1 # loc_launcher service 2 type location, domain, device_domain_deprecated; 3 type location_exec, exec_type, file_type; 4 5 init_daemon_domain(location) 6 7 binder_use(location) 8 binder_call(location, per_mgr) 9 binder_call(location, system_server) 10 11 qmux_socket(location) 12 allow location hal_wifi:unix_stream_socket { read write }; 13 14 allow location location_data_file:dir rw_dir_perms; 15 allow location location_data_file:file create_file_perms; 16 allow location location_data_file:sock_file create_file_perms; 17 allow location location_exec:file x_file_perms; 18 allow location self:socket create_socket_perms; 19 allowxperm location self:socket ioctl msm_sock_ipc_ioctls; 20 allow location self:netlink_socket create_socket_perms_no_ioctl; 21 allow location self:netlink_route_socket create_socket_perms_no_ioctl; 22 allow location self:udp_socket create_socket_perms; 23 allowxperm location self:udp_socket ioctl { SIOCGIFINDEX SIOCGIFHWADDR SIOCIWFIRSTPRIV_05 }; 24 25 # create location socket location-mq-s 26 allow location location_data_file:sock_file { create setattr unlink }; 27 28 # daemon starts as root to obtain all DAC capabilities 29 # TODO start as gps user and use filesystem-config to give 30 # proper DAC capabilities. 31 allow location self:capability { setuid setgid net_admin net_raw }; 32 33 # execute /system/bin/lowi-server and /vendor/bin/slim_daemon 34 allow location location_exec:file rx_file_perms; 35 36 # slim_daemon receives data from Loc_hal_worker 37 allow location self:socket create_socket_perms; 38 39 allow location sensorservice_service:service_manager find; 40 41 # subsystem ramdump for debug builds 42 userdebug_or_eng(` 43 allow location sysfs_ssr:dir r_dir_perms; 44 allow location sysfs_ssr:lnk_file read; 45 ') 46
