Skip to content
Snippets Groups Projects
Commit c3e27bda authored by Nick Kralevich's avatar Nick Kralevich Committed by Android Git Automerger
Browse files

am 8599e34b: Introduce wakelock_use()

* commit '8599e34b':
  Introduce wakelock_use()
parents befe0652 8599e34b
No related branches found
No related tags found
No related merge requests found
...@@ -9,7 +9,7 @@ write_klog(healthd) ...@@ -9,7 +9,7 @@ write_klog(healthd)
allow healthd tmpfs:chr_file { read write }; allow healthd tmpfs:chr_file { read write };
allow healthd self:capability { net_admin mknod sys_tty_config }; allow healthd self:capability { net_admin mknod sys_tty_config };
allow healthd self:capability2 block_suspend; wakelock_use(healthd)
allow healthd self:netlink_kobject_uevent_socket create_socket_perms; allow healthd self:netlink_kobject_uevent_socket create_socket_perms;
binder_use(healthd) binder_use(healthd)
binder_service(healthd) binder_service(healthd)
......
...@@ -39,6 +39,6 @@ allow rild self:netlink_socket create_socket_perms; ...@@ -39,6 +39,6 @@ allow rild self:netlink_socket create_socket_perms;
allow rild self:netlink_kobject_uevent_socket create_socket_perms; allow rild self:netlink_kobject_uevent_socket create_socket_perms;
# Access to wake locks # Access to wake locks
allow rild sysfs_wake_lock:file rw_file_perms; wakelock_use(rild)
allow rild self:socket create_socket_perms; allow rild self:socket create_socket_perms;
...@@ -53,7 +53,7 @@ allow system_server self:capability { ...@@ -53,7 +53,7 @@ allow system_server self:capability {
sys_tty_config sys_tty_config
}; };
allow system_server self:capability2 block_suspend; wakelock_use(system_server)
# Triggered by /proc/pid accesses, not allowed. # Triggered by /proc/pid accesses, not allowed.
dontaudit system_server self:capability sys_ptrace; dontaudit system_server self:capability sys_ptrace;
...@@ -316,9 +316,6 @@ allow system_server sensors_device:chr_file rw_file_perms; ...@@ -316,9 +316,6 @@ allow system_server sensors_device:chr_file rw_file_perms;
# Read from HW RNG (needed by EntropyMixer). # Read from HW RNG (needed by EntropyMixer).
allow system_server hw_random_device:chr_file r_file_perms; allow system_server hw_random_device:chr_file r_file_perms;
# Access to wake locks
allow system_server sysfs_wake_lock:file rw_file_perms;
# Read and delete files under /dev/fscklogs. # Read and delete files under /dev/fscklogs.
r_dir_file(system_server, fscklogs) r_dir_file(system_server, fscklogs)
allow system_server fscklogs:dir { write remove_name }; allow system_server fscklogs:dir { write remove_name };
......
...@@ -173,6 +173,16 @@ define(`binder_service', ` ...@@ -173,6 +173,16 @@ define(`binder_service', `
typeattribute $1 binderservicedomain; typeattribute $1 binderservicedomain;
') ')
#####################################
# wakelock_use(domain)
# Allow domain to manage wake locks
define(`wakelock_use', `
# Access /sys/power/wake_lock and /sys/power/wake_unlock
allow $1 sysfs_wake_lock:file rw_file_perms;
# Accessing these files requires CAP_BLOCK_SUSPEND
allow $1 self:capability2 block_suspend;
')
##################################### #####################################
# selinux_check_access(domain) # selinux_check_access(domain)
# Allow domain to check SELinux permissions via selinuxfs. # Allow domain to check SELinux permissions via selinuxfs.
......
...@@ -77,8 +77,7 @@ allow vold asec_apk_file:file { r_file_perms setattr relabelfrom }; ...@@ -77,8 +77,7 @@ allow vold asec_apk_file:file { r_file_perms setattr relabelfrom };
allow vold asec_public_file:file { relabelto setattr }; allow vold asec_public_file:file { relabelto setattr };
# Handle wake locks (used for device encryption) # Handle wake locks (used for device encryption)
allow vold sysfs_wake_lock:file rw_file_perms; wakelock_use(vold)
allow vold self:capability2 block_suspend;
# talk to batteryservice # talk to batteryservice
binder_use(vold) binder_use(vold)
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment