diff --git a/vendor/README.txt b/vendor/README.txt new file mode 100644 index 0000000..67a320f --- /dev/null +++ b/vendor/README.txt @@ -0,0 +1,2 @@ +This folder holds sepolicy exclusively for one device. For example, genfs_contexts +paths that are affected by device tree. diff --git a/vendor/file.te b/vendor/file.te new file mode 100644 index 0000000..4fded5a --- /dev/null +++ b/vendor/file.te @@ -0,0 +1,2 @@ +type sysfs_modem_state, sysfs_type, fs_type; +type sysfs_gps, sysfs_type, fs_type; diff --git a/vendor/file_contexts b/vendor/file_contexts index 0f19b2e..f563cd9 100644 --- a/vendor/file_contexts +++ b/vendor/file_contexts @@ -8,3 +8,17 @@ /dev/lwis-sensor-barghest u:object_r:lwis_device:s0 /dev/lwis-sensor-leshen u:object_r:lwis_device:s0 /dev/lwis-sensor-leshen-uw u:object_r:lwis_device:s0 + +# GPS +/dev/gnss_ipc u:object_r:vendor_gnss_device:s0 +/dev/gnss_boot u:object_r:vendor_gnss_device:s0 +/dev/gnss_dump u:object_r:vendor_gnss_device:s0 + +/vendor/bin/hw/gnssd u:object_r:gnssd_exec:s0 +/vendor/bin/hw/sctd u:object_r:sctd_exec:s0 +/vendor/bin/hw/swcnd u:object_r:swcnd_exec:s0 +/vendor/bin/hw/spad u:object_r:spad_exec:s0 +/vendor/bin/hw/android.hardware.gnss-service u:object_r:hal_gnss_default_exec:s0 + +# gnss/gps data/log files +/data/vendor/gps(/.*)? u:object_r:vendor_gps_file:s0 diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts index 8b13789..d19427c 100644 --- a/vendor/genfs_contexts +++ b/vendor/genfs_contexts @@ -1 +1,2 @@ - +# gps coredump node +genfscon sysfs /devices/platform/gnssif/coredump u:object_r:sysfs_gps:s0 diff --git a/vendor/gnssd.te b/vendor/gnssd.te new file mode 100644 index 0000000..2b569e5 --- /dev/null +++ b/vendor/gnssd.te @@ -0,0 +1,28 @@ +type gnssd, domain; +type gnssd_exec, exec_type, vendor_file_type, file_type; +init_daemon_domain(gnssd); + +# Allow gnssd to access rild +binder_call(gnssd, rild); +binder_call(gnssd, hwservicemanager) +allow gnssd hal_exynos_rild_hwservice:hwservice_manager find; +allow gnssd radio_device:chr_file rw_file_perms; + +# Allow gnssd to acess gnss device +allow gnssd vendor_gnss_device:chr_file rw_file_perms; +allow gnssd vendor_gps_file:dir create_dir_perms; +allow gnssd vendor_gps_file:file create_file_perms; +allow gnssd vendor_gps_file:fifo_file create_file_perms; + +# Allow gnssd to obtain wakelock +wakelock_use(gnssd); + +# Allow a base set of permissions required for network access. +net_domain(gnssd); + +# Allow gnssd to get boot complete +get_prop(gnssd, bootanim_system_prop); + +allow gnssd sysfs_soc:file r_file_perms; + +allow gnssd sysfs_gps:file rw_file_perms; diff --git a/vendor/hal_gnss_default.te b/vendor/hal_gnss_default.te new file mode 100644 index 0000000..0a45e91 --- /dev/null +++ b/vendor/hal_gnss_default.te @@ -0,0 +1,7 @@ +allow hal_gnss_default fwk_sensor_service:service_manager find; +allow hal_gnss_default gnssd:unix_stream_socket connectto; +allow hal_gnss_default vendor_gps_file:dir create_dir_perms; +allow hal_gnss_default vendor_gps_file:file create_file_perms; +allow hal_gnss_default vendor_gps_file:fifo_file create_file_perms; + +allow hal_gnss_default sysfs_gps:file rw_file_perms; diff --git a/vendor/rild.te b/vendor/rild.te new file mode 100644 index 0000000..c620a19 --- /dev/null +++ b/vendor/rild.te @@ -0,0 +1 @@ +binder_call(rild, gnssd) diff --git a/vendor/sctd.te b/vendor/sctd.te new file mode 100644 index 0000000..8966ef8 --- /dev/null +++ b/vendor/sctd.te @@ -0,0 +1,3 @@ +type sctd, domain; +type sctd_exec, exec_type, vendor_file_type, file_type; +init_daemon_domain(sctd); diff --git a/vendor/spad.te b/vendor/spad.te new file mode 100644 index 0000000..eaf8b1c --- /dev/null +++ b/vendor/spad.te @@ -0,0 +1,3 @@ +type spad, domain; +type spad_exec, exec_type, vendor_file_type, file_type; +init_daemon_domain(spad); diff --git a/vendor/swcnd.te b/vendor/swcnd.te new file mode 100644 index 0000000..c366cad --- /dev/null +++ b/vendor/swcnd.te @@ -0,0 +1,3 @@ +type swcnd, domain; +type swcnd_exec, exec_type, vendor_file_type, file_type; +init_daemon_domain(swcnd);