hal_health_default: fix avc denials
Bug: 146318912
Bug: 150858700
Test: Ensure access is correctly granted to healthd
Signed-off-by: Jack Wu <wjack@google.com>
Change-Id: Ifebe1f4712b68e77b159cea662205768f34172e2
diff --git a/vendor/google/file.te b/vendor/google/file.te
index ce6a826..7a7d931 100644
--- a/vendor/google/file.te
+++ b/vendor/google/file.te
@@ -4,3 +4,4 @@
type sysfs_display, sysfs_type, fs_type;
type sysfs_pixelstats, sysfs_type, fs_type;
type persist_battery_file, file_type;
+type sysfs_chargelevel, sysfs_type, fs_type;
diff --git a/vendor/google/genfs_contexts b/vendor/google/genfs_contexts
index b6ac47a..76b661d 100644
--- a/vendor/google/genfs_contexts
+++ b/vendor/google/genfs_contexts
@@ -14,3 +14,7 @@
genfscon debugfs /tcpm/usbpd0 u:object_r:debugfs_usb:s0
genfscon debugfs /logbuffer/smblib u:object_r:debugfs_usb:s0
genfscon debugfs /logbuffer/usbpd u:object_r:debugfs_usb:s0
+
+# Charger
+genfscon sysfs /devices/platform/soc/soc:google,charger/charge_start_level u:object_r:sysfs_chargelevel:s0
+genfscon sysfs /devices/platform/soc/soc:google,charger/charge_stop_level u:object_r:sysfs_chargelevel:s0
diff --git a/vendor/google/hal_health_default.te b/vendor/google/hal_health_default.te
index 8eb0348..4aa8d4e 100644
--- a/vendor/google/hal_health_default.te
+++ b/vendor/google/hal_health_default.te
@@ -19,9 +19,11 @@
allow hal_health_default sysfs_mmc:file rw_file_perms;
allow hal_health_default sysfs_thermal:dir r_dir_perms;
allow hal_health_default sysfs_thermal:file rw_file_perms;
+allow hal_health_default sysfs_chargelevel:file rw_file_perms;
get_prop(hal_health_default, vendor_shutdown_prop)
set_prop(hal_health_default, vendor_shutdown_prop)
+set_prop(hal_health_default, vendor_battery_defender_prop)
allow hal_health_default self:capability2 wake_alarm;
allow hal_health_default mnt_vendor_file:dir search;
diff --git a/vendor/google/property.te b/vendor/google/property.te
index 9c44528..497f454 100644
--- a/vendor/google/property.te
+++ b/vendor/google/property.te
@@ -7,3 +7,6 @@
type vendor_build_type_prop, property_type;
type vendor_modem_prop, property_type;
+
+# hal_health
+type vendor_battery_defender_prop, property_type;
diff --git a/vendor/google/property_contexts b/vendor/google/property_contexts
index 8d7c961..302d8cb 100644
--- a/vendor/google/property_contexts
+++ b/vendor/google/property_contexts
@@ -13,6 +13,9 @@
ro.vibrator.hal.long.voltage u:object_r:vendor_vibrator_prop:s0
ro.vibrator.hal.long.frequency.shift u:object_r:vendor_vibrator_prop:s0
+# battery
+vendor.battery.defender. u:object_r:vendor_battery_defender_prop:s0
+
# fingerprint
vendor.fps.init.succeed u:object_r:vendor_fingerprint_prop:s0
vendor.fps.init_retry.count u:object_r:vendor_fingerprint_prop:s0
diff --git a/vendor/qcom/common/init-devstart-sh.te b/vendor/qcom/common/init-devstart-sh.te
index 4924e27..57ea5d2 100644
--- a/vendor/qcom/common/init-devstart-sh.te
+++ b/vendor/qcom/common/init-devstart-sh.te
@@ -17,3 +17,6 @@
# Set boot_adsp and boot_slpi to 1
allow init-qcom-devstart-sh sysfs_msm_subsys:file w_file_perms;
+
+# Support for battery defender
+allow init-qcom-devstart-sh sysfs_chargelevel:file rw_file_perms;
