vndbinder_use(hal_gnss_default) binder_call(hal_gnss_default, per_mgr); allow hal_gnss_default per_mgr_service:service_manager find; typeattribute hal_gnss_default data_between_core_and_vendor_violators; allow hal_gnss_default location_data_file:dir { search write }; allow hal_gnss_default location_data_file:fifo_file create_file_perms; allow hal_gnss_default location:unix_stream_socket connectto; allow hal_gnss_default location_data_file:dir rw_dir_perms; allow hal_gnss_default location_data_file:sock_file write; # for SUPL/911 related compliance cases allow hal_gnss_default netmgrd:unix_stream_socket connectto; allow hal_gnss_default netmgrd_socket:dir search; allow hal_gnss_default netmgrd_socket:sock_file write; allow hal_gnss_default self:netlink_route_socket { bind create nlmsg_read read write }; # Most HALs are not allowed to use network sockets. Qcom library # libqdi is used across multiple processes which are clients of # netmgrd including the GNSS HAL. libqdi first attempts to get the network # interface using an IOCTL on a UDP INET socket, which isn't allowed here. # If that fails, it falls back to using libc's if_nameindex() which requires # a netlink route socket, which HALs may use. Due to the initial # attempt to use a UDP socket, we still see a selinux denial, # but it is safe to ignore. # TODO (b/37730994) Remove udp_socket requirement from # libqdi and have all its clients use netlink route # sockets. dontaudit hal_gnss_default self:udp_socket create;