omni: sepolicy: Address lineage power HAL denials
Change-Id: I7327bd54c0d12fde03472695a5598d2a3d22f716
Signed-off-by: micky387 <mickaelsaibi@free.fr>
diff --git a/sepolicy/qcom/vendor/file.te b/sepolicy/qcom/vendor/file.te
index 5555f05..965d684 100644
--- a/sepolicy/qcom/vendor/file.te
+++ b/sepolicy/qcom/vendor/file.te
@@ -1 +1,2 @@
+type proc_sched_energy_aware, proc_type, fs_type;
type sysfs_socinfo_sensitive, fs_type, sysfs_type;
diff --git a/sepolicy/qcom/vendor/file_contexts b/sepolicy/qcom/vendor/file_contexts
new file mode 100644
index 0000000..000ae9c
--- /dev/null
+++ b/sepolicy/qcom/vendor/file_contexts
@@ -0,0 +1,2 @@
+# Power HAL
+/(vendor|system/vendor)/bin/hw/android\.hardware\.power-service\.lineage-libperfmgr u:object_r:hal_power_default_exec:s0
diff --git a/sepolicy/qcom/vendor/genfs_contexts b/sepolicy/qcom/vendor/genfs_contexts
index 0e1f3a5..1f54852 100644
--- a/sepolicy/qcom/vendor/genfs_contexts
+++ b/sepolicy/qcom/vendor/genfs_contexts
@@ -1 +1,2 @@
+genfscon proc /sys/kernel/sched_energy_aware u:object_r:proc_sched_energy_aware:s0
genfscon sysfs /devices/soc0/serial_number u:object_r:sysfs_socinfo_sensitive:s0
diff --git a/sepolicy/qcom/vendor/hal_power_default.te b/sepolicy/qcom/vendor/hal_power_default.te
new file mode 100644
index 0000000..560631b
--- /dev/null
+++ b/sepolicy/qcom/vendor/hal_power_default.te
@@ -0,0 +1,7 @@
+# To do powerhint on nodes defined in powerhint.json
+rw_dir_file(hal_power_default, proc_sched_energy_aware)
+rw_dir_file(hal_power_default, sysfs_devfreq)
+rw_dir_file(hal_power_default, sysfs_devfreq)
+rw_dir_file(hal_power_default, sysfs_graphics)
+rw_dir_file(hal_power_default, sysfs_kgsl)
+rw_dir_file(hal_power_default, sysfs_scsi_host)
diff --git a/sepolicy/qcom/vendor/property.te b/sepolicy/qcom/vendor/property.te
new file mode 100644
index 0000000..df317c6
--- /dev/null
+++ b/sepolicy/qcom/vendor/property.te
@@ -0,0 +1,2 @@
+# Power HAL
+vendor_public_prop(vendor_power_prop);
diff --git a/sepolicy/qcom/vendor/property_contexts b/sepolicy/qcom/vendor/property_contexts
new file mode 100644
index 0000000..e37ced2
--- /dev/null
+++ b/sepolicy/qcom/vendor/property_contexts
@@ -0,0 +1,2 @@
+# Power HAL
+vendor.powerhal. u:object_r:vendor_power_prop:s0
diff --git a/sepolicy/qcom/vendor/vendor_init.te b/sepolicy/qcom/vendor/vendor_init.te
new file mode 100644
index 0000000..f48eff3
--- /dev/null
+++ b/sepolicy/qcom/vendor/vendor_init.te
@@ -0,0 +1,2 @@
+# To set powerhal init property
+set_prop(vendor_init, vendor_power_prop)
diff --git a/sepolicy/sepolicy.mk b/sepolicy/sepolicy.mk
index 390dc87..e3438af 100644
--- a/sepolicy/sepolicy.mk
+++ b/sepolicy/sepolicy.mk
@@ -21,7 +21,10 @@
persist_block_device=vendor_persist_block_device \
qdisplay_service=vendor_qdisplay_service \
sysfs_battery_supply=vendor_sysfs_battery_supply \
+ sysfs_devfreq=vendor_sysfs_devfreq \
sysfs_graphics=vendor_sysfs_graphics \
+ sysfs_kgsl=vendor_sysfs_kgsl \
+ sysfs_scsi_host=vendor_sysfs_scsi_host \
sysfs_socinfo_sensitive=vendor_sysfs_soc_sensitive \
sysfs_usb_supply=vendor_sysfs_usb_supply
endif
diff --git a/sepolicy/vendor/hal_power_default.te b/sepolicy/vendor/hal_power_default.te
new file mode 100644
index 0000000..3169237
--- /dev/null
+++ b/sepolicy/vendor/hal_power_default.te
@@ -0,0 +1,7 @@
+# To do powerhint on nodes defined in powerhint.json
+allow hal_power_default cgroup:dir search;
+allow hal_power_default cgroup:file rw_file_perms;
+allow hal_power_default sysfs_devices_system_cpu:file rw_file_perms;
+
+# To get/set powerhal state property
+set_prop(hal_power_default, vendor_power_prop)