Add sepolicy for gnss
Bug: 294708565 Test: GPS test Change-Id: I6a460a16b4a9a7624b7769c4725a03249869bb65
This commit is contained in:
Joe Huang
parent
f147b6d264
commit
97baab5951
8 changed files with 52 additions and 0 deletions
11
vendor/file_contexts
vendored
Normal file
11
vendor/file_contexts
vendored
Normal file
|
|
@ -0,0 +1,11 @@
|
|||
# GPS
|
||||
/dev/gnss_ipc u:object_r:vendor_gnss_device:s0
|
||||
/dev/gnss_boot u:object_r:vendor_gnss_device:s0
|
||||
/dev/gnss_dump u:object_r:vendor_gnss_device:s0
|
||||
|
||||
/vendor/bin/hw/gnssd u:object_r:gnssd_exec:s0
|
||||
/vendor/bin/hw/sctd u:object_r:sctd_exec:s0
|
||||
/vendor/bin/hw/swcnd u:object_r:swcnd_exec:s0
|
||||
/vendor/bin/hw/spad u:object_r:spad_exec:s0
|
||||
/vendor/bin/hw/gnss-aidl-service_IGnssV2_ISlsiGnssV1 u:object_r:hal_gnss_default_exec:s0
|
||||
/vendor/bin/gnss_check\.sh u:object_r:gnss_check_exec:s0
|
||||
6
vendor/gnss_check.te
vendored
Normal file
6
vendor/gnss_check.te
vendored
Normal file
|
|
@ -0,0 +1,6 @@
|
|||
type gnss_check, domain;
|
||||
type gnss_check_exec, exec_type, vendor_file_type, file_type;
|
||||
|
||||
init_daemon_domain(gnss_check);
|
||||
|
||||
allow gnss_check vendor_toolbox_exec:file { execute_no_trans };
|
||||
23
vendor/gnssd.te
vendored
Normal file
23
vendor/gnssd.te
vendored
Normal file
|
|
@ -0,0 +1,23 @@
|
|||
type gnssd, domain;
|
||||
type gnssd_exec, exec_type, vendor_file_type, file_type;
|
||||
init_daemon_domain(gnssd);
|
||||
|
||||
# Allow gnssd to access rild
|
||||
binder_call(gnssd, rild);
|
||||
# binder_call(gnssd, hwservicemanager)
|
||||
allow gnssd hal_exynos_rild_hwservice:hwservice_manager find;
|
||||
allow gnssd radio_device:chr_file rw_file_perms;
|
||||
|
||||
# Allow gnssd to acess gnss device
|
||||
allow gnssd vendor_gnss_device:chr_file rw_file_perms;
|
||||
allow gnssd vendor_gps_file:dir create_dir_perms;
|
||||
allow gnssd vendor_gps_file:file create_file_perms;
|
||||
allow gnssd vendor_gps_file:fifo_file create_file_perms;
|
||||
|
||||
get_prop(gnssd, bootanim_system_prop)
|
||||
|
||||
# Allow gnssd to obtain wakelock
|
||||
wakelock_use(gnssd)
|
||||
|
||||
# Allow a base set of permissions required for network access.
|
||||
net_domain(gnssd);
|
||||
2
vendor/hal_gnss_default.te
vendored
Normal file
2
vendor/hal_gnss_default.te
vendored
Normal file
|
|
@ -0,0 +1,2 @@
|
|||
binder_call(hal_gnss_default, gnssd);
|
||||
|
||||
1
vendor/rild.te
vendored
Normal file
1
vendor/rild.te
vendored
Normal file
|
|
@ -0,0 +1 @@
|
|||
binder_call(rild, gnssd)
|
||||
3
vendor/sctd.te
vendored
Normal file
3
vendor/sctd.te
vendored
Normal file
|
|
@ -0,0 +1,3 @@
|
|||
type sctd, domain;
|
||||
type sctd_exec, exec_type, vendor_file_type, file_type;
|
||||
init_daemon_domain(sctd);
|
||||
3
vendor/spad.te
vendored
Normal file
3
vendor/spad.te
vendored
Normal file
|
|
@ -0,0 +1,3 @@
|
|||
type spad, domain;
|
||||
type spad_exec, exec_type, vendor_file_type, file_type;
|
||||
init_daemon_domain(spad);
|
||||
3
vendor/swcnd.te
vendored
Normal file
3
vendor/swcnd.te
vendored
Normal file
|
|
@ -0,0 +1,3 @@
|
|||
type swcnd, domain;
|
||||
type swcnd_exec, exec_type, vendor_file_type, file_type;
|
||||
init_daemon_domain(swcnd);
|
||||
Loading…
Add table
Add a link
Reference in a new issue