From e7040eada090a3803bad476058364e0adf3d5796 Mon Sep 17 00:00:00 2001
From: Benjamin Schwartz <bsschwar@google.com>
Date: Mon, 10 Dec 2018 14:59:57 -0800
Subject: [PATCH] Add power.stats HAL 1.0 sepolicy

Also giving statsd permission to access it. This change copies the internal sepolicy to AOSP.

Bug: 111185513
Bug: 120551881
Test: make
Change-Id: I7e0386777e05580299caf9b97cb7804459f1a9d0
---
 private/app_neverallows.te          | 1 +
 private/compat/28.0/28.0.ignore.cil | 1 +
 private/hwservice_contexts          | 1 +
 private/system_server.te            | 1 +
 public/attributes                   | 1 +
 public/hal_power_stats.te           | 5 +++++
 public/hwservice.te                 | 1 +
 public/statsd.te                    | 1 +
 vendor/file_contexts                | 1 +
 vendor/hal_power_stats_default.te   | 5 +++++
 10 files changed, 18 insertions(+)
 create mode 100644 public/hal_power_stats.te
 create mode 100644 vendor/hal_power_stats_default.te

diff --git a/private/app_neverallows.te b/private/app_neverallows.te
index 16ae1a074..7e14dd42d 100644
--- a/private/app_neverallows.te
+++ b/private/app_neverallows.te
@@ -263,6 +263,7 @@ neverallow all_untrusted_apps {
   hal_nfc_hwservice
   hal_oemlock_hwservice
   hal_power_hwservice
+  hal_power_stats_hwservice
   hal_secure_element_hwservice
   hal_sensors_hwservice
   hal_telephony_hwservice
diff --git a/private/compat/28.0/28.0.ignore.cil b/private/compat/28.0/28.0.ignore.cil
index d85285354..edfbee1b9 100644
--- a/private/compat/28.0/28.0.ignore.cil
+++ b/private/compat/28.0/28.0.ignore.cil
@@ -33,6 +33,7 @@
     color_display_service
     hal_atrace_hwservice
     hal_health_storage_hwservice
+    hal_power_stats_hwservice
     hal_system_suspend_default
     hal_system_suspend_default_exec
     hal_system_suspend_default_tmpfs
diff --git a/private/hwservice_contexts b/private/hwservice_contexts
index 973399426..f64eccd0b 100644
--- a/private/hwservice_contexts
+++ b/private/hwservice_contexts
@@ -43,6 +43,7 @@ android.hardware.neuralnetworks::IDevice                        u:object_r:hal_n
 android.hardware.nfc::INfc                                      u:object_r:hal_nfc_hwservice:s0
 android.hardware.oemlock::IOemLock                              u:object_r:hal_oemlock_hwservice:s0
 android.hardware.power::IPower                                  u:object_r:hal_power_hwservice:s0
+android.hardware.power.stats::IPowerStats                       u:object_r:hal_power_stats_hwservice:s0
 android.hardware.radio.config::IRadioConfig                     u:object_r:hal_telephony_hwservice:s0
 android.hardware.radio.deprecated::IOemHook                     u:object_r:hal_telephony_hwservice:s0
 android.hardware.radio::IRadio                                  u:object_r:hal_telephony_hwservice:s0
diff --git a/private/system_server.te b/private/system_server.te
index 3806d2394..ed864f589 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -216,6 +216,7 @@ hal_client_domain(system_server, hal_neuralnetworks)
 hal_client_domain(system_server, hal_oemlock)
 hal_client_domain(system_server, hal_omx)
 hal_client_domain(system_server, hal_power)
+hal_client_domain(system_server, hal_power_stats)
 hal_client_domain(system_server, hal_sensors)
 hal_client_domain(system_server, hal_system_suspend)
 hal_client_domain(system_server, hal_tetheroffload)
diff --git a/public/attributes b/public/attributes
index 6453d7be2..37c2b94c0 100644
--- a/public/attributes
+++ b/public/attributes
@@ -275,6 +275,7 @@ hal_attribute(nfc);
 hal_attribute(oemlock);
 hal_attribute(omx);
 hal_attribute(power);
+hal_attribute(power_stats);
 hal_attribute(secure_element);
 hal_attribute(sensors);
 hal_attribute(system_suspend);
diff --git a/public/hal_power_stats.te b/public/hal_power_stats.te
new file mode 100644
index 000000000..2c04008bd
--- /dev/null
+++ b/public/hal_power_stats.te
@@ -0,0 +1,5 @@
+# HwBinder IPC from client to server, and callbacks
+binder_call(hal_power_stats_client, hal_power_stats_server)
+binder_call(hal_power_stats_server, hal_power_stats_client)
+
+hal_attribute_hwservice(hal_power_stats, hal_power_stats_hwservice)
diff --git a/public/hwservice.te b/public/hwservice.te
index 8ded06b43..fa838628b 100644
--- a/public/hwservice.te
+++ b/public/hwservice.te
@@ -38,6 +38,7 @@ type hal_nfc_hwservice, hwservice_manager_type;
 type hal_oemlock_hwservice, hwservice_manager_type;
 type hal_omx_hwservice, hwservice_manager_type;
 type hal_power_hwservice, hwservice_manager_type;
+type hal_power_stats_hwservice, hwservice_manager_type;
 type hal_renderscript_hwservice, hwservice_manager_type, same_process_hwservice;
 type hal_secure_element_hwservice, hwservice_manager_type;
 type hal_sensors_hwservice, hwservice_manager_type;
diff --git a/public/statsd.te b/public/statsd.te
index 603ee140e..100686766 100644
--- a/public/statsd.te
+++ b/public/statsd.te
@@ -60,6 +60,7 @@ allow statsd dumpstate:fifo_file { getattr write };
 allow statsd proc_uid_cputime_showstat:file { getattr open read };
 hal_client_domain(statsd, hal_health)
 hal_client_domain(statsd, hal_power)
+hal_client_domain(statsd, hal_power_stats)
 hal_client_domain(statsd, hal_thermal)
 
 # Allow 'adb shell cmd' to upload configs and download output.
diff --git a/vendor/file_contexts b/vendor/file_contexts
index 44198cc42..58a42e054 100644
--- a/vendor/file_contexts
+++ b/vendor/file_contexts
@@ -38,6 +38,7 @@
 /(vendor|system/vendor)/bin/hw/android\.hardware\.nfc@1\.1-service            u:object_r:hal_nfc_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.media\.omx@1\.0-service            u:object_r:mediacodec_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.power@1\.0-service          u:object_r:hal_power_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.power\.stats@1\.0-service   u:object_r:hal_power_stats_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.radio\.config@1\.0-service  u:object_r:hal_radio_config_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.radio@1\.2-radio-service    u:object_r:hal_radio_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.radio@1\.2-sap-service    u:object_r:hal_radio_default_exec:s0
diff --git a/vendor/hal_power_stats_default.te b/vendor/hal_power_stats_default.te
new file mode 100644
index 000000000..b7a2c023a
--- /dev/null
+++ b/vendor/hal_power_stats_default.te
@@ -0,0 +1,5 @@
+type hal_power_stats_default, domain;
+hal_server_domain(hal_power_stats_default, hal_power_stats)
+
+type hal_power_stats_default_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(hal_power_stats_default)