Add charger_vendor type
This is the context when health HAL runs in offline charging mode. This has the same permissions as the health HAL, but is also able to do charger specific things. Also restrict neverallow rules in charger_type. Test: manual in offline charging mode Bug: 203246116 Change-Id: I6034853c113dff95b26461153501ad0528d10279
This commit is contained in:
parent
d725f8acaf
commit
035ce4b7f4
@ -15,18 +15,18 @@ neverallow {
|
||||
-vendor_init
|
||||
} charger_config_prop:property_service set;
|
||||
|
||||
# charger_status_prop: Only init, vendor_init, charger, and hal_health_server
|
||||
# charger_status_prop: Only init, vendor_init, charger, and charger_vendor
|
||||
# are allowed to set it
|
||||
neverallow {
|
||||
domain
|
||||
-init
|
||||
-vendor_init
|
||||
-charger
|
||||
-hal_health_server
|
||||
-charger_vendor
|
||||
} charger_status_prop:property_service set;
|
||||
|
||||
# Both charger_config_prop and charger_status_prop:
|
||||
# Only init, vendor_init, dumpstate, charger, and hal_health_server
|
||||
# Only init, vendor_init, dumpstate, charger, and charger_vendor
|
||||
# are allowed to read it
|
||||
neverallow {
|
||||
domain
|
||||
@ -34,5 +34,5 @@ neverallow {
|
||||
-dumpstate
|
||||
-vendor_init
|
||||
-charger
|
||||
-hal_health_server
|
||||
-charger_vendor
|
||||
} { charger_config_prop charger_status_prop }:file no_rw_file_perms;
|
||||
|
@ -8,6 +8,7 @@
|
||||
apexd_select_prop
|
||||
artd_service
|
||||
attestation_verification_service
|
||||
charger_vendor
|
||||
device_config_nnapi_native_prop
|
||||
dice_maintenance_service
|
||||
dice_node_service
|
||||
|
4
public/charger_vendor.te
Normal file
4
public/charger_vendor.te
Normal file
@ -0,0 +1,4 @@
|
||||
# Context when health HAL runs charger mode
|
||||
|
||||
type charger_vendor, charger_type, domain;
|
||||
hal_server_domain(charger_vendor, hal_health)
|
4
vendor/hal_health_default.te
vendored
4
vendor/hal_health_default.te
vendored
@ -4,3 +4,7 @@ hal_server_domain(hal_health_default, hal_health)
|
||||
|
||||
type hal_health_default_exec, exec_type, vendor_file_type, file_type;
|
||||
init_daemon_domain(hal_health_default)
|
||||
|
||||
# When executing the service in offline-charging mode,
|
||||
# allow to transition to charger_vendor domain.
|
||||
domain_trans(init, hal_health_default_exec, charger_vendor)
|
||||
|
Loading…
Reference in New Issue
Block a user