gps: refine iGNSS build system - sepolicy
Bug: 318310869
Bug: 315915958
Test: build pass, GPS works and no GPS avc denied error
Change-Id: Ib2aa778a0d0e8a51f4d6733b6a55ccf588a05079
diff --git a/gps/lsi/s5400.mk b/gps/lsi/s5400.mk
new file mode 100644
index 0000000..de676ff
--- /dev/null
+++ b/gps/lsi/s5400.mk
@@ -0,0 +1,16 @@
+BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/gps/lsi/sepolicy
+
+PRODUCT_SOONG_NAMESPACES += \
+ vendor/samsung_slsi/gps/s5400
+
+PRODUCT_PACKAGES += \
+ android.hardware.location.gps.prebuilt.xml \
+ gnssd \
+ android.hardware.gnss-service \
+ ca.pem \
+ gnss_check.sh \
+ kepler.bin
+
+ifneq (,$(filter userdebug eng, $(TARGET_BUILD_VARIANT)))
+ PRODUCT_VENDOR_PROPERTIES += vendor.gps.aol.enabled=true
+endif
diff --git a/gps/lsi/sepolicy/file.te b/gps/lsi/sepolicy/file.te
new file mode 100644
index 0000000..af9582b
--- /dev/null
+++ b/gps/lsi/sepolicy/file.te
@@ -0,0 +1 @@
+type vendor_gps_file, file_type, data_file_type;
diff --git a/gps/lsi/sepolicy/file_contexts b/gps/lsi/sepolicy/file_contexts
new file mode 100644
index 0000000..9840eab
--- /dev/null
+++ b/gps/lsi/sepolicy/file_contexts
@@ -0,0 +1,12 @@
+# GPS
+/dev/gnss_ipc u:object_r:vendor_gnss_device:s0
+/dev/gnss_boot u:object_r:vendor_gnss_device:s0
+/dev/gnss_dump u:object_r:vendor_gnss_device:s0
+/vendor/bin/hw/gnssd u:object_r:gnssd_exec:s0
+/vendor/bin/hw/sctd u:object_r:sctd_exec:s0
+/vendor/bin/hw/swcnd u:object_r:swcnd_exec:s0
+/vendor/bin/hw/spad u:object_r:spad_exec:s0
+/vendor/bin/hw/android.hardware.gnss-service u:object_r:hal_gnss_default_exec:s0
+/vendor/bin/gnss_check\.sh u:object_r:gnss_check_exec:s0
+# keep only one rule and use eGNSS one
+# /data/vendor/gps(/.*)? u:object_r:vendor_gps_file:s0
diff --git a/gps/lsi/sepolicy/gnss_check.te b/gps/lsi/sepolicy/gnss_check.te
new file mode 100644
index 0000000..31d0944
--- /dev/null
+++ b/gps/lsi/sepolicy/gnss_check.te
@@ -0,0 +1,9 @@
+type gnss_check, domain;
+type gnss_check_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(gnss_check);
+
+allow gnss_check vendor_toolbox_exec:file { execute_no_trans };
+
+set_prop(gnss_check, ctl_stop_prop);
+set_prop(gnss_check, ctl_start_prop);
diff --git a/gps/lsi/sepolicy/gnssd.te b/gps/lsi/sepolicy/gnssd.te
new file mode 100644
index 0000000..487bcbb
--- /dev/null
+++ b/gps/lsi/sepolicy/gnssd.te
@@ -0,0 +1,26 @@
+type gnssd, domain;
+type gnssd_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(gnssd);
+
+# Allow gnssd to access rild
+binder_call(gnssd, rild);
+binder_call(gnssd, hwservicemanager)
+allow gnssd hal_exynos_rild_hwservice:hwservice_manager find;
+allow gnssd radio_device:chr_file rw_file_perms;
+
+# Allow gnssd to acess gnss device
+allow gnssd vendor_gnss_device:chr_file rw_file_perms;
+allow gnssd vendor_gps_file:dir create_dir_perms;
+allow gnssd vendor_gps_file:file create_file_perms;
+allow gnssd vendor_gps_file:fifo_file create_file_perms;
+
+# Allow gnssd to obtain wakelock
+wakelock_use(gnssd)
+
+# Allow a base set of permissions required for network access.
+net_domain(gnssd);
+
+# Allow gnssd to get boot complete
+get_prop(gnssd, bootanim_system_prop)
+
+allow gnssd sysfs_soc:file r_file_perms;
diff --git a/gps/lsi/sepolicy/hal_gnss_default.te b/gps/lsi/sepolicy/hal_gnss_default.te
new file mode 100644
index 0000000..515a923
--- /dev/null
+++ b/gps/lsi/sepolicy/hal_gnss_default.te
@@ -0,0 +1,9 @@
+allow hal_gnss_default fwk_sensor_service:service_manager find;
+allow hal_gnss_default gnssd:unix_stream_socket connectto;
+allow hal_gnss_default vendor_gps_file:dir create_dir_perms;
+allow hal_gnss_default vendor_gps_file:file create_file_perms;
+allow hal_gnss_default vendor_gps_file:fifo_file create_file_perms;
+binder_call(hal_gnss_default, gnssd);
+
+#Read GPS property
+get_prop(hal_gnss_default, vendor_gps_prop)
diff --git a/gps/lsi/sepolicy/rild.te b/gps/lsi/sepolicy/rild.te
new file mode 100644
index 0000000..c620a19
--- /dev/null
+++ b/gps/lsi/sepolicy/rild.te
@@ -0,0 +1 @@
+binder_call(rild, gnssd)
diff --git a/gps/lsi/sepolicy/sctd.te b/gps/lsi/sepolicy/sctd.te
new file mode 100644
index 0000000..8966ef8
--- /dev/null
+++ b/gps/lsi/sepolicy/sctd.te
@@ -0,0 +1,3 @@
+type sctd, domain;
+type sctd_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(sctd);
diff --git a/gps/lsi/sepolicy/spad.te b/gps/lsi/sepolicy/spad.te
new file mode 100644
index 0000000..eaf8b1c
--- /dev/null
+++ b/gps/lsi/sepolicy/spad.te
@@ -0,0 +1,3 @@
+type spad, domain;
+type spad_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(spad);
diff --git a/gps/lsi/sepolicy/swcnd.te b/gps/lsi/sepolicy/swcnd.te
new file mode 100644
index 0000000..c366cad
--- /dev/null
+++ b/gps/lsi/sepolicy/swcnd.te
@@ -0,0 +1,3 @@
+type swcnd, domain;
+type swcnd_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(swcnd);
diff --git a/gps/lsi/sepolicy/vendor_init.te b/gps/lsi/sepolicy/vendor_init.te
new file mode 100644
index 0000000..c8d637d
--- /dev/null
+++ b/gps/lsi/sepolicy/vendor_init.te
@@ -0,0 +1,2 @@
+# gps vendor property
+set_prop(vendor_init, vendor_gps_prop)