1 # charger seclabel is specified in init.rc since 2 # it lives in the rootfs and has no unique file type. 3 type charger, domain; 4 5 # Write to /dev/kmsg 6 allow charger kmsg_device:chr_file rw_file_perms; 7 8 # Read access to pseudo filesystems. 9 r_dir_file(charger, sysfs_type) 10 r_dir_file(charger, rootfs) 11 r_dir_file(charger, cgroup) 12 13 allow charger self:capability { sys_tty_config }; 14 allow charger self:capability sys_boot; 15 16 wakelock_use(charger) 17 18 allow charger self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl; 19 20 # Write to /sys/power/state 21 # TODO: Split into a separate type? 22 allow charger sysfs:file write; 23 24 allow charger sysfs_batteryinfo:file r_file_perms; 25 26 # Read /sys/fs/pstore/console-ramoops 27 # Don't worry about overly broad permissions for now, as there's 28 # only one file in /sys/fs/pstore 29 allow charger pstorefs:dir r_dir_perms; 30 allow charger pstorefs:file r_file_perms; 31 32 allow charger graphics_device:dir r_dir_perms; 33 allow charger graphics_device:chr_file rw_file_perms; 34 allow charger input_device:dir r_dir_perms; 35 allow charger input_device:chr_file r_file_perms; 36 allow charger tty_device:chr_file rw_file_perms; 37 allow charger proc_sysrq:file rw_file_perms; 38 39 # charger needs to tell init to continue the boot 40 # process when running in charger mode. 41 set_prop(charger, system_prop) 42
