9ada894a43
Reboots/halts aren't working in healthd charger mode. This is
causing high power draw in an unplugged, powered off state.
Steps to reproduce (on Nexus 5):
Unplug device from USB charger/computer
Turn device off
Wait for device to turn off
Plug in USB cable/charger
Wait for charge animation (wait for animation, not just lightning bolt, may have to press power button briefly to get animation going)
Wait for panel to turn off
Unplug USB cable/charger
Press power button again, notice screen turns on at some frame in the animation.
(not important) Each press of the power button advances the animation
Power on.
Examine denials from /proc/last_kmsg
Addresses the following denials:
[ 24.934809] type=1400 audit(12534308.640:8): avc: denied { write } for pid=130 comm="healthd" name="sysrq-trigger" dev="proc" ino=4026533682 scontext=u:r:healthd:s0 tcontext=u:object_r:proc_sysrq:s0 tclass=file
[ 24.935395] type=1400 audit(12534308.640:9): avc: denied { sys_boot } for pid=130 comm="healthd" capability=22 scontext=u:r:healthd:s0 tcontext=u:r:healthd:s0 tclass=capability
Bug: 13229119
Change-Id: If14a9c373bbf156380a34fbd9aca6201997d5553
35 lines
1.1 KiB
Plaintext
35 lines
1.1 KiB
Plaintext
# healthd seclabel is specified in init.rc since
|
|
# it lives in the rootfs and has no unique file type.
|
|
type healthd, domain;
|
|
|
|
allow healthd rootfs:file { read entrypoint };
|
|
write_klog(healthd)
|
|
# /dev/__null__ created by init prior to policy load,
|
|
# open fd inherited by healthd.
|
|
allow healthd tmpfs:chr_file { read write };
|
|
|
|
allow healthd self:capability { net_admin mknod sys_tty_config };
|
|
allow healthd self:capability2 block_suspend;
|
|
allow healthd self:netlink_kobject_uevent_socket create_socket_perms;
|
|
binder_use(healthd)
|
|
binder_service(healthd)
|
|
binder_call(healthd, system_server)
|
|
|
|
# Write to state file.
|
|
# TODO: Split into a separate type?
|
|
allow healthd sysfs:file write;
|
|
|
|
###
|
|
### healthd: charger mode
|
|
###
|
|
|
|
allow healthd graphics_device:dir r_dir_perms;
|
|
allow healthd graphics_device:chr_file rw_file_perms;
|
|
allow healthd input_device:dir r_dir_perms;
|
|
allow healthd input_device:chr_file r_file_perms;
|
|
allow healthd tty_device:chr_file rw_file_perms;
|
|
allow healthd ashmem_device:chr_file execute;
|
|
allow healthd self:process execmem;
|
|
allow healthd proc_sysrq:file rw_file_perms;
|
|
allow healthd self:capability sys_boot;
|