hal_health_default: fix avc denials
Bug: 146310614
Test: Ensure access is correctly granted to healthd
Signed-off-by: Jack Wu <wjack@google.com>
Change-Id: Id1def0fa8f530cdebfeb0834a608f16b93f1d460
diff --git a/vendor/google/file.te b/vendor/google/file.te
index e0aae1a..bf7429e 100644
--- a/vendor/google/file.te
+++ b/vendor/google/file.te
@@ -6,6 +6,7 @@
type ramoops_vendor_data_file, file_type, data_file_type, mlstrustedobject;
type proc_touch, proc_type, fs_type, mlstrustedobject;
type debugfs_batteryinfo, debugfs_type, fs_type;
+type sysfs_chargelevel, sysfs_type, fs_type;
type sysfs_display, sysfs_type, fs_type;
type sysfs_touch, sysfs_type, fs_type;
type sysfs_power_stats, sysfs_type, fs_type;
diff --git a/vendor/google/file_contexts b/vendor/google/file_contexts
index c782d70..0b28628 100644
--- a/vendor/google/file_contexts
+++ b/vendor/google/file_contexts
@@ -21,7 +21,6 @@
/vendor/bin/hw/android\.hardware\.authsecret@1\.0-service\.citadel u:object_r:hal_authsecret_citadel_exec:s0
/vendor/bin/hw/android\.hardware\.camera\.provider@2\.6-service-google u:object_r:hal_camera_default_exec:s0
/vendor/bin/hw/android\.hardware\.contexthub@1\.1-service\.generic u:object_r:hal_contexthub_default_exec:s0
-/vendor/bin/hw/android\.hardware\.health@2\.1-service u:object_r:hal_health_default_exec:s0
/vendor/bin/hw/android\.hardware\.dumpstate@1\.1-service\.sunfish u:object_r:hal_dumpstate_impl_exec:s0
/vendor/bin/hw/android\.hardware\.keymaster@4\.0-service\.citadel u:object_r:hal_keymaster_citadel_exec:s0
/vendor/bin/hw/android\.hardware\.neuralnetworks@1\.0-service-paintbox u:object_r:hal_neuralnetworks_paintbox_exec:s0
diff --git a/vendor/google/genfs_contexts b/vendor/google/genfs_contexts
index ebae774..8ee5649 100644
--- a/vendor/google/genfs_contexts
+++ b/vendor/google/genfs_contexts
@@ -74,6 +74,8 @@
genfscon debugfs /logbuffer/ttf u:object_r:debugfs_batteryinfo:s0
genfscon debugfs /google_charger u:object_r:debugfs_batteryinfo:s0
genfscon debugfs /google_battery u:object_r:debugfs_batteryinfo:s0
+genfscon sysfs /devices/platform/soc/soc:google,charger/charge_start_level u:object_r:sysfs_chargelevel:s0
+genfscon sysfs /devices/platform/soc/soc:google,charger/charge_stop_level u:object_r:sysfs_chargelevel:s0
# Pixelstats
genfscon sysfs /devices/platform/soc/soc:google,overheat_mitigation u:object_r:sysfs_pixelstats:s0
diff --git a/vendor/google/hal_health_default.te b/vendor/google/hal_health_default.te
index 3d72ec1..42a3aa4 100644
--- a/vendor/google/hal_health_default.te
+++ b/vendor/google/hal_health_default.te
@@ -2,5 +2,11 @@
r_dir_file(hal_health_default, sysfs_scsi_devices_0000)
set_prop(hal_health_default, vendor_shutdown_prop)
+set_prop(hal_health_default, vendor_battery_defender_prop)
allow hal_health_default fwk_stats_hwservice:hwservice_manager find;
+allow hal_health_default persist_file:dir search;
+allow hal_health_default persist_battery_file:file create_file_perms;
+allow hal_health_default persist_battery_file:dir rw_dir_perms;
+allow hal_health_default mnt_vendor_file:dir search;
+allow hal_health_default sysfs_chargelevel:file rw_file_perms;
diff --git a/vendor/google/property.te b/vendor/google/property.te
index 2934a36..54aa455 100644
--- a/vendor/google/property.te
+++ b/vendor/google/property.te
@@ -8,6 +8,7 @@
type vendor_ramoops_prop, property_type;
type ecoservice_prop, property_type;
type vendor_shutdown_prop, property_type;
+type vendor_battery_defender_prop, property_type;
type vendor_vibrator_prop, property_type;
# vendor verbose logging property
diff --git a/vendor/google/property_contexts b/vendor/google/property_contexts
index 457d9a0..951f23d 100644
--- a/vendor/google/property_contexts
+++ b/vendor/google/property_contexts
@@ -30,6 +30,10 @@
vendor.display.primary_blue u:object_r:vendor_display_prop:s0
vendor.display.primary_white u:object_r:vendor_display_prop:s0
vendor.display.native_display_primaries_ready u:object_r:vendor_display_prop:s0
+
+# battery
+vendor.battery.defender. u:object_r:vendor_battery_defender_prop:s0
+
# Tcpdump_logger
persist.vendor.tcpdump.log.alwayson u:object_r:vendor_tcpdump_log_prop:s0
vendor.tcpdump.log.ondemand u:object_r:vendor_tcpdump_log_prop:s0