5a5266e74c
Now that our tools are routed to system_suspend, there is no reason for system_suspend to write to /sys/power/wake_[un]lock. Bug: 128923994 Bug: 115946999 Test: boot blueline, no denials from system_suspend Change-Id: I1097d30c050ce7d88677e07f4aaef07ce78dc958
20 lines
710 B
Text
20 lines
710 B
Text
type system_suspend, domain, coredomain, system_suspend_server;
|
|
|
|
type system_suspend_exec, system_file_type, exec_type, file_type;
|
|
init_daemon_domain(system_suspend)
|
|
|
|
# To serve ISuspendControlService.aidl.
|
|
binder_use(system_suspend)
|
|
add_service(system_suspend, system_suspend_control_service)
|
|
|
|
# Access to /sys/power/{ wakeup_count, state } suspend interface.
|
|
allow system_suspend sysfs_power:file rw_file_perms;
|
|
|
|
neverallow {
|
|
domain
|
|
-atrace # tracing
|
|
-dumpstate # bug reports
|
|
-system_suspend # implements system_suspend_control_service
|
|
-system_server # configures system_suspend via ISuspendControlService
|
|
-traceur_app # tracing
|
|
} system_suspend_control_service:service_manager find;
|