system_suspend access to suspend, wakeup stats
Android is moving away from debugfs. Information from /d/wakeup_sources
and /d/suspend_stats is now also exposed in sysfs under
/sys/class/wakeup/* and /sys/power/suspend_stats/* respectively:
https://lkml.org/lkml/2019/7/31/1349
https://lkml.org/lkml/2019/8/6/1275
Allow SystemSuspend to read those sysfs nodes.
One caveat is that /sys/class/wakeup/wakeupN can be a symlink to a
device-specific location. In this case, device sepolicy should label
that the files appropriately. This is similar to how device policy
applies "sysfs_net" and "sysfs_batteryinfo" labels.
Bug: 144095608
Bug: 129087298
Test: boot cuttlefish; system_suspend is able to read
/sys/power/suspend_stats/* and /sys/class/wakeup/*
Change-Id: I350c88a271c0f422d0557aeb5e05e1537dc97bc9
diff --git a/private/compat/29.0/29.0.cil b/private/compat/29.0/29.0.cil
index edf38c7..c447715 100644
--- a/private/compat/29.0/29.0.cil
+++ b/private/compat/29.0/29.0.cil
@@ -1742,7 +1742,10 @@
(typeattributeset surfaceflinger_service_29_0 (surfaceflinger_service))
(typeattributeset surfaceflinger_tmpfs_29_0 (surfaceflinger_tmpfs))
(typeattributeset swap_block_device_29_0 (swap_block_device))
-(typeattributeset sysfs_29_0 (sysfs))
+(typeattributeset sysfs_29_0
+ ( sysfs
+ sysfs_suspend_stats
+ sysfs_wakeup))
(typeattributeset sysfs_android_usb_29_0 (sysfs_android_usb))
(typeattributeset sysfs_batteryinfo_29_0 (sysfs_batteryinfo))
(typeattributeset sysfs_bluetooth_writable_29_0 (sysfs_bluetooth_writable))
diff --git a/private/genfs_contexts b/private/genfs_contexts
index 6be0ba6..855f2d6 100644
--- a/private/genfs_contexts
+++ b/private/genfs_contexts
@@ -115,6 +115,7 @@
genfscon sysfs /class/rfkill/rfkill3/state u:object_r:sysfs_bluetooth_writable:s0
genfscon sysfs /class/rtc u:object_r:sysfs_rtc:s0
genfscon sysfs /class/switch u:object_r:sysfs_switch:s0
+genfscon sysfs /class/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /devices/platform/nfc-power/nfc_power u:object_r:sysfs_nfc_power_writable:s0
genfscon sysfs /devices/virtual/android_usb u:object_r:sysfs_android_usb:s0
genfscon sysfs /devices/virtual/block/ u:object_r:sysfs_devices_block:s0
@@ -127,11 +128,13 @@
genfscon sysfs /devices/virtual/misc/hw_random u:object_r:sysfs_hwrandom:s0
genfscon sysfs /devices/virtual/net u:object_r:sysfs_net:s0
genfscon sysfs /devices/virtual/switch u:object_r:sysfs_switch:s0
+genfscon sysfs /devices/virtual/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs /firmware/devicetree/base/firmware/android u:object_r:sysfs_dt_firmware_android:s0
genfscon sysfs /fs/ext4/features u:object_r:sysfs_fs_ext4_features:s0
genfscon sysfs /fs/f2fs u:object_r:sysfs_fs_f2fs:s0
genfscon sysfs /power/autosleep u:object_r:sysfs_power:s0
genfscon sysfs /power/state u:object_r:sysfs_power:s0
+genfscon sysfs /power/suspend_stats u:object_r:sysfs_suspend_stats:s0
genfscon sysfs /power/wakeup_count u:object_r:sysfs_power:s0
genfscon sysfs /power/wake_lock u:object_r:sysfs_wake_lock:s0
genfscon sysfs /power/wake_unlock u:object_r:sysfs_wake_lock:s0
diff --git a/private/system_suspend.te b/private/system_suspend.te
index e93a73d..b600c66 100644
--- a/private/system_suspend.te
+++ b/private/system_suspend.te
@@ -10,6 +10,10 @@
# Access to /sys/power/{ wakeup_count, state } suspend interface.
allow system_suspend sysfs_power:file rw_file_perms;
+# Access to wakeup and suspend stats.
+r_dir_file(system_suspend, sysfs_suspend_stats)
+r_dir_file(system_suspend, sysfs_wakeup)
+
neverallow {
domain
-atrace # tracing