platform_system_sepolicy/healthd.te
dcashman cd82557d40 Restrict service_manager find and list access.
All domains are currently granted list and find service_manager
permissions, but this is not necessary.  Pare the permissions
which did not trigger any of the auditallow reporting.

Bug: 18106000
Change-Id: Ie0ce8de2af8af2cbe4ce388a2dcf4534694c994a
2014-12-15 10:09:24 -08:00

46 lines
1.5 KiB
Text

# healthd seclabel is specified in init.rc since
# it lives in the rootfs and has no unique file type.
type healthd, domain;
write_klog(healthd)
# /dev/__null__ created by init prior to policy load,
# open fd inherited by healthd.
allow healthd tmpfs:chr_file { read write };
allow healthd self:capability { net_admin mknod sys_tty_config };
wakelock_use(healthd)
allow healthd self:netlink_kobject_uevent_socket create_socket_perms;
binder_use(healthd)
binder_service(healthd)
binder_call(healthd, system_server)
# Write to state file.
# TODO: Split into a separate type?
allow healthd sysfs:file write;
###
### healthd: charger mode
###
# Read /sys/fs/pstore/console-ramoops
# Don't worry about overly broad permissions for now, as there's
# only one file in /sys/fs/pstore
allow healthd pstorefs:dir r_dir_perms;
allow healthd pstorefs:file r_file_perms;
allow healthd graphics_device:dir r_dir_perms;
allow healthd graphics_device:chr_file rw_file_perms;
allow healthd input_device:dir r_dir_perms;
allow healthd input_device:chr_file r_file_perms;
allow healthd tty_device:chr_file rw_file_perms;
allow healthd ashmem_device:chr_file execute;
allow healthd self:process execmem;
allow healthd proc_sysrq:file rw_file_perms;
allow healthd self:capability sys_boot;
allow healthd healthd_service:service_manager { add find };
# Healthd needs to tell init to continue the boot
# process when running in charger mode.
unix_socket_connect(healthd, property, init)
allow healthd system_prop:property_service set;