SEAndroid: location policies update
Declared location-mq-s socket as a location_socket.
Change-Id: I9fae492dc1d84c782c5aa19ab69e0e29a0c69206
diff --git a/sepolicy/file.te b/sepolicy/file.te
index f88bd65..05d70d0 100644
--- a/sepolicy/file.te
+++ b/sepolicy/file.te
@@ -12,7 +12,11 @@
type adspd_socket, file_type;
type mpdecision_socket, file_type;
type qmuxd_socket, file_type;
+
+#location file types
type location_data_file, file_type, data_file_type;
+type location_app_data_file, file_type, data_file_type;
+
# Socket node needed by ims_data daemon
type ims_socket, file_type;
diff --git a/sepolicy/location.te b/sepolicy/location.te
index cc02d00..834b970 100644
--- a/sepolicy/location.te
+++ b/sepolicy/location.te
@@ -13,6 +13,12 @@
allow location location_data_file:dir rw_dir_perms;
allow location location_data_file:file create_file_perms;
+allow location location_data_file:sock_file create_file_perms;
+allow location location_exec:file x_file_perms;
+allow location self:{
+ socket
+ netlink_socket
+} create_socket_perms;
# create location socket location-mq-s
allow location location_data_file:sock_file { create setattr unlink };
diff --git a/sepolicy/system_server.te b/sepolicy/system_server.te
index 6b1a078..66a7b7c 100644
--- a/sepolicy/system_server.te
+++ b/sepolicy/system_server.te
@@ -18,10 +18,12 @@
allow system_server persist_file:dir search;
allow system_server persist_sensortool_file:file r_file_perms;
-# need access to files/socket in /data/misc/location
+# For location
allow system_server location:unix_stream_socket connectto;
-allow system_server location_data_file: { fifo_file sock_file } { create_file_perms };
+allow system_server location_data_file:{ file fifo_file } create_file_perms;
allow system_server location_data_file:dir rw_dir_perms;
+allow system_server location_data_file:sock_file create_file_perms;
+
allow system_server mpctl_data_file:dir search;