msm8974-common: sepolicy: Label sysfs_batteryinfo, resolve denials

* avc: denied { setattr } for name="siop_level" dev="sysfs" ino=29912 scontext=u:r:init:s0 tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=file permissive=1 * avc: denied { search } for name="battery.95" dev="sysfs" ino=3264 scontext=u:r:hal_sensors_default:s0 tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=dir permissive=1 * avc: denied { read } for name="batt_temp_adc" dev="sysfs" ino=28739 scontext=u:r:hal_sensors_default:s0 tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=file permissive=1 * avc: denied { open } for name="batt_temp_adc" dev="sysfs" ino=28739 scontext=u:r:hal_sensors_default:s0 tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=file permissive=1 Change-Id: Ie3098da96eeed27a9403e3c311fe011c1f359561
2018-10-20 17:21:50 -06:00 · 2018-10-20 17:21:50 -06:00 · 0e66ee2593
commit 0e66ee2593
parent 1357777a0f
3 changed files with 16 additions and 3 deletions
--- a/sepolicy/common/file_contexts
+++ b/sepolicy/common/file_contexts
@ -30,7 +30,6 @@
 /data/cam_socket3                                       u:object_r:camera_socket:s0

 # sysfs
-/sys/devices/battery.[0-9]+/power_supply/battery(/.*)?           u:object_r:sysfs_batteryinfo:s0
 /sys/devices/platform/bcm[0-9]+_bluetooth/rfkill/rfkill0/state   u:object_r:sysfs_bluetooth_writable:s0
 /sys/devices/virtual/camera(/.*)?                                u:object_r:sysfs_camera:s0
 /sys/devices/virtual/input(/.*)?                                 u:object_r:sysfs_input:s0
@ -38,6 +37,12 @@
 /sys/module/dhd/parameters/firmware_path                         u:object_r:sysfs_wifi_writeable:s0
 /sys/module/dhd/parameters/nvram_path                            u:object_r:sysfs_wifi_writeable:s0

+# sysfs - battery/charger
+/sys/devices/battery\.[0-9]+/power_supply(/.*)?         u:object_r:sysfs_batteryinfo:s0
+/sys/devices/i2c\.[0-9]+/i2c-[0-9]+/[0-9]+-[a-z0-9]+/max[a-z0-9]+-charger/power_supply(/.*)? u:object_r:sysfs_batteryinfo:s0
+/sys/devices/i2c\.[0-9]+/i2c-[0-9]+/[0-9]+-[a-z0-9]+/power_supply(/.*)?                      u:object_r:sysfs_batteryinfo:s0
+/sys/devices/msm_dwc3/power_supply(/.*)?                u:object_r:sysfs_batteryinfo:s0
+
 # sysfs - graphics/panel
 /sys/class/mhl(/.*)?                                    u:object_r:sysfs_graphics:s0
 /sys/devices/mdp\.[0-9](/.*)?                           u:object_r:sysfs_graphics:s0
--- a/sepolicy/common/hal_sensors_default.te
+++ b/sepolicy/common/hal_sensors_default.te
@ -1,11 +1,18 @@
-allow hal_sensors_default sysfs_graphics:dir search;
-allow hal_sensors_default sysfs_graphics:file r_file_perms;
+allow hal_sensors_default {
+    sysfs_batteryinfo
+    sysfs_graphics
+}:dir search;

 allow hal_sensors_default {
    sysfs_iio
    sysfs_input
 }:dir r_dir_perms;

+allow hal_sensors_default {
+    sysfs_batteryinfo
+    sysfs_graphics
+}:file r_file_perms;
+
 allow hal_sensors_default {
    sysfs_iio
    sysfs_input
--- a/sepolicy/common/init.te
+++ b/sepolicy/common/init.te
@ -5,6 +5,7 @@ allow init sysfs_input:file rw_file_perms;
 allow init sysfs_graphics:file r_file_perms;

 allow init {
+    sysfs_batteryinfo
    sysfs_graphics
    sysfs_iio
    sysfs_input