1# loc_launcher service 2type location, domain; 3type location_exec, exec_type, vendor_file_type, file_type; 4 5# STOPSHIP b/28340421 6# Temporarily grant this permission and log its use. 7allow location self:capability { net_admin net_raw }; 8auditallow location self:capability { net_admin net_raw }; 9 10init_daemon_domain(location) 11 12allow location self:capability { setgid setuid }; 13 14hwbinder_use(location) 15get_prop(location, hwservicemanager_prop) 16allow location fwk_sensor_hwservice:hwservice_manager find; 17binder_call(location, system_server) 18allow location hal_wifi:unix_stream_socket { read write }; 19 20# Grant access to Qualcomm MSM Interface (QMI) radio sockets 21qmux_socket(location) 22 23allow location self:netlink_route_socket create_socket_perms_no_ioctl; 24allow location self:netlink_socket create_socket_perms_no_ioctl; 25allow location self:udp_socket create_socket_perms; 26allowxperm location self:udp_socket ioctl { SIOCGIFINDEX SIOCGIFHWADDR SIOCIWFIRSTPRIV_05 }; 27allow location self:socket create_socket_perms; 28# whitelist socket ioctl commands 29allowxperm location self:socket ioctl msm_sock_ipc_ioctls; 30 31# files in /sys 32r_dir_file(location, sysfs_type) 33 34allow location proc_net:file r_file_perms; 35 36# execute /vendor/bin/slim_daemon 37allow location vendor_file:file rx_file_perms; 38allow location vendor_file:file execute_no_trans; 39 40# execute /vendor/bin/lowi-server 41allow location location_exec:file rx_file_perms; 42 43# /data/misc/location 44allow location location_data_file:dir create_dir_perms; 45allow location location_data_file:{ file sock_file } create_file_perms; 46 47# allow location permission_service:service_manager find; 48# allow location sensorservice_service:service_manager find; 49 50userdebug_or_eng(` 51 allow location diag_device:chr_file rw_file_perms; 52') 53 54# netd is a vendor daemon that is on /system; its functionality is related to 55# cellular data; since we allow telephony and telephony-data violations on 56# Marlin and Sailfish, we need to tag the dependency on netd with 57# socket_between_core_and_vendor_violators 58typeattribute location socket_between_core_and_vendor_violators; 59 60# Added to enable XTRA download (from internet) per 61# audit2allow after a test that downloaded XTRA on boot 62allow location dnsproxyd_socket:sock_file write; 63allow location fwmarkd_socket:sock_file write; 64allow location netd:unix_stream_socket connectto; 65allow location port:tcp_socket name_connect; 66allow location self:tcp_socket { connect create read setopt write }; 67allow location self:udp_socket { create ioctl read write }; 68