suspend: Allow access to /sys/power/wake_[un]lock This is needed to prevent autosuspend when the framework is restarting See: go/no-suspend-deadlocks Bug: 255898234 Test: Check logcat for avc denials Change-Id: I6313e28d0f2e4bc553881fcc3742dc74ca319b44

commit: a0a55e0e23af006f9dd97e6b1e5a967c5b7b9948 [log] [tgz]
author: Kalesh Singh <kaleshsingh@google.com> Wed Dec 14 13:02:50 2022 -0800
committer: Kalesh Singh <kaleshsingh@google.com> Wed Dec 14 14:18:55 2022 -0800
tree: 1b666722a8cb36a9ac091114ea8f1c6f1dc3b0cc
parent: ab3a546000f41a1485ceba6b7fa0bd7c02684272 [diff] [blame]
diff --git a/private/system_suspend.te b/private/system_suspend.te
index d924187..bef7c6d 100644
--- a/private/system_suspend.te
+++ b/private/system_suspend.te

@@ -29,6 +29,14 @@
 allow system_suspend dumpstate:fd use;
 allow system_suspend dumpstate:fifo_file write;
 
+# Allow init to take kernel wakelock and system suspend to
+# remove kenel wakelocks and the capability to access these
+# files
+allow init sysfs_wake_lock:file rw_file_perms;
+allow init self:global_capability2_class_set block_suspend;
+allow system_suspend sysfs_wake_lock:file rw_file_perms;
+allow system_suspend self:global_capability2_class_set block_suspend;
+
 neverallow {
     domain
     -atrace # tracing
commit	a0a55e0e23af006f9dd97e6b1e5a967c5b7b9948	[log] [tgz]
author	Kalesh Singh <kaleshsingh@google.com>	Wed Dec 14 13:02:50 2022 -0800
committer	Kalesh Singh <kaleshsingh@google.com>	Wed Dec 14 14:18:55 2022 -0800
tree	1b666722a8cb36a9ac091114ea8f1c6f1dc3b0cc
parent	ab3a546000f41a1485ceba6b7fa0bd7c02684272 [diff] [blame]