hal_light: add permission to sys/class/leds.

/sys/class/leds is the standard location for linux files dealing with leds, however the exact contents of this directory is non-standard (hence the need for a hal). Bug: 32022100 Test: compiles and works for the subset of common files Change-Id: I7571d7267d5ed531c4cf95599d5f2acc22287ef4
2017-01-04 17:56:04 -08:00 · 2017-01-04 17:56:04 -08:00 · 62aee3b41b
commit 62aee3b41b
parent 51c00faf3d
3 changed files with 6 additions and 0 deletions
--- a/private/file_contexts
+++ b/private/file_contexts
@ -419,6 +419,7 @@
 #############################
 # sysfs files
 #
+/sys/class/leds(/.*)?                        u:object_r:sysfs_leds:s0
 /sys/devices/platform/nfc-power/nfc_power -- u:object_r:sysfs_nfc_power_writable:s0
 /sys/devices/system/cpu(/.*)?    u:object_r:sysfs_devices_system_cpu:s0
 /sys/devices/virtual/block/zram\d+(/.*)?     u:object_r:sysfs_zram:s0
--- a/public/file.te
+++ b/public/file.te
@ -32,6 +32,7 @@ type sysfs, fs_type, sysfs_type, mlstrustedobject;
 type sysfs_uio, sysfs_type, fs_type;
 type sysfs_batteryinfo, fs_type, sysfs_type;
 type sysfs_bluetooth_writable, fs_type, sysfs_type, mlstrustedobject;
+type sysfs_leds, fs_type, sysfs_type;
 type sysfs_hwrandom, fs_type, sysfs_type;
 type sysfs_nfc_power_writable, fs_type, sysfs_type, mlstrustedobject;
 type sysfs_wake_lock, fs_type, sysfs_type;
--- a/public/hal_light.te
+++ b/public/hal_light.te
@ -1,2 +1,6 @@
 # call into system_server process (callbacks)
 binder_call(hal_light, system_server)
+
+allow hal_light sysfs_leds:lnk_file read;
+allow hal_light sysfs_leds:file rw_file_perms;
+allow hal_light sysfs_leds:dir r_dir_perms;