| Tushar Janefalkar | 87c1f92 | 2014-10-21 15:16:12 -0700 | [diff] [blame] | 1 | # location - Location daemon |
| Biswajit Paul | 6786a92 | 2017-03-16 11:53:53 -0700 | [diff] [blame] | 2 | type location, domain; |
| Ravi Kumar Siddojigari | c7def12 | 2017-06-13 00:49:19 +0530 | [diff] [blame] | 3 | type location_exec, exec_type, vendor_file_type, file_type; |
| Tushar Janefalkar | 87c1f92 | 2014-10-21 15:16:12 -0700 | [diff] [blame] | 4 | |
| 5 | init_daemon_domain(location) |
| 6 | net_domain(location) |
| 7 | |
| 8 | # Socket is created by the daemon, not by init, and under /data/gps, |
| 9 | # not under /dev/socket. |
| 10 | type_transition location location_data_file:sock_file location_socket; |
| 11 | |
| 12 | qmux_socket(location) |
| Ravi Kumar Siddojigari | c7def12 | 2017-06-13 00:49:19 +0530 | [diff] [blame] | 13 | #binder_use(location) |
| Kevin Tang | ba4eed9 | 2014-12-08 22:31:43 -0800 | [diff] [blame] | 14 | binder_call(location, system_server) |
| Kevin Tang | 07d51be | 2016-06-15 11:53:09 -0700 | [diff] [blame] | 15 | wakelock_use(location) |
| Tushar Janefalkar | 87c1f92 | 2014-10-21 15:16:12 -0700 | [diff] [blame] | 16 | |
| Jiafei Wen | 7253552 | 2015-11-09 13:57:00 -0800 | [diff] [blame] | 17 | allow location location_data_file:dir create_dir_perms; |
| Avijit Kanti Das | 441bad4 | 2015-05-12 14:07:41 -0700 | [diff] [blame] | 18 | allow location location_data_file:{ file fifo_file } create_file_perms; |
| Harikrishnan Hariharan | c337006 | 2017-08-21 21:24:12 +0530 | [diff] [blame] | 19 | allow location location_data_file:sock_file { write unlink }; |
| Avijit Kanti Das | 441bad4 | 2015-05-12 14:07:41 -0700 | [diff] [blame] | 20 | allow location location_exec:file x_file_perms; |
| Tushar Janefalkar | 87c1f92 | 2014-10-21 15:16:12 -0700 | [diff] [blame] | 21 | allow location location_socket:sock_file create_file_perms; |
| Saurabh Srivastava | babba44 | 2018-01-19 21:27:23 +0530 | [diff] [blame] | 22 | allow location location_socket:dir rw_dir_perms; |
| Kevin Tang | 847be70 | 2017-07-06 14:32:12 -0700 | [diff] [blame] | 23 | allow location self:capability { setuid setgid net_admin net_bind_service }; |
| Avijit Kanti Das | 441bad4 | 2015-05-12 14:07:41 -0700 | [diff] [blame] | 24 | allow location self:{ |
| 25 | socket |
| 26 | netlink_socket |
| Biswajit Paul | c6024d2 | 2016-07-06 17:35:41 -0700 | [diff] [blame] | 27 | netlink_generic_socket |
| Biswajit Paul | 2d35d98 | 2017-02-01 17:40:10 -0800 | [diff] [blame] | 28 | } create_socket_perms_no_ioctl; |
| Avijit Kanti Das | 441bad4 | 2015-05-12 14:07:41 -0700 | [diff] [blame] | 29 | |
| 30 | unix_socket_connect(location, sensors, sensors) |
| Tushar Janefalkar | 87c1f92 | 2014-10-21 15:16:12 -0700 | [diff] [blame] | 31 | allow location sensors_device:chr_file r_file_perms; |
| Valeri Atamaniouk | a568b6a | 2014-12-11 16:45:55 +0200 | [diff] [blame] | 32 | allow location sensors_socket:sock_file rw_file_perms; |
| Ravi Kumar Siddojigari | c7def12 | 2017-06-13 00:49:19 +0530 | [diff] [blame] | 33 | allow location vendor_shell_exec:file rx_file_perms; |
| Avijit Kanti Das | 441bad4 | 2015-05-12 14:07:41 -0700 | [diff] [blame] | 34 | |
| Ruifeng Xu | 77a320a | 2017-09-08 11:42:04 -0700 | [diff] [blame] | 35 | unix_socket_connect(location,location,hal_gnss) |
| 36 | allow location hal_gnss:unix_dgram_socket sendto; |
| 37 | |
| Ravi Kumar Siddojigari | c7def12 | 2017-06-13 00:49:19 +0530 | [diff] [blame] | 38 | #allow location system_server:unix_stream_socket { read write connectto}; |
| Hema Iyer Sankaranarayanan | 736f68c | 2015-06-25 10:39:26 -0700 | [diff] [blame] | 39 | |
| 40 | # For interfacing with the device sensorservice |
| Biswajit Paul | 76db235 | 2016-04-20 15:53:02 -0700 | [diff] [blame] | 41 | # permission check for slim daemon |
| Ravi Kumar Siddojigari | c7def12 | 2017-06-13 00:49:19 +0530 | [diff] [blame] | 42 | #allow location { sensorservice_service permission_service }:service_manager find; |
| Hema Iyer Sankaranarayanan | 736f68c | 2015-06-25 10:39:26 -0700 | [diff] [blame] | 43 | |
| Mike Cailean | b38dc5c | 2017-05-31 15:00:26 -0700 | [diff] [blame] | 44 | hwbinder_use(location) |
| 45 | get_prop(location, hwservicemanager_prop) |
| 46 | |
| 47 | allow location fwk_sensor_hwservice:hwservice_manager find; |
| 48 | |
| Ananda Kishore | 464bd03 | 2016-05-18 18:58:52 +0530 | [diff] [blame] | 49 | allow location sensors_persist_file:dir r_dir_perms; |
| 50 | allow location sensors_persist_file:file r_file_perms; |
| 51 | |
| Hema Iyer Sankaranarayanan | 9e1e07d | 2015-09-29 10:41:46 -0700 | [diff] [blame] | 52 | #wifi |
| Dante Russo | 894035f | 2016-09-16 15:03:10 -0700 | [diff] [blame] | 53 | userdebug_or_eng(` |
| 54 | allow location wifi_data_file:dir create_dir_perms; |
| Ravi Kumar Siddojigari | c7def12 | 2017-06-13 00:49:19 +0530 | [diff] [blame] | 55 | #allow location wifi_data_file:sock_file create_file_perms; |
| Dante Russo | 894035f | 2016-09-16 15:03:10 -0700 | [diff] [blame] | 56 | allow location su:unix_dgram_socket sendto; |
| 57 | ') |
| Divya Sharma | 7caea0a | 2017-03-06 15:36:22 -0800 | [diff] [blame] | 58 | # comment to remove compilation issue |
| 59 | #unix_socket_send(wpa, location, location) |
| 60 | #allow location wpa:unix_dgram_socket sendto; |
| Hema Iyer Sankaranarayanan | 9e1e07d | 2015-09-29 10:41:46 -0700 | [diff] [blame] | 61 | allow location wpa_socket:dir rw_dir_perms; |
| 62 | allow location wpa_socket:sock_file create_file_perms; |
| 63 | |
| Dante Russo | 70a5c13 | 2016-02-11 11:36:32 -0800 | [diff] [blame] | 64 | allow location rfs_shared_hlos_file:dir r_dir_perms; |
| 65 | allow location rfs_shared_hlos_file:file rw_file_perms; |
| Subash Abhinov Kasiviswanathan | b59ff09 | 2014-11-12 12:31:11 -0700 | [diff] [blame] | 66 | |
| 67 | dontaudit location domain:dir r_dir_perms; |
| 68 | r_dir_file(location, netmgrd) |
| Ruifeng Xu | edb9d3c | 2015-09-22 11:01:35 -0700 | [diff] [blame] | 69 | allow location persist_file:dir r_dir_perms; |
| Biswajit Paul | 28439f9 | 2015-07-15 13:28:27 -0700 | [diff] [blame] | 70 | |
| 71 | #Allow access to netmgrd socket |
| 72 | netmgr_socket(location); |
| Neethu Joseph | a2c7d89 | 2015-11-11 11:02:22 -0800 | [diff] [blame] | 73 | |
| 74 | #Allow access to properties |
| Michael Bestas | fc211fc | 2017-08-08 21:18:48 +0300 | [diff] [blame] | 75 | set_prop(location, location_prop) |
| Biswajit Paul | 277acbb | 2016-07-20 12:02:14 -0700 | [diff] [blame] | 76 | |
| 77 | #diag |
| 78 | userdebug_or_eng(` |
| 79 | diag_use(location) |
| 80 | ') |
| Biswajit Paul | f63bd14 | 2017-03-16 16:41:02 -0700 | [diff] [blame] | 81 | allow location sysfs:file r_file_perms; |
| Sunmeet Gill | 575d249 | 2017-05-22 19:03:52 -0700 | [diff] [blame] | 82 | allow location sysfs_data:file r_file_perms; |
| Biswajit Paul | f63bd14 | 2017-03-16 16:41:02 -0700 | [diff] [blame] | 83 | allow location self:socket ioctl; |
| 84 | # ioctlcmd=c304 |
| 85 | allowxperm location self:socket ioctl msm_sock_ipc_ioctls; |
| Biswajit Paul | d852033 | 2017-03-10 16:58:08 -0800 | [diff] [blame] | 86 | allow location self:udp_socket ioctl; |
| 87 | allow location wifi_prop:file r_file_perms; |
| 88 | # Replace this with macro |
| 89 | allowxperm location self:udp_socket ioctl priv_sock_ioctls; |
| Baili Feng | eaebb47 | 2017-08-22 15:07:34 +0800 | [diff] [blame] | 90 | |
| 91 | #Allow access to wake alarm |
| 92 | allow location self:capability2 wake_alarm; |
| Shawn Shini | 3d4536a | 2017-08-14 16:25:22 -0700 | [diff] [blame] | 93 | |
| 94 | #access to qdma socket |
| 95 | qdma_file_socket(location); |
| Dante Russo | 0dd3d02 | 2017-12-11 12:16:45 -0800 | [diff] [blame] | 96 | |
| 97 | #allow qdma prop |
| 98 | get_prop(location, qdma_prop); |