From a648924b1417a170b395f2e51a9b438c7128f8f9 Mon Sep 17 00:00:00 2001
From: Edwin Tung <edwintung@google.com>
Date: Fri, 4 Aug 2023 15:53:49 +0800
Subject: [PATCH] gps: Add sepolicy for gps

Bug: 294482059
Bug: 294481452
Bug: 294175645

Test: Fix data/vendor/gps avc denied
Change-Id: I3a93b7b8c8e6aff3fbd114fa5bf49ed0f8140258
---
 vendor/file_contexts       | 18 +++++++++++-------
 vendor/hal_gnss_default.te |  3 +++
 2 files changed, 14 insertions(+), 7 deletions(-)

diff --git a/vendor/file_contexts b/vendor/file_contexts
index d7f180c..0eb5765 100644
--- a/vendor/file_contexts
+++ b/vendor/file_contexts
@@ -4,12 +4,16 @@
 /dev/logbuffer_tty18                u:object_r:logbuffer_device:s0
 
 # GPS
-/dev/gnss_ipc                  u:object_r:vendor_gnss_device:s0
-/dev/gnss_boot                 u:object_r:vendor_gnss_device:s0
-/dev/gnss_dump                 u:object_r:vendor_gnss_device:s0
+/dev/gnss_ipc                       u:object_r:vendor_gnss_device:s0
+/dev/gnss_boot                      u:object_r:vendor_gnss_device:s0
+/dev/gnss_dump                      u:object_r:vendor_gnss_device:s0
 
-/vendor/bin/hw/gnssd            u:object_r:gnssd_exec:s0
-/vendor/bin/hw/sctd             u:object_r:sctd_exec:s0
-/vendor/bin/hw/swcnd            u:object_r:swcnd_exec:s0
-/vendor/bin/hw/spad             u:object_r:spad_exec:s0
+/vendor/bin/hw/gnssd                u:object_r:gnssd_exec:s0
+/vendor/bin/hw/sctd                 u:object_r:sctd_exec:s0
+/vendor/bin/hw/swcnd                u:object_r:swcnd_exec:s0
+/vendor/bin/hw/spad                 u:object_r:spad_exec:s0
 /vendor/bin/hw/gnss-aidl-service_IGnssV2_ISlsiGnssV1           u:object_r:hal_gnss_default_exec:s0
+/vendor/bin/hw/android.hardware.gnss-service                   u:object_r:hal_gnss_default_exec:s0
+
+# gnss/gps data/log files
+/data/vendor/gps(/.*)?              u:object_r:vendor_gps_file:s0
diff --git a/vendor/hal_gnss_default.te b/vendor/hal_gnss_default.te
index f6e28dd..a9ed79c 100644
--- a/vendor/hal_gnss_default.te
+++ b/vendor/hal_gnss_default.te
@@ -1,2 +1,5 @@
 allow hal_gnss_default fwk_sensor_service:service_manager find;
 allow hal_gnss_default gnssd:unix_stream_socket connectto;
+allow hal_gnss_default vendor_gps_file:dir create_dir_perms;
+allow hal_gnss_default vendor_gps_file:file create_file_perms;
+allow hal_gnss_default vendor_gps_file:fifo_file create_file_perms;