Add sepolicy for suspend.debug.wakestats_log.enabled
Add initial sepolicy for suspend.debug.wakestats_log.enabled Allow set from init Allow read by system suspend Bug: 301657457 Test: manual Change-Id: I1123e169d69eadb909ed474c0c246a8a45eab2f0 Signed-off-by: Radu Solea <radusolea@google.com>
This commit is contained in:
Radu Solea
parent
245f91399e
commit
82db343e27
3 changed files with 27 additions and 0 deletions
|
|
@ -61,6 +61,7 @@ system_internal_prop(hypervisor_pvmfw_prop)
|
||||||
system_internal_prop(hypervisor_virtualizationmanager_prop)
|
system_internal_prop(hypervisor_virtualizationmanager_prop)
|
||||||
system_internal_prop(game_manager_config_prop)
|
system_internal_prop(game_manager_config_prop)
|
||||||
system_internal_prop(hidl_memory_prop)
|
system_internal_prop(hidl_memory_prop)
|
||||||
|
system_internal_prop(suspend_debug_prop)
|
||||||
|
|
||||||
# Properties which can't be written outside system
|
# Properties which can't be written outside system
|
||||||
system_restricted_prop(device_config_virtualization_framework_native_prop)
|
system_restricted_prop(device_config_virtualization_framework_native_prop)
|
||||||
|
|
@ -342,8 +343,26 @@ compatible_property_only(`
|
||||||
} {
|
} {
|
||||||
suspend_prop
|
suspend_prop
|
||||||
}:property_service set;
|
}:property_service set;
|
||||||
|
|
||||||
|
neverallow {
|
||||||
|
domain
|
||||||
|
-init
|
||||||
|
} {
|
||||||
|
suspend_debug_prop
|
||||||
|
}:property_service set;
|
||||||
|
|
||||||
|
neverallow {
|
||||||
|
domain
|
||||||
|
-init
|
||||||
|
-dumpstate
|
||||||
|
userdebug_or_eng(`-system_suspend')
|
||||||
|
} {
|
||||||
|
suspend_debug_prop
|
||||||
|
}:file no_rw_file_perms;
|
||||||
')
|
')
|
||||||
|
|
||||||
|
dontaudit system_suspend suspend_debug_prop:file r_file_perms;
|
||||||
|
|
||||||
compatible_property_only(`
|
compatible_property_only(`
|
||||||
# Neverallow coredomain to set vendor properties
|
# Neverallow coredomain to set vendor properties
|
||||||
neverallow {
|
neverallow {
|
||||||
|
|
|
||||||
|
|
@ -119,6 +119,9 @@ suspend.failed_suspend_backoff_enabled u:object_r:suspend_prop:s0 exact bool
|
||||||
suspend.short_suspend_backoff_enabled u:object_r:suspend_prop:s0 exact bool
|
suspend.short_suspend_backoff_enabled u:object_r:suspend_prop:s0 exact bool
|
||||||
suspend.disable_sync_on_suspend u:object_r:suspend_prop:s0 exact bool
|
suspend.disable_sync_on_suspend u:object_r:suspend_prop:s0 exact bool
|
||||||
|
|
||||||
|
# Suspend service debug properties
|
||||||
|
suspend.debug.wakestats_log.enabled u:object_r:suspend_debug_prop:s0 exact bool
|
||||||
|
|
||||||
# Fastbootd protocol control property
|
# Fastbootd protocol control property
|
||||||
fastbootd.protocol u:object_r:fastbootd_protocol_prop:s0 exact enum usb tcp
|
fastbootd.protocol u:object_r:fastbootd_protocol_prop:s0 exact enum usb tcp
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -22,6 +22,11 @@ allow system_suspend sysfs_type:dir search;
|
||||||
# Access to suspend_hal system properties
|
# Access to suspend_hal system properties
|
||||||
get_prop(system_suspend, suspend_prop)
|
get_prop(system_suspend, suspend_prop)
|
||||||
|
|
||||||
|
# Access to system_suspend debug system properties
|
||||||
|
userdebug_or_eng(`
|
||||||
|
get_prop(system_suspend, suspend_debug_prop)
|
||||||
|
')
|
||||||
|
|
||||||
# To call BTAA registered callbacks
|
# To call BTAA registered callbacks
|
||||||
allow system_suspend bluetooth:binder call;
|
allow system_suspend bluetooth:binder call;
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue