From 3ff8b53629c2204fd2c4aa45a3b285372f279626 Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Mon, 17 Mar 2014 10:02:06 -0700
Subject: [PATCH] DO NOT MERGE: Fix broken halt while in healthd charger mode

Reboots/halts aren't working in healthd charger mode. This is
causing high power draw in an unplugged, powered off state.

Steps to reproduce (on Nexus 5):
  Unplug device from USB charger/computer
  Turn device off
  Wait for device to turn off
  Plug in USB cable/charger
  Wait for charge animation (wait for animation, not just lightning bolt, may have to press power button briefly to get animation going)
  Wait for panel to turn off
  Unplug USB cable/charger
  Press power button again, notice screen turns on at some frame in the animation.
  (not important) Each press of the power button advances the animation
  Power on.
  Examine denials from /proc/last_kmsg

Addresses the following denials:

[   24.934809] type=1400 audit(12534308.640:8): avc:  denied  { write } for  pid=130 comm="healthd" name="sysrq-trigger" dev="proc" ino=4026533682 scontext=u:r:healthd:s0 tcontext=u:object_r:proc_sysrq:s0 tclass=file
[   24.935395] type=1400 audit(12534308.640:9): avc:  denied  { sys_boot } for  pid=130 comm="healthd" capability=22  scontext=u:r:healthd:s0 tcontext=u:r:healthd:s0 tclass=capability

Bug: 13229119
Bug: 14833575

(cherry picked from commit 9ada894a43b0542658b5bf68a7d9b41d05ee0974)

Change-Id: I6175ad9225e847a0a40d558ac65c3544b22803d5
---
 healthd.te | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/healthd.te b/healthd.te
index ba80dadc3..cfdb756a7 100644
--- a/healthd.te
+++ b/healthd.te
@@ -30,3 +30,5 @@ allow healthd input_device:chr_file r_file_perms;
 allow healthd tty_device:chr_file rw_file_perms;
 allow healthd ashmem_device:chr_file execute;
 allow healthd self:process execmem;
+allow healthd proc_sysrq:file rw_file_perms;
+allow healthd self:capability sys_boot;
-- 
GitLab