Add sepolicy for suspend.debug.wakestats_log.enabled
Add initial sepolicy for suspend.debug.wakestats_log.enabled Allow set from init Allow read by system suspend Bug: 301657457 Test: manual Change-Id: I1123e169d69eadb909ed474c0c246a8a45eab2f0 Signed-off-by: Radu Solea <radusolea@google.com>
This commit is contained in:
Radu Solea
parent
245f91399e
commit
82db343e27
3 changed files with 27 additions and 0 deletions
|
|
@ -61,6 +61,7 @@ system_internal_prop(hypervisor_pvmfw_prop)
|
|||
system_internal_prop(hypervisor_virtualizationmanager_prop)
|
||||
system_internal_prop(game_manager_config_prop)
|
||||
system_internal_prop(hidl_memory_prop)
|
||||
system_internal_prop(suspend_debug_prop)
|
||||
|
||||
# Properties which can't be written outside system
|
||||
system_restricted_prop(device_config_virtualization_framework_native_prop)
|
||||
|
|
@ -342,8 +343,26 @@ compatible_property_only(`
|
|||
} {
|
||||
suspend_prop
|
||||
}:property_service set;
|
||||
|
||||
neverallow {
|
||||
domain
|
||||
-init
|
||||
} {
|
||||
suspend_debug_prop
|
||||
}:property_service set;
|
||||
|
||||
neverallow {
|
||||
domain
|
||||
-init
|
||||
-dumpstate
|
||||
userdebug_or_eng(`-system_suspend')
|
||||
} {
|
||||
suspend_debug_prop
|
||||
}:file no_rw_file_perms;
|
||||
')
|
||||
|
||||
dontaudit system_suspend suspend_debug_prop:file r_file_perms;
|
||||
|
||||
compatible_property_only(`
|
||||
# Neverallow coredomain to set vendor properties
|
||||
neverallow {
|
||||
|
|
|
|||
|
|
@ -119,6 +119,9 @@ suspend.failed_suspend_backoff_enabled u:object_r:suspend_prop:s0 exact bool
|
|||
suspend.short_suspend_backoff_enabled u:object_r:suspend_prop:s0 exact bool
|
||||
suspend.disable_sync_on_suspend u:object_r:suspend_prop:s0 exact bool
|
||||
|
||||
# Suspend service debug properties
|
||||
suspend.debug.wakestats_log.enabled u:object_r:suspend_debug_prop:s0 exact bool
|
||||
|
||||
# Fastbootd protocol control property
|
||||
fastbootd.protocol u:object_r:fastbootd_protocol_prop:s0 exact enum usb tcp
|
||||
|
||||
|
|
|
|||
|
|
@ -22,6 +22,11 @@ allow system_suspend sysfs_type:dir search;
|
|||
# Access to suspend_hal system properties
|
||||
get_prop(system_suspend, suspend_prop)
|
||||
|
||||
# Access to system_suspend debug system properties
|
||||
userdebug_or_eng(`
|
||||
get_prop(system_suspend, suspend_debug_prop)
|
||||
')
|
||||
|
||||
# To call BTAA registered callbacks
|
||||
allow system_suspend bluetooth:binder call;
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue