sweet: sepolicy: initial rules for batterysecret

* Fixes: 07-25 15:31:45.325 0 0 I init : starting service 'batterysecret'... 07-25 15:31:45.336 0 0 F init : cannot setexeccon('u:r:batterysecret:s0') for batterysecret: Invalid argument 07-25 15:31:45.345 0 0 I init : Service 'batterysecret' (pid 6483) exited with status 6 07-25 15:31:45.345 0 0 I init : Sending signal 9 to service 'batterysecret' (pid 6483) process group... Signed-off-by: Kuba Wojciechowski <nullbytepl@gmail.com> Change-Id: I4c547a0162275a1fb99b1038f8bdd5b1f8632095
2021-08-15 15:13:57 +02:00 · 2021-08-15 15:13:57 +02:00 · 01a3bae6f0
commit 01a3bae6f0
parent 451812196b
2 changed files with 57 additions and 0 deletions
--- a/sepolicy/vendor/batterysecret.te
+++ b/sepolicy/vendor/batterysecret.te
@ -0,0 +1,51 @@
+type batterysecret, domain;
+type batterysecret_exec, exec_type, vendor_file_type, file_type;
+type persist_subsys_file, vendor_persist_type, file_type;
+
+init_daemon_domain(batterysecret)
+
+r_dir_file(batterysecret, cgroup)
+r_dir_file(batterysecret, mnt_vendor_file)
+r_dir_file(batterysecret, vendor_sysfs_battery_supply)
+r_dir_file(batterysecret, sysfs_batteryinfo)
+r_dir_file(batterysecret, sysfs_type)
+r_dir_file(batterysecret, vendor_sysfs_usb_supply)
+r_dir_file(batterysecret, vendor_sysfs_usbpd_device)
+
+allow batterysecret {
+    mnt_vendor_file
+    persist_subsys_file
+    rootfs
+}:dir rw_dir_perms;
+
+allow batterysecret {
+    persist_subsys_file
+    sysfs
+    vendor_sysfs_battery_supply
+    sysfs_usb
+    vendor_sysfs_usb_supply
+    vendor_sysfs_usbpd_device
+}:file w_file_perms;
+
+allow batterysecret kmsg_device:chr_file w_file_perms;
+
+allow batterysecret self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
+
+allow batterysecret self:global_capability_class_set {
+    sys_tty_config
+    sys_boot
+};
+
+allow batterysecret self:capability {
+    chown
+    fsetid
+};
+
+allow batterysecret {
+    system_suspend_hwservice
+    hidl_manager_hwservice
+}:hwservice_manager find;
+
+binder_call(batterysecret, system_suspend_server)
+
+wakelock_use(batterysecret)
--- a/sepolicy/vendor/file_contexts
+++ b/sepolicy/vendor/file_contexts
@ -2,3 +2,9 @@
 /sys/bus/iio/devices                                                 u:object_r:vendor_sysfs_iio:s0
 /sys/devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-04/c440000.qcom,spmi:qcom,pm6150l@4:vadc@3100/iio:device1(/.*)? u:object_r:vendor_sysfs_iio:s0
 /sys/devices/platform/us_prox.0/iio:device2(/.*)?                    u:object_r:vendor_sysfs_iio:s0
+
+# Battery secret
+/vendor/bin/batterysecret                                         u:object_r:batterysecret_exec:s0
+
+# Persist subsystem
+/mnt/vendor/persist/subsys(/.*)?                                  u:object_r:persist_subsys_file:s0