am 8599e34b: Introduce wakelock_use()

* commit '8599e34b95705638034b798c56bc2cc8bb2e6372':
  Introduce wakelock_use()
This commit is contained in:
Nick Kralevich 2014-05-27 15:05:41 +00:00 committed by Android Git Automerger
commit c3e27bdac1
5 changed files with 14 additions and 8 deletions

View file

@ -9,7 +9,7 @@ write_klog(healthd)
allow healthd tmpfs:chr_file { read write };
allow healthd self:capability { net_admin mknod sys_tty_config };
allow healthd self:capability2 block_suspend;
wakelock_use(healthd)
allow healthd self:netlink_kobject_uevent_socket create_socket_perms;
binder_use(healthd)
binder_service(healthd)

View file

@ -39,6 +39,6 @@ allow rild self:netlink_socket create_socket_perms;
allow rild self:netlink_kobject_uevent_socket create_socket_perms;
# Access to wake locks
allow rild sysfs_wake_lock:file rw_file_perms;
wakelock_use(rild)
allow rild self:socket create_socket_perms;

View file

@ -53,7 +53,7 @@ allow system_server self:capability {
sys_tty_config
};
allow system_server self:capability2 block_suspend;
wakelock_use(system_server)
# Triggered by /proc/pid accesses, not allowed.
dontaudit system_server self:capability sys_ptrace;
@ -316,9 +316,6 @@ allow system_server sensors_device:chr_file rw_file_perms;
# Read from HW RNG (needed by EntropyMixer).
allow system_server hw_random_device:chr_file r_file_perms;
# Access to wake locks
allow system_server sysfs_wake_lock:file rw_file_perms;
# Read and delete files under /dev/fscklogs.
r_dir_file(system_server, fscklogs)
allow system_server fscklogs:dir { write remove_name };

View file

@ -173,6 +173,16 @@ define(`binder_service', `
typeattribute $1 binderservicedomain;
')
#####################################
# wakelock_use(domain)
# Allow domain to manage wake locks
define(`wakelock_use', `
# Access /sys/power/wake_lock and /sys/power/wake_unlock
allow $1 sysfs_wake_lock:file rw_file_perms;
# Accessing these files requires CAP_BLOCK_SUSPEND
allow $1 self:capability2 block_suspend;
')
#####################################
# selinux_check_access(domain)
# Allow domain to check SELinux permissions via selinuxfs.

View file

@ -77,8 +77,7 @@ allow vold asec_apk_file:file { r_file_perms setattr relabelfrom };
allow vold asec_public_file:file { relabelto setattr };
# Handle wake locks (used for device encryption)
allow vold sysfs_wake_lock:file rw_file_perms;
allow vold self:capability2 block_suspend;
wakelock_use(vold)
# talk to batteryservice
binder_use(vold)