device_xiaomi_sweet/sepolicy/vendor/batterysecret.te
Adithya R c1b697fec7
sweet: sepolicy: Address more battery secret denials
[   19.924855] type=1400 audit(1617105165.784:140): avc: denied { getattr } for comm="batterysecret" path="/dev/kmsg" dev="tmpfs" ino=12292 scontext=u:r:batterysecret:s0 tcontext=u:object_r:kmsg_device:s0 tclass=chr_file permissive=0

Signed-off-by: Kuba Wojciechowski <nullbytepl@gmail.com>
Change-Id: Icee6cc5f3dfc84864d0bb9bb8af59731f33d64be
2023-06-01 01:30:47 +05:30

52 lines
1.2 KiB
Plaintext

type batterysecret, domain;
type batterysecret_exec, exec_type, vendor_file_type, file_type;
type persist_subsys_file, vendor_persist_type, file_type;
init_daemon_domain(batterysecret)
r_dir_file(batterysecret, cgroup)
r_dir_file(batterysecret, mnt_vendor_file)
r_dir_file(batterysecret, vendor_sysfs_battery_supply)
r_dir_file(batterysecret, sysfs_batteryinfo)
r_dir_file(batterysecret, sysfs_type)
r_dir_file(batterysecret, vendor_sysfs_usb_supply)
r_dir_file(batterysecret, vendor_sysfs_usbpd_device)
allow batterysecret {
mnt_vendor_file
persist_subsys_file
rootfs
}:dir rw_dir_perms;
allow batterysecret {
persist_subsys_file
sysfs
vendor_sysfs_battery_supply
sysfs_usb
vendor_sysfs_usb_supply
vendor_sysfs_usbpd_device
}:file w_file_perms;
allow batterysecret kmsg_device:chr_file rw_file_perms;
allow batterysecret self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
allow batterysecret self:global_capability_class_set {
sys_tty_config
sys_boot
};
allow batterysecret self:capability {
chown
fsetid
};
allow batterysecret {
system_suspend_hwservice
hidl_manager_hwservice
}:hwservice_manager find;
binder_call(batterysecret, system_suspend_server)
wakelock_use(batterysecret)