| Darren Hsu | 70ae5f4 | 2021-02-25 18:02:53 +0800 | [diff] [blame] | 1 | type system_suspend, domain, coredomain, system_suspend_server, system_suspend_internal_server; |
| Tri Vo | a532088 | 2019-02-26 16:45:40 -0800 | [diff] [blame] | 2 | |
| 3 | type system_suspend_exec, system_file_type, exec_type, file_type; |
| 4 | init_daemon_domain(system_suspend) |
| 5 | |
| Darren Hsu | 70ae5f4 | 2021-02-25 18:02:53 +0800 | [diff] [blame] | 6 | # To serve ISuspendControlService. |
| Tri Vo | a532088 | 2019-02-26 16:45:40 -0800 | [diff] [blame] | 7 | binder_use(system_suspend) |
| 8 | add_service(system_suspend, system_suspend_control_service) |
| 9 | |
| Kalesh Singh | 0e90362 | 2021-07-20 15:13:38 +0000 | [diff] [blame] | 10 | add_service(system_suspend, hal_system_suspend_service) |
| 11 | |
| Tri Vo | a532088 | 2019-02-26 16:45:40 -0800 | [diff] [blame] | 12 | # Access to /sys/power/{ wakeup_count, state } suspend interface. |
| 13 | allow system_suspend sysfs_power:file rw_file_perms; |
| Tri Vo | 131fa73 | 2019-02-07 13:29:39 -0800 | [diff] [blame] | 14 | |
| Michael Sun | 9cb662b | 2020-10-16 07:22:44 +0000 | [diff] [blame] | 15 | # Access to wakeup, suspend stats, and wakeup reasons. |
| Tri Vo | 5f1ac02 | 2019-11-07 13:37:34 -0800 | [diff] [blame] | 16 | r_dir_file(system_suspend, sysfs_suspend_stats) |
| 17 | r_dir_file(system_suspend, sysfs_wakeup) |
| Michael Sun | 9cb662b | 2020-10-16 07:22:44 +0000 | [diff] [blame] | 18 | r_dir_file(system_suspend, sysfs_wakeup_reasons) |
| Tri Vo | e3e77ed | 2019-11-12 13:37:03 -0800 | [diff] [blame] | 19 | # To resolve arbitrary sysfs paths from /sys/class/wakeup/* symlinks. |
| 20 | allow system_suspend sysfs_type:dir search; |
| Tri Vo | 5f1ac02 | 2019-11-07 13:37:34 -0800 | [diff] [blame] | 21 | |
| Benjamin Schwartz | 3e4d97b | 2020-10-30 13:55:21 -0700 | [diff] [blame] | 22 | # Access to suspend_hal system properties |
| 23 | get_prop(system_suspend, suspend_prop) |
| 24 | |
| Radu Solea | 82db343 | 2023-12-01 10:07:28 -0800 | [diff] [blame] | 25 | # Access to system_suspend debug system properties |
| 26 | userdebug_or_eng(` |
| 27 | get_prop(system_suspend, suspend_debug_prop) |
| 28 | ') |
| 29 | |
| Michael Sun | 666992e | 2020-10-14 19:49:20 +0000 | [diff] [blame] | 30 | # To call BTAA registered callbacks |
| 31 | allow system_suspend bluetooth:binder call; |
| 32 | |
| Kalesh Singh | 215751a | 2020-11-23 19:03:55 -0500 | [diff] [blame] | 33 | # For adding `dumpsys syspend_control` output to bugreport |
| 34 | allow system_suspend dumpstate:fd use; |
| 35 | allow system_suspend dumpstate:fifo_file write; |
| 36 | |
| Kalesh Singh | a0a55e0 | 2022-12-14 13:02:50 -0800 | [diff] [blame] | 37 | # Allow init to take kernel wakelock and system suspend to |
| 38 | # remove kenel wakelocks and the capability to access these |
| 39 | # files |
| 40 | allow init sysfs_wake_lock:file rw_file_perms; |
| 41 | allow init self:global_capability2_class_set block_suspend; |
| 42 | allow system_suspend sysfs_wake_lock:file rw_file_perms; |
| 43 | allow system_suspend self:global_capability2_class_set block_suspend; |
| 44 | |
| Steve Muckle | 75603e3 | 2023-10-03 22:31:22 +0000 | [diff] [blame] | 45 | # Allow init to set /sys/power/sync_on_suspend. |
| 46 | allow init sysfs_sync_on_suspend:file w_file_perms; |
| 47 | |
| Tri Vo | 131fa73 | 2019-02-07 13:29:39 -0800 | [diff] [blame] | 48 | neverallow { |
| 49 | domain |
| 50 | -atrace # tracing |
| Michael Sun | df54a52 | 2020-10-14 00:31:01 +0000 | [diff] [blame] | 51 | -bluetooth # support Bluetooth activity attribution (BTAA) |
| Tri Vo | 131fa73 | 2019-02-07 13:29:39 -0800 | [diff] [blame] | 52 | -dumpstate # bug reports |
| 53 | -system_suspend # implements system_suspend_control_service |
| 54 | -system_server # configures system_suspend via ISuspendControlService |
| 55 | -traceur_app # tracing |
| 56 | } system_suspend_control_service:service_manager find; |