From dc08245c3fbe43f45f93b224470bd40dcd116bc6 Mon Sep 17 00:00:00 2001
From: Sandeep Patil <sspatil@google.com>
Date: Tue, 1 Nov 2016 13:49:10 -0700
Subject: [PATCH] healthd: create SEPolicy for 'charger' and reduce healthd's
 scope

healthd is being split into 'charger' and 'healthd' processes, that
will never run together. 'charger' is to be run only in charge-only
and recovery, while healthd runs with Android.

While they both share much of battery monitoring code, they both now
have reduced scope. E.g. 'charger', doesn't need to use binder anymore
and healthd doesn't need to do charging ui animation. So, amend the
SEPolicy for healthd to reduce it's scope and add a new one for charger.

Test: Tested all modes {recovery, charger-only, android} with new policy

Change-Id: If7f81875c605f7f07da4d23a313f308b9dde9ce8
Signed-off-by: Sandeep Patil <sspatil@google.com>
(cherry picked from commit c73d0022ade4855ab72849e1fe97856c737fdcef)
---
 private/file_contexts |  1 +
 private/healthd.te    |  3 +++
 private/init.te       |  2 +-
 public/charger.te     | 41 ++++++++++++++++++++++++++++++++++++++
 public/healthd.te     | 46 +++++++++----------------------------------
 5 files changed, 55 insertions(+), 38 deletions(-)
 create mode 100644 private/healthd.te
 create mode 100644 public/charger.te

diff --git a/private/file_contexts b/private/file_contexts
index ccb441a74..ddaa5aeea 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -202,6 +202,7 @@
 /system/xbin/su		u:object_r:su_exec:s0
 /system/xbin/perfprofd  u:object_r:perfprofd_exec:s0
 /system/bin/dnsmasq     u:object_r:dnsmasq_exec:s0
+/system/bin/healthd     u:object_r:healthd_exec:s0
 /system/bin/hostapd     u:object_r:hostapd_exec:s0
 /system/bin/clatd	u:object_r:clatd_exec:s0
 /system/bin/lmkd        u:object_r:lmkd_exec:s0
diff --git a/private/healthd.te b/private/healthd.te
new file mode 100644
index 000000000..0214c59f8
--- /dev/null
+++ b/private/healthd.te
@@ -0,0 +1,3 @@
+# type_transition must be private policy the domain_trans rules could stay
+# public, but conceptually should go with this
+init_daemon_domain(healthd)
diff --git a/private/init.te b/private/init.te
index c2354548b..c0e3d5f7e 100644
--- a/private/init.te
+++ b/private/init.te
@@ -4,7 +4,7 @@ tmpfs_domain(init)
 
 # Transitions to seclabel processes in init.rc
 domain_trans(init, rootfs, adbd)
-domain_trans(init, rootfs, healthd)
+domain_trans(init, rootfs, charger)
 domain_trans(init, rootfs, slideshow)
 recovery_only(`
   domain_trans(init, rootfs, recovery)
diff --git a/public/charger.te b/public/charger.te
new file mode 100644
index 000000000..4b20d1dd5
--- /dev/null
+++ b/public/charger.te
@@ -0,0 +1,41 @@
+# charger seclabel is specified in init.rc since
+# it lives in the rootfs and has no unique file type.
+type charger, domain;
+
+# Write to /dev/kmsg
+allow charger kmsg_device:chr_file rw_file_perms;
+
+# Read access to pseudo filesystems.
+r_dir_file(charger, sysfs_type)
+r_dir_file(charger, rootfs)
+r_dir_file(charger, cgroup)
+
+allow charger self:capability { sys_tty_config };
+allow charger self:capability sys_boot;
+
+wakelock_use(charger)
+
+allow charger self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
+
+# Write to /sys/power/state
+# TODO:  Split into a separate type?
+allow charger sysfs:file write;
+
+allow charger sysfs_batteryinfo:file r_file_perms;
+
+# Read /sys/fs/pstore/console-ramoops
+# Don't worry about overly broad permissions for now, as there's
+# only one file in /sys/fs/pstore
+allow charger pstorefs:dir r_dir_perms;
+allow charger pstorefs:file r_file_perms;
+
+allow charger graphics_device:dir r_dir_perms;
+allow charger graphics_device:chr_file rw_file_perms;
+allow charger input_device:dir r_dir_perms;
+allow charger input_device:chr_file r_file_perms;
+allow charger tty_device:chr_file rw_file_perms;
+allow charger proc_sysrq:file rw_file_perms;
+
+# charger needs to tell init to continue the boot
+# process when running in charger mode.
+set_prop(charger, system_prop)
diff --git a/public/healthd.te b/public/healthd.te
index 0bf92c888..cbc5c46a6 100644
--- a/public/healthd.te
+++ b/public/healthd.te
@@ -1,6 +1,6 @@
-# healthd seclabel is specified in init.rc since
-# it lives in the rootfs and has no unique file type.
-type healthd, domain, domain_deprecated;
+# healthd - battery/charger monitoring service daemon
+type healthd, domain;
+type healthd_exec, exec_type, file_type;
 
 # Write to /dev/kmsg
 allow healthd kmsg_device:chr_file rw_file_perms;
@@ -8,48 +8,20 @@ allow healthd kmsg_device:chr_file rw_file_perms;
 # Read access to pseudo filesystems.
 r_dir_file(healthd, sysfs_type)
 r_dir_file(healthd, rootfs)
+r_dir_file(healthd, cgroup)
 
 allow healthd self:capability { net_admin sys_tty_config };
+
 wakelock_use(healthd)
+
 allow healthd self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
+
 binder_use(healthd)
 binder_service(healthd)
 binder_call(healthd, system_server)
 
-# Write to state file.
-# TODO:  Split into a separate type?
-allow healthd sysfs:file write;
-
-# TODO: added to match above sysfs rule. Remove me?
-allow healthd sysfs_usb:file write;
-
 allow healthd sysfs_batteryinfo:file r_file_perms;
-
-r_dir_file(healthd, cgroup)
-r_dir_file(healthd, sysfs_type)
-
-###
-### healthd: charger mode
-###
-
-# Read /sys/fs/pstore/console-ramoops
-# Don't worry about overly broad permissions for now, as there's
-# only one file in /sys/fs/pstore
-allow healthd pstorefs:dir r_dir_perms;
-allow healthd pstorefs:file r_file_perms;
-
-allow healthd graphics_device:dir r_dir_perms;
-allow healthd graphics_device:chr_file rw_file_perms;
-allow healthd input_device:dir r_dir_perms;
-allow healthd input_device:chr_file r_file_perms;
-allow healthd tty_device:chr_file rw_file_perms;
-allow healthd ashmem_device:chr_file execute;
-allow healthd self:process execmem;
-allow healthd proc_sysrq:file rw_file_perms;
-allow healthd self:capability sys_boot;
-
 allow healthd batteryproperties_service:service_manager { add find };
 
-# Healthd needs to tell init to continue the boot
-# process when running in charger mode.
-set_prop(healthd, system_prop)
+# healthd can fake the battery existense if ro.boot.fake_battery is set
+get_prop(healthd, system_prop)
-- 
GitLab