Branch zuma from gs201

Branch zuma from gs201 sha1 63751751aa91275b083797278d638078b3a0bf7a

cp/pantah/ripcurrent
cp/gs201/zuma

Bug: 229340586
Change-Id: Ie692d8dbbf0fc4d3b376dc9fe3e930bd3955a88e
Signed-off-by: Aaron Ding <aaronding@google.com>

gps/device.te

@@ -0,0 +1 @@
+type vendor_gnss_device, dev_type;

gps/file.te

@@ -0,0 +1,6 @@
+type vendor_gps_file, file_type, data_file_type;
+userdebug_or_eng(`
+    typeattribute vendor_gps_file mlstrustedobject;
+')
+
+type sysfs_gps, sysfs_type, fs_type;

gps/file_contexts

@@ -0,0 +1,12 @@
+# gnss/gps data/log files
+/data/vendor/gps(/.*)?                                            u:object_r:vendor_gps_file:s0
+
+# devices
+/dev/bbd_control                                                  u:object_r:vendor_gnss_device:s0
+/dev/ttyBCM                                                       u:object_r:vendor_gnss_device:s0
+
+# vendor binaries
+/vendor/bin/hw/scd                                                u:object_r:scd_exec:s0
+/vendor/bin/hw/lhd                                                u:object_r:lhd_exec:s0
+/vendor/bin/hw/gpsd                                               u:object_r:gpsd_exec:s0
+/vendor/bin/hw/android\.hardware\.gnss@[0-9]\.[0-9]-service-brcm  u:object_r:hal_gnss_default_exec:s0

gps/genfs_contexts

@@ -0,0 +1,3 @@
+# GPS
+genfscon sysfs /devices/platform/10940000.spi/spi_master/spi5/spi5.0/nstandby   u:object_r:sysfs_gps:s0
+

gps/gpsd.te

@@ -0,0 +1,21 @@
+type gpsd, domain;
+type gpsd_exec, vendor_file_type, exec_type, file_type;
+init_daemon_domain(gpsd)
+
+# Allow gpsd access PixelLogger unix socket in debug build only
+userdebug_or_eng(`
+    typeattribute gpsd mlstrustedsubject;
+    allow gpsd logger_app:unix_stream_socket connectto;
+')
+
+# Allow gpsd to obtain wakelock
+wakelock_use(gpsd)
+
+# Allow gpsd access data vendor gps files
+allow gpsd vendor_gps_file:dir create_dir_perms;
+allow gpsd vendor_gps_file:file create_file_perms;
+allow gpsd vendor_gps_file:fifo_file create_file_perms;
+
+# Allow gpsd to access sensor service
+binder_call(gpsd, system_server);
+allow gpsd fwk_sensor_hwservice:hwservice_manager find;

gps/hal_gnss_default.te

@@ -0,0 +1,4 @@
+# Allow hal_gnss_default access data vendor gps files
+allow hal_gnss_default vendor_gps_file:dir create_dir_perms;
+allow hal_gnss_default vendor_gps_file:file create_file_perms;
+allow hal_gnss_default vendor_gps_file:fifo_file create_file_perms;

gps/lhd.te

@@ -0,0 +1,23 @@
+type lhd, domain;
+type lhd_exec, vendor_file_type, exec_type, file_type;
+init_daemon_domain(lhd)
+
+# Allow lhd access PixelLogger unix socket in debug build only
+userdebug_or_eng(`
+    typeattribute lhd mlstrustedsubject;
+    allow lhd logger_app:unix_stream_socket connectto;
+')
+
+# Allow lhd access data vendor gps files
+allow lhd vendor_gps_file:dir create_dir_perms;
+allow lhd vendor_gps_file:file create_file_perms;
+allow lhd vendor_gps_file:fifo_file create_file_perms;
+
+# Allow lhd to obtain wakelock
+wakelock_use(lhd)
+
+# Allow lhd access /dev/bbd_control file
+allow lhd vendor_gnss_device:chr_file rw_file_perms;
+
+# Allow lhd access nstandby gpio
+allow lhd sysfs_gps:file rw_file_perms;

gps/scd.te

@@ -0,0 +1,17 @@
+type scd, domain;
+type scd_exec, vendor_file_type, exec_type, file_type;
+init_daemon_domain(scd)
+
+# Allow scd access PixelLogger unix socket in debug build only
+userdebug_or_eng(`
+    typeattribute scd mlstrustedsubject;
+    allow scd logger_app:unix_stream_socket connectto;
+')
+
+# Allow a base set of permissions required for network access.
+net_domain(scd);
+
+# Allow scd access data vendor gps files
+allow scd vendor_gps_file:dir create_dir_perms;
+allow scd vendor_gps_file:file create_file_perms;
+allow scd vendor_gps_file:fifo_file create_file_perms;