wangxl | 5b6293a | 2015-02-03 21:10:20 +0800 | [diff] [blame^] | 1 | # location - Location daemon |
| 2 | type location, domain; |
| 3 | type location_exec, exec_type, file_type; |
| 4 | |
| 5 | init_daemon_domain(location) |
| 6 | net_domain(location) |
| 7 | |
| 8 | # Socket is created by the daemon, not by init, and under /data/gps, |
| 9 | # not under /dev/socket. |
| 10 | type_transition location location_data_file:sock_file location_socket; |
| 11 | |
| 12 | qmux_socket(location) |
| 13 | binder_use(location) |
| 14 | binder_call(location, system_server) |
| 15 | |
| 16 | allow location location_data_file:dir rw_dir_perms; |
| 17 | allow location location_data_file:fifo_file create_file_perms; |
| 18 | allow location location_data_file:file create_file_perms; |
| 19 | allow location location_exec:file execute_no_trans; |
| 20 | allow location location_socket:sock_file create_file_perms; |
| 21 | allow location self:capability { setuid setgid }; |
| 22 | allow location self:socket create_socket_perms; |
| 23 | allow location sensors:unix_stream_socket connectto; |
| 24 | allow location sensors_device:chr_file r_file_perms; |
| 25 | allow location sensors_socket:sock_file w_file_perms; |
| 26 | allow location self:netlink_socket create_socket_perms; |
| 27 | allow location system_server:unix_stream_socket { read write }; |
| 28 | |
| 29 | dontaudit location domain:dir r_dir_perms; |
| 30 | r_dir_file(location, netmgrd) |