Binderized GPS - restoring Xtra service
Adding several permissions per audit2allow
for the XTRA-assisted-GPS file
(from internet) download use case
Bug: 35768061
Bug: 35757613
Bug: 34208553
Test: On Marlin - manual GPS tests
including delete all then restats
with xtra throttle off
Change-Id: Ic345e7688f9bae5c00b957e44b6015b7ef2a7530
diff --git a/sepolicy/hal_gnss.te b/sepolicy/hal_gnss.te
index 3bf7b51..e945798 100644
--- a/sepolicy/hal_gnss.te
+++ b/sepolicy/hal_gnss.te
@@ -17,3 +17,15 @@
#access to /sys/devices/soc0/soc_id and /sys/devices/soc0/hw_platform
allow hal_gnss sysfs_soc:file { read open getattr };
+
+# Added to enable XTRA download (from internet) per
+# audit2allow after a test that downloaded XTRA on boot
+#
+# TODO:(b/35757613) - STOPSHIP - HAL cannot have direct inet access
+#
+allow hal_gnss dnsproxyd_socket:sock_file write;
+allow hal_gnss fwmarkd_socket:sock_file write;
+allow hal_gnss netd:unix_stream_socket connectto;
+allow hal_gnss port:tcp_socket name_connect;
+allow hal_gnss self:tcp_socket { connect create read setopt write };
+allow hal_gnss self:udp_socket { create ioctl read write };
diff --git a/sepolicy/netd.te b/sepolicy/netd.te
index ab7ecba..8c92cb5 100644
--- a/sepolicy/netd.te
+++ b/sepolicy/netd.te
@@ -3,3 +3,11 @@
# in addition to ioctl commands granted to domain allow netd to use:
allowxperm netd self:udp_socket ioctl { SIOCSIFFLAGS SIOCSIFADDR SIOCGIFHWADDR };
+
+# Enable XTRA downloads
+#
+# TODO:(b/35757613) - STOPSHIP - HAL cannot have direct inet access
+#
+allow netd hal_gnss_default:fd use;
+allow netd hal_gnss_default:tcp_socket { getopt read setopt write };
+
