sepolicy: qcom: Don't audit hal_gnss_qti reading xtra-daemon control property
Silences the following SELinux denial:
[ 13.227324] type=1400 audit(1696156342.168:13): avc: denied { read } for comm="Loc_hal_worker" name="u:object_r:xtra_control_prop:s0" dev="tmpfs" ino=15652 scontext=u:r:hal_gnss_qti:s0 tcontext=u:object_r:xtra_control_prop:s0 tclass=file permissive=0
Reason for silence instead of allow: Refer to comments on https://review.lineageos.org/c/LineageOS/android_device_lineage_sepolicy/+/367498
Change-Id: I13bae97a1d555c4c489f4856f554c1d04f29ebd0
diff --git a/qcom/sepolicy.mk b/qcom/sepolicy.mk
index 44cb2fc..0398957 100644
--- a/qcom/sepolicy.mk
+++ b/qcom/sepolicy.mk
@@ -25,6 +25,7 @@
ifeq (,$(filter msm8937 msm8953 msm8996 msm8998 sdm660 sdm710 sdm845, $(TARGET_BOARD_PLATFORM)))
BOARD_SEPOLICY_M4DEFS += \
display_vendor_data_file=vendor_display_vendor_data_file \
+ hal_gnss_qti=vendor_hal_gnss_qti \
hal_keymaster_qti_exec=vendor_hal_keymaster_qti_exec \
hal_perf_default=vendor_hal_perf_default \
location_domain=vendor_location \
diff --git a/qcom/vendor/hal_gnss_qti.te b/qcom/vendor/hal_gnss_qti.te
new file mode 100644
index 0000000..1b9e615
--- /dev/null
+++ b/qcom/vendor/hal_gnss_qti.te
@@ -0,0 +1,2 @@
+# xtra-daemon control
+dontaudit hal_gnss_qti xtra_control_prop:file read;