commit d276b4349d75ade473846239c95e137d73bfcfab
author Tri Vo <trong@google.com> Mon Oct 16 15:54:49 2017 -0700
committer Tri Vo <trong@google.com> Mon Dec 11 16:31:24 2017 +0000
tree d4bd5565a2d8c46a3557c241ca74adfb630e256f
parent 3dbe6f25d105684e00e427d5fd6cdb134654087a

Remove access to 'sysfs' files from healtd and charger.

We rely on vendors to label all dependencies of healthd/charger under
/sys/class/power_supply with sysfs_batteryinfo type.

Bug: 65643247
Bug: 32659667
Test: boots without denials from healthd, to sysfs_batteryinfo or to
sysfs_msm_subsys.
Test: charging with device turned off works without /sys denials.

Change-Id: I893f309ecad8a0caf7d0b81f5f945725907255c2

private/domain.te

diff --git a/private/domain.te b/private/domain.te
index e181988..ff7f1b3 100644
--- a/private/domain.te
+++ b/private/domain.te
@@ -35,9 +35,7 @@
   # /sys
   neverallow {
     coredomain
-    -charger
     -dumpstate
-    -healthd
     -init
     -priv_app
     -storaged

public/charger.te

diff --git a/public/charger.te b/public/charger.te
index 4577cbc..ed69867 100644
--- a/public/charger.te
+++ b/public/charger.te
@@ -6,7 +6,7 @@
 allow charger kmsg_device:chr_file rw_file_perms;
 
 # Read access to pseudo filesystems.
-r_dir_file(charger, sysfs_type)
+allow charger sysfs_type:dir search;
 r_dir_file(charger, rootfs)
 r_dir_file(charger, cgroup)
 
@@ -20,7 +20,7 @@
 # Read/write to /sys/power/state
 allow charger sysfs_power:file rw_file_perms;
 
-allow charger sysfs_batteryinfo:file r_file_perms;
+r_dir_file(charger, sysfs_batteryinfo)
 
 # Read /sys/fs/pstore/console-ramoops
 # Don't worry about overly broad permissions for now, as there's

public/healthd.te

diff --git a/public/healthd.te b/public/healthd.te
index 856a4b1..64c1723 100644
--- a/public/healthd.te
+++ b/public/healthd.te
@@ -6,7 +6,7 @@
 allow healthd kmsg_device:chr_file rw_file_perms;
 
 # Read access to pseudo filesystems.
-r_dir_file(healthd, sysfs_type)
+allow healthd sysfs_type:dir search;
 r_dir_file(healthd, rootfs)
 r_dir_file(healthd, cgroup)
 
@@ -26,16 +26,13 @@
 binder_call(healthd, system_server)
 hal_client_domain(healthd, hal_health)
 
-# Write to state file.
-# TODO:  Split into a separate type?
-allow healthd sysfs:file write;
+# Read/write to /sys/power/state
+allow healthd sysfs_power:file rw_file_perms;
 
 # TODO: added to match above sysfs rule. Remove me?
 allow healthd sysfs_usb:file write;
 
-allow healthd sysfs_batteryinfo:file r_file_perms;
-
-r_dir_file(healthd, sysfs_type)
+r_dir_file(healthd, sysfs_batteryinfo)
 
 ###
 ### healthd: charger mode