move gpsd to device specific policyandroid-wear-n-preview-3android-wear-n-preview-2android-wear-n-preview-1android-wear-7.1.1_r1android-n-preview-5android-n-preview-4android-n-preview-3android-n-iot-preview-2nougat-mr1-wear-releasen-iot-preview-2

Only Flounder uses the gpsd domain.

Bug: 8435593
Change-Id: I60e33820dea1e9859899e03c0327c5275c0c50c6

6 files changed, 36 insertions, 0 deletions

diff --git a/sepolicy/device.te b/sepolicy/device.te
index 4eee900..ea8f456 100644
--- a/sepolicy/device.te
+++ b/sepolicy/device.te
@@ -9,3 +9,5 @@ type gpu_freq_device, dev_type;
 
 # mmc rpmb partition block device
 type mmc_rpmb_block_device, dev_type;
+
+type gps_device, dev_type;
diff --git a/sepolicy/file.te b/sepolicy/file.te
index ab4c950..713c84f 100644
--- a/sepolicy/file.te
+++ b/sepolicy/file.te
@@ -19,3 +19,7 @@ type sysfs_socinfo, sysfs_type, fs_type;
 type sysfs_tegra_fuse, sysfs_type, fs_type;
 
 type debugfs_nvmap, debugfs_type, fs_type;
+
+# /data/gps
+type gps_data_file, file_type, data_file_type;
+type gps_socket, file_type;
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
index db90525..4858019 100644
--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts
@@ -40,6 +40,8 @@
 # gps
 /system/bin/glgps		u:object_r:gpsd_exec:s0
 /dev/ttyTHS1			u:object_r:gps_device:s0
+/dev/socket/gps		        u:object_r:gps_socket:s0
+/data/gps(/.*)?		        u:object_r:gps_data_file:s0
 
 # touch_fusion
 /vendor/bin/touch_fusion	u:object_r:touch_fusion_exec:s0
diff --git a/sepolicy/gpsd.te b/sepolicy/gpsd.te
index b5d151d..7d83c1a 100644
--- a/sepolicy/gpsd.te
+++ b/sepolicy/gpsd.te
@@ -1 +1,23 @@
+# gpsd - GPS daemon
+type gpsd, domain;
+type gpsd_exec, exec_type, file_type;
+
+init_daemon_domain(gpsd)
+net_domain(gpsd)
 wakelock_use(gpsd)
+
+allow gpsd gps_data_file:dir rw_dir_perms;
+allow gpsd gps_data_file:notdevfile_class_set create_file_perms;
+# Socket is created by the daemon, not by init, and under /data/gps,
+# not under /dev/socket.
+type_transition gpsd gps_data_file:sock_file gps_socket;
+allow gpsd gps_socket:sock_file create_file_perms;
+# XXX Label sysfs files with a specific type?
+allow gpsd sysfs:file rw_file_perms;
+
+allow gpsd gps_device:chr_file rw_file_perms;
+
+# Execute the shell or system commands.
+allow gpsd shell_exec:file rx_file_perms;
+allow gpsd system_file:file rx_file_perms;
+allow gpsd toolbox_exec:file rx_file_perms;
diff --git a/sepolicy/rild.te b/sepolicy/rild.te
index 76f5689..a6e4978 100644
--- a/sepolicy/rild.te
+++ b/sepolicy/rild.te
@@ -4,3 +4,6 @@ allow rild ril_db_file:dir rw_dir_perms;
 
 # Grant access to Qualcomm MSM Interface (QMI) radio sockets to RILD
 qmux_socket(rild)
+
+# Read/Write to uart driver (for GPS)
+allow rild gps_device:chr_file rw_file_perms;
diff --git a/sepolicy/system_server.te b/sepolicy/system_server.te
index b7272a5..e6877a5 100644
--- a/sepolicy/system_server.te
+++ b/sepolicy/system_server.te
@@ -13,3 +13,6 @@ r_dir_file(system_server, debugfs_nvmap)
 allow system_server sysfs_gpu:file r_file_perms;
 allow system_server sysfs_socinfo:file r_file_perms;
 allow system_server sysfs_swap:file r_file_perms;
+
+unix_socket_connect(system_server, gps, gpsd)
+allow system_server gps_device:chr_file rw_file_perms;