| Tri Vo | bc8dc3a | 2019-05-26 13:17:08 -0700 | [diff] [blame^] | 1 | type system_suspend, domain, coredomain, system_suspend_server; |
| 2 | |
| 3 | type system_suspend_exec, system_file_type, exec_type, file_type; |
| 4 | init_daemon_domain(system_suspend) |
| 5 | |
| 6 | # To serve ISuspendControlService.aidl. |
| 7 | binder_use(system_suspend) |
| 8 | add_service(system_suspend, system_suspend_control_service) |
| 9 | |
| 10 | # Access to /sys/power/{ wakeup_count, state } suspend interface. |
| 11 | allow system_suspend sysfs_power:file rw_file_perms; |
| 12 | |
| 13 | # TODO(b/128923994): remove once all debugging info moves to SystemSuspend. |
| 14 | # Access to /sys/power/{ wake_lock, wake_unlock } suspend blocker interface. |
| 15 | allow system_suspend self:global_capability2_class_set block_suspend; |
| 16 | allow system_suspend sysfs_wake_lock:file rw_file_perms; |
| 17 | |
| 18 | neverallow { |
| 19 | domain |
| 20 | -atrace # tracing |
| 21 | -dumpstate # bug reports |
| 22 | -system_suspend # implements system_suspend_control_service |
| 23 | -system_server # configures system_suspend via ISuspendControlService |
| 24 | -traceur_app # tracing |
| 25 | } system_suspend_control_service:service_manager find; |