• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# charger needs to tell init to continue the boot
2# process when running in charger mode.
3set_prop(charger_type, charger_status_prop)
4get_prop(charger_type, charger_config_prop)
5
6# get minui properties
7get_prop(charger_type, recovery_config_prop)
8
9# Write to /dev/kmsg
10allow charger_type kmsg_device:chr_file rw_file_perms;
11
12# Read access to pseudo filesystems.
13r_dir_file(charger_type, rootfs)
14r_dir_file(charger_type, cgroup)
15r_dir_file(charger_type, cgroup_v2)
16
17# Allow to read /sys/class/power_supply directory
18allow charger_type sysfs_type:dir r_dir_perms;
19
20allow charger_type self:global_capability_class_set {
21    sys_boot
22    sys_tty_config
23};
24
25wakelock_use(charger_type)
26
27allow charger_type self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
28
29# Read/write to /sys/power/state
30allow charger_type sysfs_power:file rw_file_perms;
31
32r_dir_file(charger_type, sysfs_batteryinfo)
33
34# Read /sys/fs/pstore/console-ramoops
35# Don't worry about overly broad permissions for now, as there's
36# only one file in /sys/fs/pstore
37allow charger_type pstorefs:dir r_dir_perms;
38allow charger_type pstorefs:file r_file_perms;
39
40allow charger_type graphics_device:dir r_dir_perms;
41allow charger_type graphics_device:chr_file rw_file_perms;
42allow charger_type input_device:dir r_dir_perms;
43allow charger_type input_device:chr_file r_file_perms;
44allow charger_type tty_device:chr_file rw_file_perms;
45allow charger_type proc_sysrq:file rw_file_perms;
46
47### Neverallow rules for charger properties
48
49# charger_config_prop: Only init and vendor_init is allowed to set it
50neverallow {
51    domain
52    -init
53    -vendor_init
54} charger_config_prop:property_service set;
55
56# charger_status_prop: Only init, vendor_init, charger, and charger_vendor
57# are allowed to set it
58neverallow {
59    domain
60    -init
61    -vendor_init
62    -charger
63    -charger_vendor
64} charger_status_prop:property_service set;
65
66# Both charger_config_prop and charger_status_prop:
67# Only init, vendor_init, dumpstate, charger, and charger_vendor
68# are allowed to read it
69neverallow {
70    domain
71    -init
72    -dumpstate
73    -vendor_init
74    -charger
75    -charger_vendor
76} { charger_config_prop charger_status_prop }:file no_rw_file_perms;
77