hal_health_default: fix avc denials.
Bug: 175172404
Test: Ensure access is correctly granted to healthd
Signed-off-by: Jack Wu <wjack@google.com>
Merged-In: I287f5c0177f16da9fb9ab4a7e0c4a0e3d4832d7e
Change-Id: Ifebe1f4712b68e77b159cea662205768f34172e2
diff --git a/vendor/google/file.te b/vendor/google/file.te
index fc651f2..ae65f49 100644
--- a/vendor/google/file.te
+++ b/vendor/google/file.te
@@ -4,6 +4,7 @@
type sysfs_display, sysfs_type, fs_type;
type sysfs_pixelstats, sysfs_type, fs_type;
type persist_battery_file, file_type;
+type sysfs_chargelevel, sysfs_type, fs_type;
# RamdumpFS
allow ramdump_vendor_mnt_file self:filesystem associate;
diff --git a/vendor/google/genfs_contexts b/vendor/google/genfs_contexts
index bea397d..4eb61a0 100644
--- a/vendor/google/genfs_contexts
+++ b/vendor/google/genfs_contexts
@@ -28,4 +28,3 @@
genfscon sysfs /devices/platform/soc/soc:google,charger/bd_trigger_time u:object_r:sysfs_chargelevel:s0
genfscon sysfs /devices/platform/soc/soc:google,charger/bd_trigger_voltage u:object_r:sysfs_chargelevel:s0
genfscon sysfs /devices/platform/soc/soc:google,charger/bd_temp_enable u:object_r:sysfs_chargelevel:s0
-
diff --git a/vendor/google/hal_health_default.te b/vendor/google/hal_health_default.te
index 4835236..8a56297 100644
--- a/vendor/google/hal_health_default.te
+++ b/vendor/google/hal_health_default.te
@@ -17,9 +17,11 @@
allow hal_health_default sysfs_batteryinfo:file rw_file_perms;
allow hal_health_default sysfs_thermal:dir r_dir_perms;
allow hal_health_default sysfs_thermal:file rw_file_perms;
+allow hal_health_default sysfs_chargelevel:file rw_file_perms;
get_prop(hal_health_default, vendor_shutdown_prop)
set_prop(hal_health_default, vendor_shutdown_prop)
+set_prop(hal_health_default, vendor_battery_defender_prop)
allow hal_health_default self:capability2 wake_alarm;
allow hal_health_default mnt_vendor_file:dir search;
diff --git a/vendor/google/property.te b/vendor/google/property.te
index e92834b..5ed50a2 100644
--- a/vendor/google/property.te
+++ b/vendor/google/property.te
@@ -5,3 +5,6 @@
# fingerprint
type vendor_fingerprint_prop, property_type;
+
+# hal_health
+type vendor_battery_defender_prop, property_type;
diff --git a/vendor/google/property_contexts b/vendor/google/property_contexts
index be45d93..6c7d807 100644
--- a/vendor/google/property_contexts
+++ b/vendor/google/property_contexts
@@ -13,6 +13,9 @@
persist.vendor.shutdown. u:object_r:vendor_shutdown_prop:s0
persist.vendor.radio.multisim_switch_support u:object_r:vendor_radio_prop:s0
+# battery
+vendor.battery.defender. u:object_r:vendor_battery_defender_prop:s0
+
# fingerprint
vendor.fps.init.succeed u:object_r:vendor_fingerprint_prop:s0
vendor.fps.init_retry.count u:object_r:vendor_fingerprint_prop:s0
diff --git a/vendor/qcom/common/init-devstart-sh.te b/vendor/qcom/common/init-devstart-sh.te
index 65f353f..5292182 100644
--- a/vendor/qcom/common/init-devstart-sh.te
+++ b/vendor/qcom/common/init-devstart-sh.te
@@ -34,3 +34,6 @@
dontaudit init-qcom-devstart-sh sysfs_type:dir { read write };
dontaudit init-qcom-devstart-sh sysfs_graphics:file getattr;
dontaudit init-qcom-devstart-sh sysfs_devices_block:file getattr;
+
+# Support for battery defender
+allow init-qcom-devstart-sh sysfs_chargelevel:file rw_file_perms;
