1# location - Location daemon 2type location, domain; 3type location_exec, exec_type, vendor_file_type, file_type; 4 5init_daemon_domain(location) 6hwbinder_use(location) 7 8allow location self:capability setgid; 9 10# files in /sys 11r_dir_file(location, sysfs_soc) 12r_dir_file(location, sysfs_esoc) 13r_dir_file(location, sysfs_msm_subsys) 14r_dir_file(location, sysfs_ssr) 15dontaudit location sysfs_faceauth:dir r_dir_perms; 16dontaudit location sysfs_faceauth:file r_file_perms; 17 18# Execute /vendor/bin/lowi-server 19allow location location_exec:file rx_file_perms; 20 21# Enable standard network access (for XTRA download) 22net_domain(location) 23 24# And some additional network access 25allow location self:netlink_route_socket read; 26allow location self:{ 27 netlink_generic_socket 28 qipcrtr_socket 29 tcp_socket 30} create_socket_perms_no_ioctl; 31allow location self:udp_socket create_socket_perms; 32allowxperm location self:udp_socket ioctl { SIOCGIFINDEX SIOCGIFHWADDR SIOCIWFIRSTPRIV_05 }; 33 34# /data/vendor/location 35allow location location_data_file:dir create_dir_perms; 36allow location location_data_file:file create_file_perms; 37 38# /data/vendor/wifi 39allow location wifi_vendor_data_file:dir search; 40 41# /data/vendor/wifi/wpa 42allow location wpa_data_file:dir rw_dir_perms; 43allow location wpa_data_file:sock_file create_file_perms; 44allow location hal_wifi_supplicant_default:unix_dgram_socket sendto; 45 46# /dev/socket/wifihal 47allow location wifihal_socket:dir search; 48unix_socket_send(location, wifihal, hal_wifi_default); 49unix_socket_send(location, wifihal, hal_wifi_ext); 50 51# /dev/socket/location 52allow location location_socket:sock_file create_file_perms; 53allow location location_socket:dir w_dir_perms; 54 55allow location hal_gnss_qti:unix_dgram_socket sendto; 56 57allow location hal_datafactory_hwservice:hwservice_manager find; 58get_prop(location, hwservicemanager_prop) 59allow location hal_cacert_hwservice:hwservice_manager find; 60get_prop(location, cnd_vendor_prop) 61binder_call(location, cnd) 62 63userdebug_or_eng(` 64 allow location diag_device:chr_file rw_file_perms; 65') 66 67