Merge "Add charger_type." am: 4b326c0d3f am: 53b4269ce8 am: d0ee3b0bed

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1870071

Change-Id: I72de7ee3d6ab2fa07f8de9b7143c8ff038e5e434

private/charger.te

@@ -2,16 +2,13 @@ typeattribute charger coredomain;
 
 # charger needs to tell init to continue the boot
 # process when running in charger mode.
+# The system charger needs to be allowed to set these properties on legacy devices.
 set_prop(charger, system_prop)
 set_prop(charger, exported_system_prop)
 set_prop(charger, exported3_system_prop)
-set_prop(charger, charger_status_prop)
 
+# The system charger can read ro.charger.*
 get_prop(charger, charger_prop)
-get_prop(charger, charger_config_prop)
-
-# get minui properties
-get_prop(charger, recovery_config_prop)
 
 compatible_property_only(`
     neverallow {
@@ -21,11 +18,3 @@ compatible_property_only(`
         -charger
     } charger_prop:file no_rw_file_perms;
 ')
-
-neverallow {
-    domain
-    -init
-    -dumpstate
-    -vendor_init
-    -charger
-} { charger_config_prop charger_status_prop }:file no_rw_file_perms;

private/charger_type.te

@@ -0,0 +1,38 @@
+# charger needs to tell init to continue the boot
+# process when running in charger mode.
+set_prop(charger_type, charger_status_prop)
+get_prop(charger_type, charger_config_prop)
+
+# get minui properties
+get_prop(charger_type, recovery_config_prop)
+
+### Neverallow rules for charger properties
+
+# charger_config_prop: Only init and vendor_init is allowed to set it
+neverallow {
+    domain
+    -init
+    -vendor_init
+} charger_config_prop:property_service set;
+
+# charger_status_prop: Only init, vendor_init, charger, and hal_health_server
+# are allowed to set it
+neverallow {
+    domain
+    -init
+    -vendor_init
+    -charger
+    -hal_health_server
+} charger_status_prop:property_service set;
+
+# Both charger_config_prop and charger_status_prop:
+# Only init, vendor_init, dumpstate, charger, and hal_health_server
+# are allowed to read it
+neverallow {
+    domain
+    -init
+    -dumpstate
+    -vendor_init
+    -charger
+    -hal_health_server
+} { charger_config_prop charger_status_prop }:file no_rw_file_perms;

public/attributes

@@ -412,3 +412,10 @@ attribute gsi_metadata_file_type;
 # Types used for module-specific APEX data directories under
 # /data/{misc,misc_ce,misc_de}/apexdata.
 attribute apex_data_file_type;
+
+# Domains used for charger.
+# This is the common type for domains that executes charger's
+# functionalities, including setting and getting necessary properties,
+# permissions to maintain the health loop, writing to kernel log, handling
+# inputs and drawing screens, etc.
+attribute charger_type;

public/charger.te

@@ -1,40 +1,5 @@
-type charger, domain;
+type charger, charger_type, domain;
 type charger_exec, system_file_type, exec_type, file_type;
 
-# Write to /dev/kmsg
-allow charger kmsg_device:chr_file rw_file_perms;
-
-# Read access to pseudo filesystems.
-r_dir_file(charger, rootfs)
-r_dir_file(charger, cgroup)
-r_dir_file(charger, cgroup_v2)
-
-# Allow to read /sys/class/power_supply directory
-allow charger sysfs_type:dir r_dir_perms;
-
-allow charger self:global_capability_class_set { sys_tty_config };
-allow charger self:global_capability_class_set sys_boot;
-
-wakelock_use(charger)
-
-allow charger self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
-
-# Read/write to /sys/power/state
-allow charger sysfs_power:file rw_file_perms;
-
-r_dir_file(charger, sysfs_batteryinfo)
-
-# Read /sys/fs/pstore/console-ramoops
-# Don't worry about overly broad permissions for now, as there's
-# only one file in /sys/fs/pstore
-allow charger pstorefs:dir r_dir_perms;
-allow charger pstorefs:file r_file_perms;
-
-allow charger graphics_device:dir r_dir_perms;
-allow charger graphics_device:chr_file rw_file_perms;
-allow charger input_device:dir r_dir_perms;
-allow charger input_device:chr_file r_file_perms;
-allow charger tty_device:chr_file rw_file_perms;
-allow charger proc_sysrq:file rw_file_perms;
-
+# The system charger is a client of HIDL health HAL.
 hal_client_domain(charger, hal_health)

public/charger_type.te

@@ -0,0 +1,37 @@
+# Write to /dev/kmsg
+allow charger_type kmsg_device:chr_file rw_file_perms;
+
+# Read access to pseudo filesystems.
+r_dir_file(charger_type, rootfs)
+r_dir_file(charger_type, cgroup)
+r_dir_file(charger_type, cgroup_v2)
+
+# Allow to read /sys/class/power_supply directory
+allow charger_type sysfs_type:dir r_dir_perms;
+
+allow charger_type self:global_capability_class_set {
+    sys_boot
+    sys_tty_config
+};
+
+wakelock_use(charger_type)
+
+allow charger_type self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
+
+# Read/write to /sys/power/state
+allow charger_type sysfs_power:file rw_file_perms;
+
+r_dir_file(charger_type, sysfs_batteryinfo)
+
+# Read /sys/fs/pstore/console-ramoops
+# Don't worry about overly broad permissions for now, as there's
+# only one file in /sys/fs/pstore
+allow charger_type pstorefs:dir r_dir_perms;
+allow charger_type pstorefs:file r_file_perms;
+
+allow charger_type graphics_device:dir r_dir_perms;
+allow charger_type graphics_device:chr_file rw_file_perms;
+allow charger_type input_device:dir r_dir_perms;
+allow charger_type input_device:chr_file r_file_perms;
+allow charger_type tty_device:chr_file rw_file_perms;
+allow charger_type proc_sysrq:file rw_file_perms;