projects / GitHub / LineageOS / android_device_samsung_slsi_sepolicy.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: dbfe6e0)
common: Add gpsd
authorAndreas Schneider <asn@cryptomilk.org>
Wed, 8 Apr 2020 16:55:20 +0000 (18:55 +0200)
committerAndreas Schneider <asn@cryptomilk.org>
Wed, 8 Apr 2020 16:55:40 +0000 (18:55 +0200)
Change-Id: I1f63fb510d598cacc1dd03123ef7f2bbb3c4b0c1

common/vendor/file.te patch | blob | blame | history
common/vendor/file_contexts patch | blob | blame | history
common/vendor/gpsd.te [new file with mode: 0644] patch | blob

diff --git a/common/vendor/file.te b/common/vendor/file.te
index 8eec4a1f9bc30a15c8d7629efc5e3aff32e7a9b9..58ad04bb5ed966e87e4549bfb4a261986f661c8c 100644 (file)
--- a/common/vendor/file.te
+++ b/common/vendor/file.te
@@ -3,6 +3,7 @@
 ### DATA
 type biometrics_vendor_data_file, file_type, data_file_type;
 type conn_vendor_data_file, file_type, data_file_type;
+type gps_vendor_data_file, file_type, data_file_type;
 type log_vendor_data_file, file_type, data_file_type;
 type log_cbd_vendor_data_file, file_type, data_file_type;
 type radio_vendor_data_file, file_type, data_file_type;
diff --git a/common/vendor/file_contexts b/common/vendor/file_contexts
index 736c024f6f962ee170c3bd5caf49eb0313a2263a..bf3637eb380fc06598d0421f6e56d20068cea00d 100644 (file)
--- a/common/vendor/file_contexts
+++ b/common/vendor/file_contexts
@@ -3,6 +3,7 @@
 ### DATA
 /data/vendor/biometrics(/.*)?                u:object_r:biometrics_vendor_data_file:s0
 /data/vendor/conn(/.*)?                      u:object_r:conn_vendor_data_file:s0
+/data/vendor/gps(/.*)?                       u:object_r:gps_vendor_data_file:s0
 /data/vendor/wifi(/.*)?                      u:object_r:wifi_vendor_data_file:s0
 /data/vendor/log(/.*)?                       u:object_r:log_vendor_data_file:s0
 /data/vendor/log/cbd(/.*)?                   u:object_r:log_cbd_vendor_data_file:s0
diff --git a/common/vendor/gpsd.te b/common/vendor/gpsd.te
new file mode 100644 (file)
index 0000000..5baeb0b
--- /dev/null
+++ b/common/vendor/gpsd.te
@@ -0,0 +1,37 @@
+type gpsd, domain, netdomain;
+type gpsd_exec, exec_type, vendor_file_type, file_type;
+
+# gpsd is started by init, type transit from init domain to gpsd domain
+init_daemon_domain(gpsd)
+
+allow gpsd rild:unix_stream_socket connectto;
+
+get_prop(gpsd, vendor_radio_prop)
+get_prop(gpsd, exported_radio_prop)
+get_prop(gpsd, exported_config_prop)
+
+get_prop(gpsd, hwservicemanager_prop)
+hwbinder_use(gpsd)
+allow gpsd system_suspend_hwservice:hwservice_manager { find };
+allow gpsd fwk_sensor_hwservice:hwservice_manager { find };
+
+binder_call(gpsd, system_suspend_server)
+binder_call(gpsd, system_server)
+binder_call(system_server, gpsd)
+
+allow gpsd self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
+allow gpsd self:{ tcp_socket udp_socket } create_stream_socket_perms;
+allow gpsd port:tcp_socket { name_bind name_connect };
+allow gpsd port:udp_socket name_bind;
+allow gpsd node:{ tcp_socket udp_socket } node_bind;
+
+# /acct/tasks
+allow gpsd cgroup:file getattr;
+
+# /dev/socket/fwmarkd
+allow gpsd fwmarkd_socket:sock_file write;
+
+# /data/vendor/gps
+allow gpsd gps_vendor_data_file:dir rw_dir_perms;
+allow gpsd gps_vendor_data_file:file create_file_perms;
+allow gpsd gps_vendor_data_file:fifo_file create_file_perms;