Allow gpsd use /dev/gnss devices

The gpsd service currently has permissions to use generic serial and USB
devices. The same permissions are needed when the dedicated GNSS driver
is used as the service does not distinguish where the GNSS receiver is
connected and therefore which driver is providing the access.
Multiple ioctls can be used by gpsd on the device,
e.g. TCSETS, TCFLSH, TCGETS, TIOCEXCL, TIOCSETD.

With the 1e668a5 ("Label /dev/gnss[0-9] with gnss_device_t") commit,
a specific label was assigned to the GNSS device nodes, but no domain
was allowed to actually use it.

Resolves: RHEL-16676

policy/modules/contrib/gpsd.te

@@ -63,6 +63,8 @@ corenet_sendrecv_gpsd_server_packets(gpsd_t)
 corenet_tcp_bind_gpsd_port(gpsd_t)
 corenet_tcp_sendrecv_gpsd_port(gpsd_t)
 
+dev_rw_gnss(gpsd_t)
+dev_setattr_gnss(gpsd_t)
 dev_read_sysfs(gpsd_t)
 dev_rw_realtime_clock(gpsd_t)
 

policy/modules/kernel/devices.if

@@ -6646,6 +6646,42 @@ interface(`dev_read_vsock',`
 	read_chr_files_pattern($1, device_t, vsock_device_t)
 ')
 
+########################################
+## <summary>
+##	Allow read/write the gnss device
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`dev_rw_gnss',`
+	gen_require(`
+		type device_t, gnss_device_t;
+	')
+
+	rw_chr_files_pattern($1, device_t, gnss_device_t)
+')
+
+########################################
+## <summary>
+##	Allow setattr the gnss device
+## </summary>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`dev_setattr_gnss',`
+	gen_require(`
+		type device_t, gnss_device_t;
+	')
+
+	setattr_chr_files_pattern($1, device_t, gnss_device_t)
+')
+
 ########################################
 ## <summary>
 ##	Create all named devices with the correct label