sys +r_dir_file(hal_gnss_qti, sysfs_soc) +r_dir_file(hal_gnss_qti, sysfs_esoc) +r_dir_file(hal_gnss_qti, sysfs_msm_subsys) +r_dir_file(hal_gnss_qti, sysfs_ssr) + +binder_call(hal_gnss_qti, vendor_per_mgr) +allow hal_gnss_qti vendor_per_mgr_service:service_manager find; + +# /dev/socket/location +allow hal_gnss_qti location_socket:sock_file create_file_perms; +allow hal_gnss_qti location_socket:dir rw_dir_perms; + +# xtra/socket_xtra +allow hal_gnss_qti location:unix_dgram_socket sendto; + +allow hal_gnss_qti self:qipcrtr_socket create_socket_perms_no_ioctl; diff --git a/vendor/qcom/common/location.te b/vendor/qcom/common/location.te index 267faf3..af5f83d 100644 --- a/vendor/qcom/common/location.te +++ b/vendor/qcom/common/location.te @@ -1,3 +1,46 @@ +# location - Location daemon type location, domain; type location_exec, exec_type, vendor_file_type, file_type; + init_daemon_domain(location) + +allow location self:capability setgid; + +# files in /sys +r_dir_file(location, sysfs_soc) +r_dir_file(location, sysfs_esoc) +r_dir_file(location, sysfs_msm_subsys) +r_dir_file(location, sysfs_ssr) + +# Execute /vendor/bin/lowi-server +allow location location_exec:file rx_file_perms; + +# Enable standard network access (for XTRA download) +net_domain(location) + +## And some additional network access +allow location self:{ + netlink_generic_socket + qipcrtr_socket +} create_socket_perms_no_ioctl; +allowxperm location self:udp_socket ioctl { SIOCGIFINDEX SIOCGIFHWADDR SIOCIWFIRSTPRIV_05 }; + +# /data/vendor/location +allow location location_data_file:dir create_dir_perms; +allow location location_data_file:file create_file_perms; + +# /data/vendor/wifi/wpa +allow location wpa_data_file:dir rw_dir_perms; +allow location wpa_data_file:sock_file create_file_perms; +allow location hal_wifi_supplicant_default:unix_dgram_socket sendto; + +# /dev/socket/location +allow location location_socket:sock_file create_file_perms; +allow location location_socket:dir w_dir_perms; + +allow location hal_gnss_qti:unix_dgram_socket sendto; + +userdebug_or_eng(` + allow location diag_device:chr_file rw_file_perms; +') + |