platform_system_sepolicy/private/system_suspend.te
Tri Vo e3e77ed264 system_suspend: sysfs path resolution
/sys/class/wakeup/wakeupN can point to an arbitrary path in sysfs. Add
"search" permission for path resolution.

Bug: 144095608
Test: m selinux_policy
Change-Id: I033d15b4ca56656f144189f5c2b1b885f30155a3
2019-11-12 13:47:26 -08:00

26 lines
952 B
Text

type system_suspend, domain, coredomain, system_suspend_server;
type system_suspend_exec, system_file_type, exec_type, file_type;
init_daemon_domain(system_suspend)
# To serve ISuspendControlService.aidl.
binder_use(system_suspend)
add_service(system_suspend, system_suspend_control_service)
# Access to /sys/power/{ wakeup_count, state } suspend interface.
allow system_suspend sysfs_power:file rw_file_perms;
# Access to wakeup and suspend stats.
r_dir_file(system_suspend, sysfs_suspend_stats)
r_dir_file(system_suspend, sysfs_wakeup)
# To resolve arbitrary sysfs paths from /sys/class/wakeup/* symlinks.
allow system_suspend sysfs_type:dir search;
neverallow {
domain
-atrace # tracing
-dumpstate # bug reports
-system_suspend # implements system_suspend_control_service
-system_server # configures system_suspend via ISuspendControlService
-traceur_app # tracing
} system_suspend_control_service:service_manager find;