am 8599e34b
: Introduce wakelock_use()
* commit '8599e34b95705638034b798c56bc2cc8bb2e6372': Introduce wakelock_use()
This commit is contained in:
commit
c3e27bdac1
5 changed files with 14 additions and 8 deletions
|
@ -9,7 +9,7 @@ write_klog(healthd)
|
|||
allow healthd tmpfs:chr_file { read write };
|
||||
|
||||
allow healthd self:capability { net_admin mknod sys_tty_config };
|
||||
allow healthd self:capability2 block_suspend;
|
||||
wakelock_use(healthd)
|
||||
allow healthd self:netlink_kobject_uevent_socket create_socket_perms;
|
||||
binder_use(healthd)
|
||||
binder_service(healthd)
|
||||
|
|
2
rild.te
2
rild.te
|
@ -39,6 +39,6 @@ allow rild self:netlink_socket create_socket_perms;
|
|||
allow rild self:netlink_kobject_uevent_socket create_socket_perms;
|
||||
|
||||
# Access to wake locks
|
||||
allow rild sysfs_wake_lock:file rw_file_perms;
|
||||
wakelock_use(rild)
|
||||
|
||||
allow rild self:socket create_socket_perms;
|
||||
|
|
|
@ -53,7 +53,7 @@ allow system_server self:capability {
|
|||
sys_tty_config
|
||||
};
|
||||
|
||||
allow system_server self:capability2 block_suspend;
|
||||
wakelock_use(system_server)
|
||||
|
||||
# Triggered by /proc/pid accesses, not allowed.
|
||||
dontaudit system_server self:capability sys_ptrace;
|
||||
|
@ -316,9 +316,6 @@ allow system_server sensors_device:chr_file rw_file_perms;
|
|||
# Read from HW RNG (needed by EntropyMixer).
|
||||
allow system_server hw_random_device:chr_file r_file_perms;
|
||||
|
||||
# Access to wake locks
|
||||
allow system_server sysfs_wake_lock:file rw_file_perms;
|
||||
|
||||
# Read and delete files under /dev/fscklogs.
|
||||
r_dir_file(system_server, fscklogs)
|
||||
allow system_server fscklogs:dir { write remove_name };
|
||||
|
|
10
te_macros
10
te_macros
|
@ -173,6 +173,16 @@ define(`binder_service', `
|
|||
typeattribute $1 binderservicedomain;
|
||||
')
|
||||
|
||||
#####################################
|
||||
# wakelock_use(domain)
|
||||
# Allow domain to manage wake locks
|
||||
define(`wakelock_use', `
|
||||
# Access /sys/power/wake_lock and /sys/power/wake_unlock
|
||||
allow $1 sysfs_wake_lock:file rw_file_perms;
|
||||
# Accessing these files requires CAP_BLOCK_SUSPEND
|
||||
allow $1 self:capability2 block_suspend;
|
||||
')
|
||||
|
||||
#####################################
|
||||
# selinux_check_access(domain)
|
||||
# Allow domain to check SELinux permissions via selinuxfs.
|
||||
|
|
3
vold.te
3
vold.te
|
@ -77,8 +77,7 @@ allow vold asec_apk_file:file { r_file_perms setattr relabelfrom };
|
|||
allow vold asec_public_file:file { relabelto setattr };
|
||||
|
||||
# Handle wake locks (used for device encryption)
|
||||
allow vold sysfs_wake_lock:file rw_file_perms;
|
||||
allow vold self:capability2 block_suspend;
|
||||
wakelock_use(vold)
|
||||
|
||||
# talk to batteryservice
|
||||
binder_use(vold)
|
||||
|
|
Loading…
Reference in a new issue