Skip to content
Snippets Groups Projects
Commit b10d2964 authored by Tri Vo's avatar Tri Vo Committed by android-build-merger
Browse files

Merge "Remove access to 'sysfs' files from healtd and charger."

am: 1fc08a29

Change-Id: If06792db331fecabaaa3de4b77c680c8bc8b7833
parents cd069684 1fc08a29
No related branches found
No related tags found
No related merge requests found
...@@ -35,9 +35,7 @@ full_treble_only(` ...@@ -35,9 +35,7 @@ full_treble_only(`
# /sys # /sys
neverallow { neverallow {
coredomain coredomain
-charger
-dumpstate -dumpstate
-healthd
-init -init
-priv_app -priv_app
-storaged -storaged
......
...@@ -6,7 +6,7 @@ type charger, domain; ...@@ -6,7 +6,7 @@ type charger, domain;
allow charger kmsg_device:chr_file rw_file_perms; allow charger kmsg_device:chr_file rw_file_perms;
# Read access to pseudo filesystems. # Read access to pseudo filesystems.
r_dir_file(charger, sysfs_type) allow charger sysfs_type:dir search;
r_dir_file(charger, rootfs) r_dir_file(charger, rootfs)
r_dir_file(charger, cgroup) r_dir_file(charger, cgroup)
...@@ -20,7 +20,7 @@ allow charger self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl; ...@@ -20,7 +20,7 @@ allow charger self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
# Read/write to /sys/power/state # Read/write to /sys/power/state
allow charger sysfs_power:file rw_file_perms; allow charger sysfs_power:file rw_file_perms;
allow charger sysfs_batteryinfo:file r_file_perms; r_dir_file(charger, sysfs_batteryinfo)
# Read /sys/fs/pstore/console-ramoops # Read /sys/fs/pstore/console-ramoops
# Don't worry about overly broad permissions for now, as there's # Don't worry about overly broad permissions for now, as there's
......
...@@ -6,7 +6,7 @@ type healthd_exec, exec_type, file_type; ...@@ -6,7 +6,7 @@ type healthd_exec, exec_type, file_type;
allow healthd kmsg_device:chr_file rw_file_perms; allow healthd kmsg_device:chr_file rw_file_perms;
# Read access to pseudo filesystems. # Read access to pseudo filesystems.
r_dir_file(healthd, sysfs_type) allow healthd sysfs_type:dir search;
r_dir_file(healthd, rootfs) r_dir_file(healthd, rootfs)
r_dir_file(healthd, cgroup) r_dir_file(healthd, cgroup)
...@@ -26,16 +26,13 @@ binder_service(healthd) ...@@ -26,16 +26,13 @@ binder_service(healthd)
binder_call(healthd, system_server) binder_call(healthd, system_server)
hal_client_domain(healthd, hal_health) hal_client_domain(healthd, hal_health)
# Write to state file. # Read/write to /sys/power/state
# TODO: Split into a separate type? allow healthd sysfs_power:file rw_file_perms;
allow healthd sysfs:file write;
# TODO: added to match above sysfs rule. Remove me? # TODO: added to match above sysfs rule. Remove me?
allow healthd sysfs_usb:file write; allow healthd sysfs_usb:file write;
allow healthd sysfs_batteryinfo:file r_file_perms; r_dir_file(healthd, sysfs_batteryinfo)
r_dir_file(healthd, sysfs_type)
### ###
### healthd: charger mode ### healthd: charger mode
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment