commit 719fe53a99b7af3574c63760fadeeaebd6fbd7e7
author Jack Wu <wjack@google.com> Tue Mar 10 19:26:35 2020 +0800
committer Jack Wu <wjack@google.com> Tue Mar 10 20:54:59 2020 +0800
tree 66920201adf1147581b7e3bad11be05993ee74dd
parent 2a049f81c8d41e1d1bb28f00ef0c99e3be351619

hal_health_default: fix avc denials

Bug: 146310614
Test: Ensure access is correctly granted to healthd
Signed-off-by: Jack Wu <wjack@google.com>
Change-Id: Id1def0fa8f530cdebfeb0834a608f16b93f1d460

vendor/google/file.te

diff --git a/vendor/google/file.te b/vendor/google/file.te
index e0aae1a..bf7429e 100644
--- a/vendor/google/file.te
+++ b/vendor/google/file.te
@@ -6,6 +6,7 @@
 type ramoops_vendor_data_file, file_type, data_file_type, mlstrustedobject;
 type proc_touch, proc_type, fs_type, mlstrustedobject;
 type debugfs_batteryinfo, debugfs_type, fs_type;
+type sysfs_chargelevel, sysfs_type, fs_type;
 type sysfs_display, sysfs_type, fs_type;
 type sysfs_touch, sysfs_type, fs_type;
 type sysfs_power_stats, sysfs_type, fs_type;

vendor/google/file_contexts

diff --git a/vendor/google/file_contexts b/vendor/google/file_contexts
index c782d70..0b28628 100644
--- a/vendor/google/file_contexts
+++ b/vendor/google/file_contexts
@@ -21,7 +21,6 @@
 /vendor/bin/hw/android\.hardware\.authsecret@1\.0-service\.citadel                    u:object_r:hal_authsecret_citadel_exec:s0
 /vendor/bin/hw/android\.hardware\.camera\.provider@2\.6-service-google                u:object_r:hal_camera_default_exec:s0
 /vendor/bin/hw/android\.hardware\.contexthub@1\.1-service\.generic                    u:object_r:hal_contexthub_default_exec:s0
-/vendor/bin/hw/android\.hardware\.health@2\.1-service                                 u:object_r:hal_health_default_exec:s0
 /vendor/bin/hw/android\.hardware\.dumpstate@1\.1-service\.sunfish                     u:object_r:hal_dumpstate_impl_exec:s0
 /vendor/bin/hw/android\.hardware\.keymaster@4\.0-service\.citadel                     u:object_r:hal_keymaster_citadel_exec:s0
 /vendor/bin/hw/android\.hardware\.neuralnetworks@1\.0-service-paintbox                u:object_r:hal_neuralnetworks_paintbox_exec:s0

vendor/google/genfs_contexts

diff --git a/vendor/google/genfs_contexts b/vendor/google/genfs_contexts
index ebae774..8ee5649 100644
--- a/vendor/google/genfs_contexts
+++ b/vendor/google/genfs_contexts
@@ -74,6 +74,8 @@
 genfscon debugfs /logbuffer/ttf                                                 u:object_r:debugfs_batteryinfo:s0
 genfscon debugfs /google_charger                                                u:object_r:debugfs_batteryinfo:s0
 genfscon debugfs /google_battery                                                u:object_r:debugfs_batteryinfo:s0
+genfscon sysfs /devices/platform/soc/soc:google,charger/charge_start_level      u:object_r:sysfs_chargelevel:s0
+genfscon sysfs /devices/platform/soc/soc:google,charger/charge_stop_level       u:object_r:sysfs_chargelevel:s0
 
 # Pixelstats
 genfscon sysfs /devices/platform/soc/soc:google,overheat_mitigation               u:object_r:sysfs_pixelstats:s0

vendor/google/hal_health_default.te

diff --git a/vendor/google/hal_health_default.te b/vendor/google/hal_health_default.te
index 3d72ec1..42a3aa4 100644
--- a/vendor/google/hal_health_default.te
+++ b/vendor/google/hal_health_default.te
@@ -2,5 +2,11 @@
 
 r_dir_file(hal_health_default, sysfs_scsi_devices_0000)
 set_prop(hal_health_default, vendor_shutdown_prop)
+set_prop(hal_health_default, vendor_battery_defender_prop)
 
 allow hal_health_default fwk_stats_hwservice:hwservice_manager find;
+allow hal_health_default persist_file:dir search;
+allow hal_health_default persist_battery_file:file create_file_perms;
+allow hal_health_default persist_battery_file:dir rw_dir_perms;
+allow hal_health_default mnt_vendor_file:dir search;
+allow hal_health_default sysfs_chargelevel:file rw_file_perms;

vendor/google/property.te

diff --git a/vendor/google/property.te b/vendor/google/property.te
index 2934a36..54aa455 100644
--- a/vendor/google/property.te
+++ b/vendor/google/property.te
@@ -8,6 +8,7 @@
 type vendor_ramoops_prop, property_type;
 type ecoservice_prop, property_type;
 type vendor_shutdown_prop, property_type;
+type vendor_battery_defender_prop, property_type;
 type vendor_vibrator_prop, property_type;
 
 # vendor verbose logging property

vendor/google/property_contexts

diff --git a/vendor/google/property_contexts b/vendor/google/property_contexts
index 457d9a0..951f23d 100644
--- a/vendor/google/property_contexts
+++ b/vendor/google/property_contexts
@@ -30,6 +30,10 @@
 vendor.display.primary_blue                     u:object_r:vendor_display_prop:s0
 vendor.display.primary_white                    u:object_r:vendor_display_prop:s0
 vendor.display.native_display_primaries_ready   u:object_r:vendor_display_prop:s0
+
+# battery
+vendor.battery.defender.                        u:object_r:vendor_battery_defender_prop:s0
+
 # Tcpdump_logger
 persist.vendor.tcpdump.log.alwayson             u:object_r:vendor_tcpdump_log_prop:s0
 vendor.tcpdump.log.ondemand                     u:object_r:vendor_tcpdump_log_prop:s0