1 # healthd - battery/charger monitoring service daemon 2 type healthd, domain; 3 type healthd_exec, exec_type, file_type; 4 5 # Write to /dev/kmsg 6 allow healthd kmsg_device:chr_file rw_file_perms; 7 8 # Read access to pseudo filesystems. 9 r_dir_file(healthd, sysfs_type) 10 r_dir_file(healthd, rootfs) 11 r_dir_file(healthd, cgroup) 12 13 # Read access to system files for passthrough HALs in 14 # /{system,vendor,odm}/lib[64]/hw/ 15 r_dir_file(healthd, system_file) 16 17 allow healthd self:capability { sys_tty_config }; 18 allow healthd self:capability sys_boot; 19 20 allow healthd self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl; 21 22 wakelock_use(healthd) 23 24 binder_use(healthd) 25 binder_service(healthd) 26 binder_call(healthd, system_server) 27 hal_client_domain(healthd, hal_health) 28 29 # Write to state file. 30 # TODO: Split into a separate type? 31 allow healthd sysfs:file write; 32 33 # TODO: added to match above sysfs rule. Remove me? 34 allow healthd sysfs_usb:file write; 35 36 allow healthd sysfs_batteryinfo:file r_file_perms; 37 38 r_dir_file(healthd, sysfs_type) 39 40 ### 41 ### healthd: charger mode 42 ### 43 44 # Read /sys/fs/pstore/console-ramoops 45 # Don't worry about overly broad permissions for now, as there's 46 # only one file in /sys/fs/pstore 47 allow healthd pstorefs:dir r_dir_perms; 48 allow healthd pstorefs:file r_file_perms; 49 50 allow healthd graphics_device:dir r_dir_perms; 51 allow healthd graphics_device:chr_file rw_file_perms; 52 allow healthd input_device:dir r_dir_perms; 53 allow healthd input_device:chr_file r_file_perms; 54 allow healthd tty_device:chr_file rw_file_perms; 55 allow healthd ashmem_device:chr_file execute; 56 allow healthd self:process execmem; 57 allow healthd proc_sysrq:file rw_file_perms; 58 59 add_service(healthd, batteryproperties_service) 60 61 # Healthd needs to tell init to continue the boot 62 # process when running in charger mode. 63 set_prop(healthd, system_prop) 64
