Corrected denials for LocationManager when accessing gps over uart.

device.te

@@ -39,6 +39,7 @@ type vcs_device, dev_type;
 type zero_device, dev_type;
 type fuse_device, dev_type;
 type ion_device, dev_type;
+type gps_device, dev_type;
 
 # All devices have a uart for the hci
 # attach service. The uart dev node

file.te

@@ -79,6 +79,9 @@ type vold_socket, file_type;
 type wpa_socket, file_type;
 type zygote_socket, file_type;
 
+# UART (for GPS) control proc file
+type gps_control, file_type;
+
 # Allow files to be created in their appropriate filesystems.
 allow fs_type self:filesystem associate;
 allow sysfs_type sysfs:filesystem associate;

ocontexts

@@ -52,6 +52,9 @@ genfscon rootfs / u:object_r:rootfs:s0
 # proc labeling can be further refined (longest matching prefix).
 genfscon proc / u:object_r:proc:s0
 genfscon proc /net/xt_qtaguid/ctrl u:object_r:qtaguid:s0
+# These proc entries are for the CSR GPS chip
+# XXX Can we label these as device specific?
+genfscon proc /mcspi1_cs3_ctrl u:object_r:gps_control:s0
 # selinuxfs booleans can be individually labeled.
 genfscon selinuxfs / u:object_r:selinuxfs:s0
 genfscon cgroup / u:object_r:cgroup:s0

rild.te

@@ -34,3 +34,6 @@ allow rild sysfs:file rw_file_perms;
 # property service
 allow rild rild_prop:property_service set;
 allow rild radio_prop:property_service set;
+
+# Read/Write to uart driver (for GPS)
+allow rild gps_device:chr_file rw_file_perms;

system.te

@@ -187,3 +187,8 @@ allow system system_file:file x_file_perms;
 # XXX dontaudit candidate
 allow system domain:dir r_dir_perms;
 allow system domain:file r_file_perms;
+
+# LocationManager(e.g, GPS) needs to read and write
+# to uart driver and ctrl proc entry
+allow system gps_device:chr_file rw_file_perms;
+allow system gps_control:file rw_file_perms;