Healthd has an optional "charger" mode. The device boots into a
minimally running mode, and healthd displays the battery indicator.
Without this patch, when a manta device boots into charger mode,
the screen will never turn off and the battery indicator will not move.
From reviewing the healthd code, it looks like this may affect lots
of devices, not just manta. I'm adding this change to the generic
policy.
Steps to reproduce:
1) Make sure the device is unplugged.
2) Boot into a normal system.
3) Shutdown the system normally using the power button.
4) After shutdown, plugin the power cord.
5) Device will boot into charger mode. Battery icon will display.
6) Press the button to reboot into a normal mode.
7) Examine /proc/last_kmsg and look for denials.
Addresses the following denials:
[ 3.908457] type=1400 audit(1390866386.620:3): avc: denied { read write } for pid=98 comm="charger" name="fb0" dev="tmpfs" ino=4286 scontext=u:r:healthd:s0 tcontext=u:object_r:graphics_device:s0 tclass=chr_file
[ 3.909085] type=1400 audit(1390866386.620:4): avc: denied { open } for pid=98 comm="charger" name="fb0" dev="tmpfs" ino=4286 scontext=u:r:healthd:s0 tcontext=u:object_r:graphics_device:s0 tclass=chr_file
[ 3.909749] type=1400 audit(1390866386.620:5): avc: denied { ioctl } for pid=98 comm="charger" path="/dev/graphics/fb0" dev="tmpfs" ino=4286 scontext=u:r:healthd:s0 tcontext=u:object_r:graphics_device:s0 tclass=chr_file
[ 4.889857] type=1400 audit(1390866387.605:6): avc: denied { read } for pid=98 comm="charger" name="input" dev="tmpfs" ino=4153 scontext=u:r:healthd:s0 tcontext=u:object_r:input_device:s0 tclass=dir
[ 4.890873] type=1400 audit(1390866387.605:7): avc: denied { open } for pid=98 comm="charger" name="input" dev="tmpfs" ino=4153 scontext=u:r:healthd:s0 tcontext=u:object_r:input_device:s0 tclass=dir
[ 4.891949] type=1400 audit(1390866387.605:8): avc: denied { search } for pid=98 comm="charger" name="input" dev="tmpfs" ino=4153 scontext=u:r:healthd:s0 tcontext=u:object_r:input_device:s0 tclass=dir
[ 4.892677] type=1400 audit(1390866387.605:9): avc: denied { read } for pid=98 comm="charger" name="event2" dev="tmpfs" ino=4279 scontext=u:r:healthd:s0 tcontext=u:object_r:input_device:s0 tclass=chr_file
[ 4.893576] type=1400 audit(1390866387.605:10): avc: denied { open } for pid=98 comm="charger" name="event2" dev="tmpfs" ino=4279 scontext=u:r:healthd:s0 tcontext=u:object_r:input_device:s0 tclass=chr_file
[ 7.288104] type=1400 audit(1390866389.999:12): avc: denied { execmem } for pid=98 comm="charger" scontext=u:r:healthd:s0 tcontext=u:r:healthd:s0 tclass=process
[ 7.288574] type=1400 audit(1390866389.999:13): avc: denied { execute } for pid=98 comm="charger" path="/dev/ashmem" dev="tmpfs" ino=4113 scontext=u:r:healthd:s0 tcontext=u:object_r:ashmem_device:s0 tclass=chr_file
Change-Id: I0118e08514caa0ad11d2aa7562c9846a96779a21
Require all domain transitions or dyntransitions to be
explicitly specified in SELinux policy.
healthd: Remove healthd_exec / init_daemon_domain().
Healthd lives on the rootfs and has no unique file type.
It should be treated consistent with other similar domains.
Change-Id: Ief3c1167379cfb5383073fa33c9a95710a883b29
The kernel bug that required healthd to remain permissive was fixed by
I8a3e0db15ec5f4eb05d455a57e8446a8c2b484c2.
Change-Id: Iff07b65b943cadf949d9b747376a8621b2378bf8
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
init creates a private /dev/null instance named /dev/__null__
that is inherited by healthd. Since it is created prior to
initial policy load, it is left in the tmpfs type.
Allow healthd to inherit and use the open fd.
Change-Id: I525fb4527766d0780457642ebcc19c0fcfd1778c
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Add the necessary rules to support dumpstate.
Start off initially in permissive until it has more testing.
Dumpstate is triggered by running "adb bugreport"
Change-Id: Ic17a60cca1f6f40daa4f2c51e9ad6009ef36cfbd
This change removes the permissive line from unconfined
domains. Unconfined domains can do (mostly) anything, so moving
these domains into enforcing should be a no-op.
The following domains were deliberately NOT changed:
1) kernel
2) init
In the future, this gives us the ability to tighten up the
rules in unconfined, and have those tightened rules actually
work.
When we're ready to tighten up the rules for these domains,
we can:
1) Remove unconfined_domain and re-add the permissive line.
2) Submit the domain in permissive but NOT unconfined.
3) Remove the permissive line
4) Wait a few days and submit the no-permissive change.
For instance, if we were ready to do this for adb, we'd identify
a list of possible rules which allow adbd to work, re-add
the permissive line, and then upload those changes to AOSP.
After sufficient testing, we'd then move adb to enforcing.
We'd repeat this for each domain until everything is enforcing
and out of unconfined.
Change-Id: If674190de3262969322fb2e93d9a0e734f8b9245
