gps: add sepolicy rules for gps

Bug: 314051269
Test: Test GPS
Change-Id: I525172bebe931c6611730758691b1bfe2e80455f

vendor/README.txt

@@ -0,0 +1,2 @@
+This folder holds sepolicy exclusively for one device. For example, genfs_contexts
+paths that are affected by device tree.

vendor/file.te

@@ -0,0 +1,2 @@
+type sysfs_modem_state, sysfs_type, fs_type;
+type sysfs_gps, sysfs_type, fs_type;

vendor/file_contexts

@@ -8,3 +8,17 @@
 /dev/lwis-sensor-barghest                                                   u:object_r:lwis_device:s0
 /dev/lwis-sensor-leshen                                                     u:object_r:lwis_device:s0
 /dev/lwis-sensor-leshen-uw                                                  u:object_r:lwis_device:s0
+
+# GPS
+/dev/gnss_ipc                       u:object_r:vendor_gnss_device:s0
+/dev/gnss_boot                      u:object_r:vendor_gnss_device:s0
+/dev/gnss_dump                      u:object_r:vendor_gnss_device:s0
+
+/vendor/bin/hw/gnssd                u:object_r:gnssd_exec:s0
+/vendor/bin/hw/sctd                 u:object_r:sctd_exec:s0
+/vendor/bin/hw/swcnd                u:object_r:swcnd_exec:s0
+/vendor/bin/hw/spad                 u:object_r:spad_exec:s0
+/vendor/bin/hw/android.hardware.gnss-service                   u:object_r:hal_gnss_default_exec:s0
+
+# gnss/gps data/log files
+/data/vendor/gps(/.*)?              u:object_r:vendor_gps_file:s0

vendor/genfs_contexts

@@ -1 +1,2 @@
-
+# gps coredump node
+genfscon sysfs /devices/platform/gnssif/coredump                                                                     u:object_r:sysfs_gps:s0

vendor/gnssd.te

@@ -0,0 +1,28 @@
+type gnssd, domain;
+type gnssd_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(gnssd);
+
+# Allow gnssd to access rild
+binder_call(gnssd, rild);
+binder_call(gnssd, hwservicemanager)
+allow gnssd hal_exynos_rild_hwservice:hwservice_manager find;
+allow gnssd radio_device:chr_file rw_file_perms;
+
+# Allow gnssd to acess gnss device
+allow gnssd vendor_gnss_device:chr_file rw_file_perms;
+allow gnssd vendor_gps_file:dir create_dir_perms;
+allow gnssd vendor_gps_file:file create_file_perms;
+allow gnssd vendor_gps_file:fifo_file create_file_perms;
+
+# Allow gnssd to obtain wakelock
+wakelock_use(gnssd);
+
+# Allow a base set of permissions required for network access.
+net_domain(gnssd);
+
+# Allow gnssd to get boot complete
+get_prop(gnssd, bootanim_system_prop);
+
+allow gnssd sysfs_soc:file r_file_perms;
+
+allow gnssd sysfs_gps:file rw_file_perms;

vendor/hal_gnss_default.te

@@ -0,0 +1,7 @@
+allow hal_gnss_default fwk_sensor_service:service_manager find;
+allow hal_gnss_default gnssd:unix_stream_socket connectto;
+allow hal_gnss_default vendor_gps_file:dir create_dir_perms;
+allow hal_gnss_default vendor_gps_file:file create_file_perms;
+allow hal_gnss_default vendor_gps_file:fifo_file create_file_perms;
+
+allow hal_gnss_default sysfs_gps:file rw_file_perms;

vendor/rild.te

@@ -0,0 +1 @@
+binder_call(rild, gnssd)

vendor/sctd.te

@@ -0,0 +1,3 @@
+type sctd, domain;
+type sctd_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(sctd);

vendor/spad.te

@@ -0,0 +1,3 @@
+type spad, domain;
+type spad_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(spad);

vendor/swcnd.te

@@ -0,0 +1,3 @@
+type swcnd, domain;
+type swcnd_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(swcnd);