From 1be1e15c262f1dcc490469b1fc5be3cf32d5e203 Mon Sep 17 00:00:00 2001
From: Edwin Tung <edwintung@google.com>
Date: Mon, 8 May 2023 16:21:29 +0800
Subject: [PATCH] Add sepolicy for gnssd

Bug: 269987831
Test: build pass
Change-Id: I3b852b7c7b7f1813830a9ceca476d658099a2c55
---
 vendor/gnssd.te      | 15 +++++++++++++++
 vendor/radio/rild.te |  1 +
 2 files changed, 16 insertions(+)
 create mode 100644 vendor/radio/rild.te

diff --git a/vendor/gnssd.te b/vendor/gnssd.te
index 445e975..3da633d 100644
--- a/vendor/gnssd.te
+++ b/vendor/gnssd.te
@@ -1,3 +1,18 @@
 type gnssd, domain;
 type gnssd_exec, exec_type, vendor_file_type, file_type;
 init_daemon_domain(gnssd);
+
+# Allow gnssd to access rild
+binder_call(gnssd, rild);
+allow gnssd hal_exynos_rild_hwservice:hwservice_manager find;
+binder_call(gnssd, hwservicemanager)
+
+allow gnssd vendor_gps_file:dir create_dir_perms;
+allow gnssd vendor_gps_file:file create_file_perms;
+allow gnssd vendor_gps_file:fifo_file create_file_perms;
+
+# Allow gnssd to obtain wakelock
+wakelock_use(gnssd)
+
+# Allow a base set of permissions required for network access.
+net_domain(gnssd);
diff --git a/vendor/radio/rild.te b/vendor/radio/rild.te
new file mode 100644
index 0000000..c620a19
--- /dev/null
+++ b/vendor/radio/rild.te
@@ -0,0 +1 @@
+binder_call(rild, gnssd)