From: Jan Altensen Date: Tue, 26 Jul 2022 15:24:00 +0000 (+0200) Subject: universal8895: address charger denials X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=3a7e35cdd70b00c65a833ee97de940ff6ca97fe7;p=GitHub%2Fexynos8895%2Fandroid_device_samsung_universal8895-common.git universal8895: address charger denials * also make the charger domain permissive Change-Id: If0c7860c84d925965417d841298ebc2a84eead7f --- diff --git a/sepolicy/vendor/charger.te b/sepolicy/vendor/charger.te new file mode 100644 index 0000000..890f355 --- /dev/null +++ b/sepolicy/vendor/charger.te @@ -0,0 +1,21 @@ + +# lpm does not like being in enforcing, possibly due to the dac_override +permissive charger; + +allow charger { sysfs_power sysfs_battery }:file r_file_perms; +allow charger { sysfs_graphics sysfs_virtual sysfs_charger sysfs_battery_writable sysfs_power_writable }:file rw_file_perms; +allow charger sysfs_charger:dir r_dir_perms; + +allow charger { app_efs_file efs_file imei_efs_file battery_efs_file }:file rw_file_perms; +allow charger { app_efs_file efs_file imei_efs_file battery_efs_file }:dir search; + +allow charger input_device:{ chr_file file } rw_file_perms; +allow charger input_device:dir rw_dir_perms; + + +allow charger self:netlink_kobject_uevent_socket { create setopt bind read }; +allow charger self:capability { net_admin sys_tty_config sys_boot }; + +dontaudit charger self:capability { dac_override dac_read_search }; + +set_prop(charger,powerctl_prop) diff --git a/sepolicy/vendor/file_contexts b/sepolicy/vendor/file_contexts index 56b6de4..b5a4225 100644 --- a/sepolicy/vendor/file_contexts +++ b/sepolicy/vendor/file_contexts @@ -87,6 +87,8 @@ /sys/devices/platform/10970000\.hsi2c/i2c-13/13-0066/max77865-charger/power_supply/max77865-charger(/.*)? u:object_r:sysfs_charger:s0 /sys/devices/platform/10970000\.hsi2c/i2c-13/13-0066/max77865-fuelgauge/power_supply/max77865-fuelgauge(/.*)? u:object_r:sysfs_charger:s0 +/system/bin/lpm u:object_r:charger_exec:s0 + # sec /sys/class/sec(/.*)? -- u:object_r:sysfs_sec:s0