# loc_launcher service
type location, domain, domain_deprecated;
type location_exec, exec_type, file_type;

init_daemon_domain(location)

binder_use(location)
binder_call(location, per_mgr)
binder_call(location, system_server)

qmux_socket(location)
allow location system_server:unix_stream_socket { read write };

allow location location_data_file:dir rw_dir_perms;
allow location location_data_file:file create_file_perms;
allow location location_data_file:sock_file create_file_perms;
allow location location_exec:file x_file_perms;
allow location self:{
    socket
    netlink_socket
    netlink_route_socket
    udp_socket
} create_socket_perms;

# create location socket location-mq-s
allow location location_data_file:sock_file { create setattr unlink };

# daemon starts as root to obtain all DAC capabilities
# TODO start as gps user and use filesystem-config to give
# proper DAC capabilities.
allow location self:capability { setuid setgid net_admin net_raw };

# execute /system/bin/lowi-server and /vendor/bin/slim_daemon
allow location location_exec:file rx_file_perms;

# slim_daemon receives data from Loc_hal_worker
allow location self:socket create_socket_perms;

allow location sensorservice_service:service_manager find;

# subsystem ramdump for debug builds
userdebug_or_eng(`
    allow location sysfs_ssr:dir r_dir_perms;
    allow location sysfs_ssr:lnk_file read;
')