1 # loc_launcher service 2 type location, domain; 3 type location_exec, exec_type, file_type; 4 5 # STOPSHIP b/28340421 6 # Temporarily grant this permission and log its use. 7 allow location self:capability { net_admin net_raw }; 8 auditallow location self:capability { net_admin net_raw }; 9 10 init_daemon_domain(location) 11 12 allow location self:capability { setgid setuid }; 13 14 binder_use(location) 15 binder_call(location, system_server) 16 allow location system_server:unix_stream_socket { read write }; 17 18 # Grant access to Qualcomm MSM Interface (QMI) radio sockets 19 qmux_socket(location) 20 21 allow location self:netlink_route_socket create_socket_perms; 22 allow location self:netlink_socket create_socket_perms; 23 allow location self:udp_socket create_socket_perms; 24 allowxperm location self:udp_socket ioctl { SIOCGIFINDEX SIOCGIFHWADDR SIOCIWFIRSTPRIV_05 }; 25 allow location self:socket create_socket_perms; 26 # whitelist socket ioctl commands 27 allowxperm location self:socket ioctl msm_sock_ipc_ioctls; 28 29 # files in /sys 30 r_dir_file(location, sysfs_type) 31 32 allow location proc_net:file r_file_perms; 33 34 # execute /vendor/bin/slim_daemon 35 allow location system_file:file rx_file_perms; 36 37 # execute /system/bin/lowi-server 38 allow location location_exec:file rx_file_perms; 39 40 # /data/misc/location 41 allow location location_data_file:dir create_dir_perms; 42 allow location location_data_file:{ file sock_file } create_file_perms; 43 44 allow location permission_service:service_manager find; 45 allow location sensorservice_service:service_manager find; 46 47 userdebug_or_eng(` 48 allow location diag_device:chr_file rw_file_perms; 49 ') 50
