tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

suspend: Allow access to /sys/power/wake_[un]lock

Browse source 
This is needed to prevent autosuspend when the framework is restarting
See: go/no-suspend-deadlocks

Bug: 255898234
Bug: 265513788
Bug: 266077359
Test: Check logcat for avc denials
Change-Id: I6313e28d0f2e4bc553881fcc3742dc74ca319b44
Merged-In: I6313e28d0f2e4bc553881fcc3742dc74ca319b44
This commit is contained in:
Kalesh Singh 2022-12-14 13:02:50 -08:00
parent d6b358c112
commit eb1a50003c
2 changed files with 16 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
prebuilts/api/33.0/private/system_suspend.te
View file

@ -29,6 +29,14 @@ allow system_suspend bluetooth:binder call;
allow system_suspend dumpstate:fd use;
allow system_suspend dumpstate:fifo_file write;
# Allow init to take kernel wakelock and system suspend to
# remove kenel wakelocks and the capability to access these
# files
allow init sysfs_wake_lock:file rw_file_perms;
allow init self:global_capability2_class_set block_suspend;
allow system_suspend sysfs_wake_lock:file rw_file_perms;
allow system_suspend self:global_capability2_class_set block_suspend;
neverallow {
domain
-atrace # tracing

8
private/system_suspend.te
View file

@ -29,6 +29,14 @@ allow system_suspend bluetooth:binder call;
allow system_suspend dumpstate:fd use;
allow system_suspend dumpstate:fifo_file write;
# Allow init to take kernel wakelock and system suspend to
# remove kenel wakelocks and the capability to access these
# files
allow init sysfs_wake_lock:file rw_file_perms;
allow init self:global_capability2_class_set block_suspend;
allow system_suspend sysfs_wake_lock:file rw_file_perms;
allow system_suspend self:global_capability2_class_set block_suspend;
neverallow {
domain
-atrace # tracing