1 # loc_launcher service 2 # which launches various other services supporting GPS & Wifi-RTT (LOWI) location 3 type location, domain; 4 type location_exec, exec_type, vendor_file_type, file_type; 5 6 init_daemon_domain(location) 7 8 # STOPSHIP b/28340421 9 # Temporarily grant this permission (for LOWI) and log its use. 10 allow location self:capability { net_admin }; 11 auditallow location self:capability { net_admin }; 12 13 allow location self:capability { setgid setuid }; 14 15 hwbinder_use(location) 16 get_prop(location, hwservicemanager_prop) 17 allow location fwk_sensor_hwservice:hwservice_manager find; 18 binder_call(location, system_server) 19 allow location hal_wifi:unix_stream_socket { read write }; 20 21 # Enable standard network access (for XTRA download) 22 net_domain(location) 23 24 # And some additional network access 25 allow location self:netlink_generic_socket create_socket_perms_no_ioctl; 26 allow location self:netlink_socket create_socket_perms_no_ioctl; 27 allowxperm location self:udp_socket ioctl { SIOCGIFINDEX SIOCGIFHWADDR SIOCIWFIRSTPRIV_05 }; 28 29 allow location self:socket create_socket_perms; 30 # whitelist socket ioctl commands 31 allowxperm location self:socket ioctl msm_sock_ipc_ioctls; 32 33 # files in /sys 34 r_dir_file(location, sysfs_type) 35 36 dontaudit location kernel:system module_request; 37 38 allow location proc_net:file r_file_perms; 39 40 # execute /vendor/bin/lowi-server 41 allow location location_exec:file rx_file_perms; 42 43 # /data/vendor/location 44 allow location location_data_file:dir create_dir_perms; 45 allow location location_data_file:{ file sock_file } create_file_perms; 46 47 userdebug_or_eng(` 48 allow location diag_device:chr_file rw_file_perms; 49 ')
