xiaomi-unicorn1/android_device_qcom_sepolicy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Moving location sockets from /data to /dev

Browse Source 
Keeping sockets in /data/vendor/location prevents
unmounting of /data partition after build load
CRs-Fixed: 2175510
Change-Id: I5b4b7a2cdc07a042795f0950725ce2d9c3518cf3
This commit is contained in:
Dante Russo
2018-02-14 15:43:59 -08:00
parent 486aa76037
commit 9a6a2b8090
4 changed files with 12 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
vendor/common/file.te vendored
View File

@@ -50,6 +50,7 @@ type ipacm_socket, file_type;
type cnd_socket, file_type;
type chre_socket, file_type;
type hal_bootctl_socket, file_type;
type location_socket, file_type;
type firmware_file, fs_type, contextmount_type;

1
vendor/common/file_contexts vendored
View File

@@ -55,6 +55,7 @@
/dev/socket/thermal-recv-client u:object_r:thermal_socket:s0
/dev/socket/thermal-recv-passive-client u:object_r:thermal_socket:s0
/dev/socket/netmgr(/.*)? u:object_r:netmgrd_socket:s0
/dev/socket/location(/.*)? u:object_r:location_socket:s0
/dev/nq-nci u:object_r:nfc_device:s0
/dev/ttyHS0 u:object_r:hci_attach_dev:s0
/dev/wlan u:object_r:wlan_device:s0

6
vendor/common/hal_gnss_qti.te vendored
View File

@@ -17,7 +17,11 @@ allow hal_gnss_qti per_mgr_service:service_manager find;
# /data/vendor/location
allow hal_gnss_qti location_data_file:fifo_file { open read setattr write };
allow hal_gnss_qti location_data_file:dir create_dir_perms;
allow hal_gnss_qti location_data_file:sock_file write;
allow hal_gnss_qti location_data_file:file create_file_perms;
# /dev/socket/location
allow hal_gnss_qti location_socket:sock_file create_file_perms;
allow hal_gnss_qti location_socket:dir rw_dir_perms;
allow hal_gnss_qti location:unix_stream_socket connectto;
allow hal_gnss_qti location:unix_dgram_socket sendto;

6
vendor/common/location.te vendored
View File

@@ -38,7 +38,11 @@ allow location location_exec:file rx_file_perms;
# /data/vendor/location
allow location location_data_file:dir create_dir_perms;
allow location location_data_file:{ file sock_file } create_file_perms;
allow location location_data_file:file create_file_perms;
# /dev/socket/location
allow location location_socket:sock_file create_file_perms;
allow location location_socket:dir rw_dir_perms;
userdebug_or_eng(`
allow location diag_device:chr_file rw_file_perms;