From e19e985013b1d82d18c858e533926bc3f3a9ce9e Mon Sep 17 00:00:00 2001 From: Edwin Tung Date: Fri, 14 Jul 2023 13:55:44 +0800 Subject: [PATCH] Add sepolicy for gnssd Bug: 265391808 Test: No avc denied Change-Id: Ib4645bc0f26ac261c7aae6f1b621303e88e09690 --- vendor/gnssd.te | 5 +++++ vendor/hal_gnss_default.te | 2 ++ 2 files changed, 7 insertions(+) create mode 100644 vendor/hal_gnss_default.te diff --git a/vendor/gnssd.te b/vendor/gnssd.te index ad92dcd..487bcbb 100644 --- a/vendor/gnssd.te +++ b/vendor/gnssd.te @@ -19,3 +19,8 @@ wakelock_use(gnssd) # Allow a base set of permissions required for network access. net_domain(gnssd); + +# Allow gnssd to get boot complete +get_prop(gnssd, bootanim_system_prop) + +allow gnssd sysfs_soc:file r_file_perms; diff --git a/vendor/hal_gnss_default.te b/vendor/hal_gnss_default.te new file mode 100644 index 0000000..f6e28dd --- /dev/null +++ b/vendor/hal_gnss_default.te @@ -0,0 +1,2 @@ +allow hal_gnss_default fwk_sensor_service:service_manager find; +allow hal_gnss_default gnssd:unix_stream_socket connectto;