1 # loc_launcher service 2 type location, domain; 3 type location_exec, exec_type, vendor_file_type, file_type; 4 5 # STOPSHIP b/28340421 6 # Temporarily grant this permission and log its use. 7 allow location self:capability { net_admin net_raw }; 8 auditallow location self:capability { net_admin net_raw }; 9 10 init_daemon_domain(location) 11 12 allow location self:capability { setgid setuid }; 13 14 hwbinder_use(location) 15 get_prop(location, hwservicemanager_prop) 16 allow location fwk_sensor_hwservice:hwservice_manager find; 17 binder_call(location, system_server) 18 allow location hal_wifi:unix_stream_socket { read write }; 19 20 # Grant access to Qualcomm MSM Interface (QMI) radio sockets 21 qmux_socket(location) 22 23 allow location self:netlink_route_socket create_socket_perms_no_ioctl; 24 allow location self:netlink_socket create_socket_perms_no_ioctl; 25 allow location self:udp_socket create_socket_perms; 26 allowxperm location self:udp_socket ioctl { SIOCGIFINDEX SIOCGIFHWADDR SIOCIWFIRSTPRIV_05 }; 27 allow location self:socket create_socket_perms; 28 # whitelist socket ioctl commands 29 allowxperm location self:socket ioctl msm_sock_ipc_ioctls; 30 31 # files in /sys 32 r_dir_file(location, sysfs_type) 33 34 allow location proc_net:file r_file_perms; 35 36 # execute /vendor/bin/slim_daemon 37 allow location vendor_file:file rx_file_perms; 38 allow location vendor_file:file execute_no_trans; 39 40 # execute /vendor/bin/lowi-server 41 allow location location_exec:file rx_file_perms; 42 43 # /data/misc/location 44 allow location location_data_file:dir create_dir_perms; 45 allow location location_data_file:{ file sock_file } create_file_perms; 46 47 # allow location permission_service:service_manager find; 48 # allow location sensorservice_service:service_manager find; 49 50 userdebug_or_eng(` 51 allow location diag_device:chr_file rw_file_perms; 52 ') 53 54 # netd is a vendor daemon that is on /system; its functionality is related to 55 # cellular data; since we allow telephony and telephony-data violations on 56 # Marlin and Sailfish, we need to tag the dependency on netd with 57 # socket_between_core_and_vendor_violators 58 typeattribute location socket_between_core_and_vendor_violators; 59 60 # Added to enable XTRA download (from internet) per 61 # audit2allow after a test that downloaded XTRA on boot 62 allow location dnsproxyd_socket:sock_file write; 63 allow location fwmarkd_socket:sock_file write; 64 allow location netd:unix_stream_socket connectto; 65 allow location port:tcp_socket name_connect; 66 allow location self:tcp_socket { connect create read setopt write }; 67 allow location self:udp_socket { create ioctl read write }; 68
