Merge "Allow shell read access to suspend mechanism" into main

commit: 15a8dbb7fcc5699aba3f69c6e292dc4995af8003 [log] [tgz]
author: Treehugger Robot <android-test-infra-autosubmit@system.gserviceaccount.com> Tue Jan 07 02:17:15 2025 -0800
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Tue Jan 07 02:17:15 2025 -0800
tree: 6da1e347bd09b504ffe626f19de9d12a377e909a
parent: 5e10dd9590ba022f023f6240d77bab694808c51b [diff]
parent: f0d74d6f319b8cbeed0e2e40e3123cf9b45a47d9 [diff]
diff --git a/compat/plat_sepolicy_genfs_202504.cil b/compat/plat_sepolicy_genfs_202504.cil
index 79cc732..d78194f 100644
--- a/compat/plat_sepolicy_genfs_202504.cil
+++ b/compat/plat_sepolicy_genfs_202504.cil

@@ -1 +1,2 @@
 (genfscon sysfs "/class/udc" (u object_r sysfs_udc ((s0) (s0))))
+(genfscon sysfs "/power/mem_sleep" (u object_r sysfs_mem_sleep ((s0) (s0))))

diff --git a/private/compat/202404/202404.cil b/private/compat/202404/202404.cil
index c78632b..e9c97e5 100644
--- a/private/compat/202404/202404.cil
+++ b/private/compat/202404/202404.cil

@@ -2475,7 +2475,7 @@
 (typeattributeset surfaceflinger_tmpfs_202404 (surfaceflinger_tmpfs))
 (typeattributeset suspend_prop_202404 (suspend_prop))
 (typeattributeset swap_block_device_202404 (swap_block_device))
-(typeattributeset sysfs_202404 (sysfs sysfs_udc))
+(typeattributeset sysfs_202404 (sysfs sysfs_mem_sleep sysfs_udc))
 (typeattributeset sysfs_android_usb_202404 (sysfs_android_usb))
 (typeattributeset sysfs_batteryinfo_202404 (sysfs_batteryinfo))
 (typeattributeset sysfs_bluetooth_writable_202404 (sysfs_bluetooth_writable))

diff --git a/private/file.te b/private/file.te
index 6fb9baa..b60ce34 100644
--- a/private/file.te
+++ b/private/file.te

@@ -259,4 +259,8 @@
     type tee_service_contexts_file, system_file_type, file_type;
 ')
 
+until_board_api(202504, `
+    type sysfs_mem_sleep, fs_type, sysfs_type;
+')
+
 ## END Types added in 202504 in public/file.te

diff --git a/private/shell.te b/private/shell.te
index 890d6f4..2033f7e 100644
--- a/private/shell.te
+++ b/private/shell.te

@@ -444,6 +444,9 @@
 # Allow reads (but not writes) of the MGLRU state
 allow shell sysfs_lru_gen_enabled:file r_file_perms;
 
+# Allow reads (but not writes) of mem_sleep to determine suspend mechanism
+allow shell sysfs_mem_sleep:file r_file_perms;
+
 # Allow communicating with the VM terminal.
 userdebug_or_eng(`
   allow shell vmlauncher_app_devpts:chr_file rw_file_perms;

diff --git a/public/file.te b/public/file.te
index 94483a3..4fca64e 100644
--- a/public/file.te
+++ b/public/file.te

@@ -124,6 +124,11 @@
 type sysfs_net, fs_type, sysfs_type;
 type sysfs_power, fs_type, sysfs_type;
 type sysfs_rtc, fs_type, sysfs_type;
+
+starting_at_board_api(202504, `
+    type sysfs_mem_sleep, fs_type, sysfs_type;
+')
+
 type sysfs_suspend_stats, fs_type, sysfs_type;
 type sysfs_switch, fs_type, sysfs_type;
 type sysfs_sync_on_suspend, fs_type, sysfs_type;
commit	15a8dbb7fcc5699aba3f69c6e292dc4995af8003	[log] [tgz]
author	Treehugger Robot <android-test-infra-autosubmit@system.gserviceaccount.com>	Tue Jan 07 02:17:15 2025 -0800
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Tue Jan 07 02:17:15 2025 -0800
tree	6da1e347bd09b504ffe626f19de9d12a377e909a
parent	5e10dd9590ba022f023f6240d77bab694808c51b [diff]
parent	f0d74d6f319b8cbeed0e2e40e3123cf9b45a47d9 [diff]