From ec7d39ba168a5b620e6bb526f316581acc5c1238 Mon Sep 17 00:00:00 2001
From: William Roberts <wroberts@tresys.com>
Date: Sat, 28 Sep 2013 18:46:21 -0400
Subject: [PATCH] Introduce controls on wake lock interface

Change-Id: Ie0ee266e9e6facb2ab2abd652f68765239a41af1
---
 file.te          | 1 +
 file_contexts    | 2 ++
 rild.te          | 3 +++
 system_server.te | 3 +++
 4 files changed, 9 insertions(+)

diff --git a/file.te b/file.te
index a6868bf0c..8d80e8545 100644
--- a/file.te
+++ b/file.te
@@ -12,6 +12,7 @@ type sysfs, fs_type, mlstrustedobject;
 type sysfs_writable, fs_type, sysfs_type, mlstrustedobject;
 type sysfs_bluetooth_writable, fs_type, sysfs_type, mlstrustedobject;
 type sysfs_nfc_power_writable, fs_type, sysfs_type, mlstrustedobject;
+type sysfs_wake_lock, fs_type, sysfs_type;
 type inotify, fs_type, mlstrustedobject;
 type devpts, fs_type, mlstrustedobject;
 type tmpfs, fs_type;
diff --git a/file_contexts b/file_contexts
index dfdb43943..be61f9ca9 100644
--- a/file_contexts
+++ b/file_contexts
@@ -204,6 +204,8 @@
 /sys/devices/platform/nfc-power/nfc_power -- u:object_r:sysfs_nfc_power_writable:s0
 /sys/class/rfkill/rfkill[0-9]*/state -- u:object_r:sysfs_bluetooth_writable:s0
 /sys/class/rfkill/rfkill[0-9]*/type -- u:object_r:sysfs_bluetooth_writable:s0
+/sys/power/wake_lock -- u:object_r:sysfs_wake_lock:s0
+/sys/power/wake_unlock -- u:object_r:sysfs_wake_lock:s0
 #############################
 # asec containers
 /mnt/asec(/.*)?         u:object_r:asec_apk_file:s0
diff --git a/rild.te b/rild.te
index 1721fb170..a93b3aca7 100644
--- a/rild.te
+++ b/rild.te
@@ -6,3 +6,6 @@ type rild_exec, exec_type, file_type;
 init_daemon_domain(rild)
 net_domain(rild)
 unconfined_domain(rild)
+
+# Access to wake locks
+allow rild sysfs_wake_lock:file rw_file_perms;
diff --git a/system_server.te b/system_server.te
index 6e1acd3b1..fd2d13076 100644
--- a/system_server.te
+++ b/system_server.te
@@ -45,3 +45,6 @@ allow system_server apk_tmp_file:file relabelto;
 allow system_server cache_backup_file:file relabelto;
 allow system_server apk_private_tmp_file:file relabelto;
 allow system_server wallpaper_file:file relabelto;
+
+# Access to wake locks
+allow system_server sysfs_wake_lock:file rw_file_perms;
-- 
GitLab