1 # loc_launcher service 2 type location, domain, domain_deprecated; 3 type location_exec, exec_type, file_type; 4 5 init_daemon_domain(location) 6 7 binder_use(location) 8 binder_call(location, per_mgr) 9 binder_call(location, system_server) 10 11 qmux_socket(location) 12 allow location system_server:unix_stream_socket { read write }; 13 14 allow location location_data_file:dir rw_dir_perms; 15 allow location location_data_file:file create_file_perms; 16 allow location location_data_file:sock_file create_file_perms; 17 allow location location_exec:file x_file_perms; 18 allow location self:{ 19 socket 20 netlink_socket 21 netlink_route_socket 22 udp_socket 23 } create_socket_perms; 24 25 # create location socket location-mq-s 26 allow location location_data_file:sock_file { create setattr unlink }; 27 28 # daemon starts as root to obtain all DAC capabilities 29 # TODO start as gps user and use filesystem-config to give 30 # proper DAC capabilities. 31 allow location self:capability { setuid setgid net_admin net_raw }; 32 33 # execute /system/bin/lowi-server and /vendor/bin/slim_daemon 34 allow location location_exec:file rx_file_perms; 35 36 # slim_daemon receives data from Loc_hal_worker 37 allow location self:socket create_socket_perms; 38 39 allow location sensorservice_service:service_manager find; 40 41 # subsystem ramdump for debug builds 42 userdebug_or_eng(` 43 allow location sysfs_ssr:dir r_dir_perms; 44 allow location sysfs_ssr:lnk_file read; 45 ') 46
