sepolicy/location.te - device/google/marlin - Git at Google

 # loc_launcher service
 type location, domain;
 type location_exec, exec_type, vendor_file_type, file_type;

 # STOPSHIP b/28340421
 # Temporarily grant this permission and log its use.
 allow location self:capability { net_admin net_raw };
 auditallow location self:capability { net_admin net_raw };

 init_daemon_domain(location)

 allow location self:capability { setgid setuid };

 # TODO(b/36569343): Remove this once location daemon stops using Binder
 typeattribute location binder_in_vendor_violators;
 binder_use(location)
 binder_call(location, system_server)
 allow location hal_wifi:unix_stream_socket { read write };

 # Grant access to Qualcomm MSM Interface (QMI) radio sockets
 qmux_socket(location)

 allow location self:netlink_route_socket create_socket_perms_no_ioctl;
 allow location self:netlink_socket create_socket_perms_no_ioctl;
 allow location self:udp_socket create_socket_perms;
 allowxperm location self:udp_socket ioctl { SIOCGIFINDEX SIOCGIFHWADDR SIOCIWFIRSTPRIV_05 };
 allow location self:socket create_socket_perms;
 # whitelist socket ioctl commands
 allowxperm location self:socket ioctl msm_sock_ipc_ioctls;

 # files in /sys
 r_dir_file(location, sysfs_type)

 allow location proc_net:file r_file_perms;

 # execute /vendor/bin/slim_daemon
 allow location system_file:file rx_file_perms;

 # execute /vendor/bin/lowi-server
 allow location location_exec:file rx_file_perms;

 # /data/misc/location
 allow location location_data_file:dir create_dir_perms;
 allow location location_data_file:{ file sock_file } create_file_perms;

 allow location permission_service:service_manager find;
 allow location sensorservice_service:service_manager find;

 userdebug_or_eng(`
   allow location diag_device:chr_file rw_file_perms;
 ')

 # TODO(b/34274385): Remove this once Wi-Fi HAL is guaranteed to not be run in passthrough mode
 # What's going on here is that Wi-Fi HAL is talking over sockets to location daemon, which is
 # permitted. However, those rules target hal_wifi rather than hal_wifi_server and thus are also
 # granted to all clients of these HALs (e.g., system_server) which are core components, and
 # socket communications between system components and vendor components are not permted.
 # Once we switch full Treble devices to binderized only mode, this issue will disappear.
 typeattribute location socket_between_core_and_vendor_violators;
	# loc_launcher service
	type location, domain;
	type location_exec, exec_type, vendor_file_type, file_type;

	# STOPSHIP b/28340421
	# Temporarily grant this permission and log its use.
	allow location self:capability { net_admin net_raw };
	auditallow location self:capability { net_admin net_raw };

	init_daemon_domain(location)

	allow location self:capability { setgid setuid };

	# TODO(b/36569343): Remove this once location daemon stops using Binder
	typeattribute location binder_in_vendor_violators;
	binder_use(location)
	binder_call(location, system_server)
	allow location hal_wifi:unix_stream_socket { read write };

	# Grant access to Qualcomm MSM Interface (QMI) radio sockets
	qmux_socket(location)

	allow location self:netlink_route_socket create_socket_perms_no_ioctl;
	allow location self:netlink_socket create_socket_perms_no_ioctl;
	allow location self:udp_socket create_socket_perms;
	allowxperm location self:udp_socket ioctl { SIOCGIFINDEX SIOCGIFHWADDR SIOCIWFIRSTPRIV_05 };
	allow location self:socket create_socket_perms;
	# whitelist socket ioctl commands
	allowxperm location self:socket ioctl msm_sock_ipc_ioctls;

	# files in /sys
	r_dir_file(location, sysfs_type)

	allow location proc_net:file r_file_perms;

	# execute /vendor/bin/slim_daemon
	allow location system_file:file rx_file_perms;

	# execute /vendor/bin/lowi-server
	allow location location_exec:file rx_file_perms;

	# /data/misc/location
	allow location location_data_file:dir create_dir_perms;
	allow location location_data_file:{ file sock_file } create_file_perms;

	allow location permission_service:service_manager find;
	allow location sensorservice_service:service_manager find;

	userdebug_or_eng(`
	allow location diag_device:chr_file rw_file_perms;
	')

	# TODO(b/34274385): Remove this once Wi-Fi HAL is guaranteed to not be run in passthrough mode
	# What's going on here is that Wi-Fi HAL is talking over sockets to location daemon, which is
	# permitted. However, those rules target hal_wifi rather than hal_wifi_server and thus are also
	# granted to all clients of these HALs (e.g., system_server) which are core components, and
	# socket communications between system components and vendor components are not permted.
	# Once we switch full Treble devices to binderized only mode, this issue will disappear.
	typeattribute location socket_between_core_and_vendor_violators;