Add sysfs_batteryinfo label.
Shell user needs to be able to get current device battery_level via
/sys/class/power_supply/battery/capacity. Create a global label and
corresponding policy for accessing this. Rely on each device to label
the appropriate sysfs entry.
Bug: 26219114
Change-Id: I2c5ef489a9db2fdf7bbd5afd04278214b814351c
diff --git a/file.te b/file.te
index 374ff6b..0c965a3 100644
--- a/file.te
+++ b/file.te
@@ -22,6 +22,7 @@
type cgroup, fs_type, mlstrustedobject;
type sysfs, fs_type, sysfs_type, mlstrustedobject;
type sysfs_writable, fs_type, sysfs_type, mlstrustedobject;
+type sysfs_batteryinfo, fs_type, sysfs_type;
type sysfs_bluetooth_writable, fs_type, sysfs_type, mlstrustedobject;
type sysfs_nfc_power_writable, fs_type, sysfs_type, mlstrustedobject;
type sysfs_wake_lock, fs_type, sysfs_type;
diff --git a/healthd.te b/healthd.te
index 48be64d..d09eab4 100644
--- a/healthd.te
+++ b/healthd.te
@@ -16,6 +16,8 @@
# TODO: Split into a separate type?
allow healthd sysfs:file write;
+allow healthd sysfs_batteryinfo:file r_file_perms;
+
###
### healthd: charger mode
###
diff --git a/shell.te b/shell.te
index 1ae7169..cb2bcbe 100644
--- a/shell.te
+++ b/shell.te
@@ -119,6 +119,8 @@
# Make sure strace works for the non-privileged shell user
allow shell self:process ptrace;
+# allow shell to get battery info
+allow shell sysfs_batteryinfo:file r_file_perms;
# Allow access to ion memory allocation device.
allow shell ion_device:chr_file rw_file_perms;