0352393df1
Healthd has an optional "charger" mode. The device boots into a
minimally running mode, and healthd displays the battery indicator.
Without this patch, when a manta device boots into charger mode,
the screen will never turn off and the battery indicator will not move.
From reviewing the healthd code, it looks like this may affect lots
of devices, not just manta. I'm adding this change to the generic
policy.
Steps to reproduce:
1) Make sure the device is unplugged.
2) Boot into a normal system.
3) Shutdown the system normally using the power button.
4) After shutdown, plugin the power cord.
5) Device will boot into charger mode. Battery icon will display.
6) Press the button to reboot into a normal mode.
7) Examine /proc/last_kmsg and look for denials.
Addresses the following denials:
[ 3.908457] type=1400 audit(1390866386.620:3): avc: denied { read write } for pid=98 comm="charger" name="fb0" dev="tmpfs" ino=4286 scontext=u:r:healthd:s0 tcontext=u:object_r:graphics_device:s0 tclass=chr_file
[ 3.909085] type=1400 audit(1390866386.620:4): avc: denied { open } for pid=98 comm="charger" name="fb0" dev="tmpfs" ino=4286 scontext=u:r:healthd:s0 tcontext=u:object_r:graphics_device:s0 tclass=chr_file
[ 3.909749] type=1400 audit(1390866386.620:5): avc: denied { ioctl } for pid=98 comm="charger" path="/dev/graphics/fb0" dev="tmpfs" ino=4286 scontext=u:r:healthd:s0 tcontext=u:object_r:graphics_device:s0 tclass=chr_file
[ 4.889857] type=1400 audit(1390866387.605:6): avc: denied { read } for pid=98 comm="charger" name="input" dev="tmpfs" ino=4153 scontext=u:r:healthd:s0 tcontext=u:object_r:input_device:s0 tclass=dir
[ 4.890873] type=1400 audit(1390866387.605:7): avc: denied { open } for pid=98 comm="charger" name="input" dev="tmpfs" ino=4153 scontext=u:r:healthd:s0 tcontext=u:object_r:input_device:s0 tclass=dir
[ 4.891949] type=1400 audit(1390866387.605:8): avc: denied { search } for pid=98 comm="charger" name="input" dev="tmpfs" ino=4153 scontext=u:r:healthd:s0 tcontext=u:object_r:input_device:s0 tclass=dir
[ 4.892677] type=1400 audit(1390866387.605:9): avc: denied { read } for pid=98 comm="charger" name="event2" dev="tmpfs" ino=4279 scontext=u:r:healthd:s0 tcontext=u:object_r:input_device:s0 tclass=chr_file
[ 4.893576] type=1400 audit(1390866387.605:10): avc: denied { open } for pid=98 comm="charger" name="event2" dev="tmpfs" ino=4279 scontext=u:r:healthd:s0 tcontext=u:object_r:input_device:s0 tclass=chr_file
[ 7.288104] type=1400 audit(1390866389.999:12): avc: denied { execmem } for pid=98 comm="charger" scontext=u:r:healthd:s0 tcontext=u:r:healthd:s0 tclass=process
[ 7.288574] type=1400 audit(1390866389.999:13): avc: denied { execute } for pid=98 comm="charger" path="/dev/ashmem" dev="tmpfs" ino=4113 scontext=u:r:healthd:s0 tcontext=u:object_r:ashmem_device:s0 tclass=chr_file
Change-Id: I0118e08514caa0ad11d2aa7562c9846a96779a21
28 lines
885 B
Plaintext
28 lines
885 B
Plaintext
# healthd seclabel is specified in init.rc since
|
|
# it lives in the rootfs and has no unique file type.
|
|
type healthd, domain;
|
|
|
|
allow healthd rootfs:file { read entrypoint };
|
|
write_klog(healthd)
|
|
# /dev/__null__ created by init prior to policy load,
|
|
# open fd inherited by healthd.
|
|
allow healthd tmpfs:chr_file { read write };
|
|
|
|
allow healthd self:capability { net_admin mknod };
|
|
allow healthd self:capability2 block_suspend;
|
|
allow healthd self:netlink_kobject_uevent_socket create_socket_perms;
|
|
binder_use(healthd)
|
|
binder_service(healthd)
|
|
binder_call(healthd, system_server)
|
|
|
|
###
|
|
### healthd: charger mode
|
|
###
|
|
|
|
allow healthd graphics_device:dir r_dir_perms;
|
|
allow healthd graphics_device:chr_file rw_file_perms;
|
|
allow healthd input_device:dir r_dir_perms;
|
|
allow healthd input_device:chr_file r_file_perms;
|
|
allow healthd ashmem_device:chr_file execute;
|
|
allow healthd self:process execmem;
|