c1b697fec7
[ 19.924855] type=1400 audit(1617105165.784:140): avc: denied { getattr } for comm="batterysecret" path="/dev/kmsg" dev="tmpfs" ino=12292 scontext=u:r:batterysecret:s0 tcontext=u:object_r:kmsg_device:s0 tclass=chr_file permissive=0 Signed-off-by: Kuba Wojciechowski <nullbytepl@gmail.com> Change-Id: Icee6cc5f3dfc84864d0bb9bb8af59731f33d64be
52 lines
1.2 KiB
Plaintext
52 lines
1.2 KiB
Plaintext
type batterysecret, domain;
|
|
type batterysecret_exec, exec_type, vendor_file_type, file_type;
|
|
type persist_subsys_file, vendor_persist_type, file_type;
|
|
|
|
init_daemon_domain(batterysecret)
|
|
|
|
r_dir_file(batterysecret, cgroup)
|
|
r_dir_file(batterysecret, mnt_vendor_file)
|
|
r_dir_file(batterysecret, vendor_sysfs_battery_supply)
|
|
r_dir_file(batterysecret, sysfs_batteryinfo)
|
|
r_dir_file(batterysecret, sysfs_type)
|
|
r_dir_file(batterysecret, vendor_sysfs_usb_supply)
|
|
r_dir_file(batterysecret, vendor_sysfs_usbpd_device)
|
|
|
|
allow batterysecret {
|
|
mnt_vendor_file
|
|
persist_subsys_file
|
|
rootfs
|
|
}:dir rw_dir_perms;
|
|
|
|
allow batterysecret {
|
|
persist_subsys_file
|
|
sysfs
|
|
vendor_sysfs_battery_supply
|
|
sysfs_usb
|
|
vendor_sysfs_usb_supply
|
|
vendor_sysfs_usbpd_device
|
|
}:file w_file_perms;
|
|
|
|
allow batterysecret kmsg_device:chr_file rw_file_perms;
|
|
|
|
allow batterysecret self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
|
|
|
|
allow batterysecret self:global_capability_class_set {
|
|
sys_tty_config
|
|
sys_boot
|
|
};
|
|
|
|
allow batterysecret self:capability {
|
|
chown
|
|
fsetid
|
|
};
|
|
|
|
allow batterysecret {
|
|
system_suspend_hwservice
|
|
hidl_manager_hwservice
|
|
}:hwservice_manager find;
|
|
|
|
binder_call(batterysecret, system_suspend_server)
|
|
|
|
wakelock_use(batterysecret)
|