1 files changed, 21 insertions, 9 deletions

diff --git a/selinux/gpsd.te b/selinux/gpsd.te
index 8eca21c..a65f3da 100644
--- a/selinux/gpsd.te
+++ b/selinux/gpsd.te
@@ -1,9 +1,21 @@
-allow gpsd self:process execmem;
-allow gpsd rild:unix_stream_socket connectto;
-allow gpsd system_data_file:fifo_file { create read write setattr open };
-allow gpsd servicemanager:binder call;
-allow gpsd sysfs_wake_lock:file { read write open };
-allow gpsd system_data_file:file { read open };
-allow gpsd system_data_file:dir { read write setattr open add_name };
-allow gpsd system_server:binder call;
-allow gpsd system_server:unix_stream_socket { read write };
+type glgps, domain;
+type glgps_exec, exec_type, file_type;
+
+init_daemon_domain(glgps)
+
+allow glgps shell_exec:file { rx_file_perms entrypoint };
+
+#for text relocs & execution
+allow glgps system_file:file { execute_no_trans execmod };
+allow glgps gps_device:chr_file { getattr setattr };
+allow glgps gps_data_file:dir { search write add_name remove_name };
+allow glgps gps_data_file:file { create rw_file_perms };
+allow glgps gps_data_file:fifo_file { unlink create setattr getattr rw_file_perms };
+
+allow glgps node:udp_socket { node_bind name_bind };
+
+allow glgps sysfs:file { setattr write };
+allow glgps gps_device:chr_file { ioctl open read write };
+allow glgps glgps:udp_socket { create bind };
+allow glgps dnsproxyd_socket:sock_file write;
+allow glgps netd:unix_stream_socket connectto;