6c80bcc5f2
qdmastatsd renamed to qcc_trd and qdma renamed to qcc vendor_ prefixed CRs-fixed: 2605804 Change-Id: I55b699228bcf46de57c2dc019fac80bcc55424a1
99 lines
4.2 KiB
Text
99 lines
4.2 KiB
Text
# Copyright (c) 2018-2020, The Linux Foundation. All rights reserved.
|
|
#
|
|
# Redistribution and use in source and binary forms, with or without
|
|
# modification, are permitted provided that the following conditions are
|
|
# met:
|
|
# * Redistributions of source code must retain the above copyright
|
|
# notice, this list of conditions and the following disclaimer.
|
|
# * Redistributions in binary form must reproduce the above
|
|
# copyright notice, this list of conditions and the following
|
|
# disclaimer in the documentation and/or other materials provided
|
|
# with the distribution.
|
|
# * Neither the name of The Linux Foundation nor the names of its
|
|
# contributors may be used to endorse or promote products derived
|
|
# from this software without specific prior written permission.
|
|
#
|
|
# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED
|
|
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
|
|
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT
|
|
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
|
|
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
|
|
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
|
|
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
|
|
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
|
|
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
|
|
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
|
|
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
|
|
# generic/vendor_location.te - sepolicy rules for generic vendor_location modules
|
|
|
|
# loc_launcher service
|
|
# which launches various other services supporting GPS & Wifi-RTT (LOWI) vendor_location
|
|
type vendor_location, domain;
|
|
type vendor_location_exec, exec_type, vendor_file_type, file_type;
|
|
|
|
init_daemon_domain(vendor_location)
|
|
|
|
allow vendor_location self:capability { setgid setuid };
|
|
|
|
hwbinder_use(vendor_location)
|
|
|
|
get_prop(vendor_location, hwservicemanager_prop)
|
|
get_prop(vendor_location, vendor_cnd_prop)
|
|
#xtra-daemon access to qcc properties
|
|
get_prop(vendor_location, vendor_qcc_prop)
|
|
|
|
allow vendor_location fwk_sensor_hwservice:hwservice_manager find;
|
|
binder_call(vendor_location, system_server)
|
|
binder_call(vendor_location, vendor_cnd)
|
|
|
|
# Enable standard network access (for XTRA download)
|
|
net_domain(vendor_location)
|
|
|
|
# required for xtra-daemon, slim-daemon.
|
|
allow vendor_location self:qipcrtr_socket create_socket_perms_no_ioctl;
|
|
|
|
dontaudit vendor_location kernel:system module_request;
|
|
|
|
# execute permission for vendor_location daemons in /vendor/bin/
|
|
allow vendor_location vendor_location_exec:file rx_file_perms;
|
|
|
|
# /data/vendor/vendor_location
|
|
allow vendor_location vendor_location_data_file:dir create_dir_perms;
|
|
allow vendor_location vendor_location_data_file:file create_file_perms;
|
|
|
|
# /dev/socket/vendor_location
|
|
allow vendor_location vendor_location_socket:sock_file create_file_perms;
|
|
allow vendor_location vendor_location_socket:dir rw_dir_perms;
|
|
|
|
allow vendor_location vendor_hal_gnss_qti:unix_dgram_socket sendto;
|
|
|
|
# permission for read execute vendor_location daemons in userdebug mode.
|
|
userdebug_or_eng(`
|
|
allow shell vendor_location_exec:file rx_file_perms;
|
|
')
|
|
|
|
## lowi-server
|
|
##############
|
|
# some additional network access
|
|
allow vendor_location self:netlink_generic_socket create_socket_perms_no_ioctl;
|
|
allow vendor_location self:netlink_socket create_socket_perms_no_ioctl;
|
|
allowxperm vendor_location self:udp_socket ioctl lowi_server_ioctls;
|
|
allow vendor_location hal_wifi:unix_stream_socket { read write };
|
|
|
|
# /data/vendor/wifi
|
|
allow vendor_location vendor_wifi_vendor_data_file:dir search;
|
|
|
|
# /data/vendor/wifi/wpa
|
|
allow vendor_location wpa_data_file:dir rw_dir_perms;
|
|
allow vendor_location wpa_data_file:sock_file create_file_perms;
|
|
allow vendor_location hal_wifi_supplicant_default:unix_dgram_socket sendto;
|
|
|
|
# /dev/socket/wifihal
|
|
allow vendor_location vendor_wifihal_socket:dir search;
|
|
unix_socket_send(vendor_location, vendor_wifihal, hal_wifi_default);
|
|
|
|
## xtra-daemon
|
|
##############
|
|
allow vendor_location {vendor_hal_cacert_hwservice vendor_hal_datafactory_hwservice vendor_hal_cne_hwservice}:hwservice_manager find;
|
|
binder_call(vendor_location, vendor_qtidataservices_app)
|