Decouple system_suspend from hal attributes.
System suspend service is not a HAL, so avoid using HAL-specific macros
and attributes.
Use system_suspend_server attribute for ISystemSuspend.hal permissions.
Use system_suspend type directly for internal .aidl interface
permissions.
Bug: 126259100
Test: m selinux_policy
Test: blueline boots; wakelocks can still be acquired; device suspends
if left alone.
Change-Id: Ie811e7da46023705c93ff4d76d15709a56706714
diff --git a/private/compat/26.0/26.0.ignore.cil b/private/compat/26.0/26.0.ignore.cil
index 91901d3..e0898b2 100644
--- a/private/compat/26.0/26.0.ignore.cil
+++ b/private/compat/26.0/26.0.ignore.cil
@@ -85,9 +85,6 @@
hal_lowpan_hwservice
hal_neuralnetworks_hwservice
hal_secure_element_hwservice
- hal_system_suspend_default
- hal_system_suspend_default_exec
- hal_system_suspend_default_tmpfs
hal_tetheroffload_hwservice
hal_wifi_hostapd_hwservice
hal_usb_gadget_hwservice
@@ -164,7 +161,6 @@
system_boot_reason_prop
system_lmk_prop
system_net_netd_hwservice
- system_suspend_hwservice
system_update_service
test_boot_reason_prop
thermal_service
diff --git a/private/compat/27.0/27.0.ignore.cil b/private/compat/27.0/27.0.ignore.cil
index 58e6d91..5d872b9 100644
--- a/private/compat/27.0/27.0.ignore.cil
+++ b/private/compat/27.0/27.0.ignore.cil
@@ -78,9 +78,6 @@
hal_health_storage_hwservice
hal_lowpan_hwservice
hal_secure_element_hwservice
- hal_system_suspend_default
- hal_system_suspend_default_exec
- hal_system_suspend_default_tmpfs
hal_usb_gadget_hwservice
hal_vehicle_hwservice
hal_wifi_hostapd_hwservice
@@ -149,7 +146,6 @@
staging_data_file
system_boot_reason_prop
system_lmk_prop
- system_suspend_hwservice
system_update_service
test_boot_reason_prop
time_prop
diff --git a/private/compat/28.0/28.0.ignore.cil b/private/compat/28.0/28.0.ignore.cil
index ea88cd9..73679f6 100644
--- a/private/compat/28.0/28.0.ignore.cil
+++ b/private/compat/28.0/28.0.ignore.cil
@@ -63,9 +63,6 @@
hal_health_storage_hwservice
hal_input_classifier_hwservice
hal_power_stats_hwservice
- hal_system_suspend_default
- hal_system_suspend_default_exec
- hal_system_suspend_default_tmpfs
heapprofd
heapprofd_enabled_prop
heapprofd_exec
diff --git a/private/file_contexts b/private/file_contexts
index 1c038ad..988ee25 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -297,7 +297,7 @@
/system/bin/virtual_touchpad u:object_r:virtual_touchpad_exec:s0
/system/bin/hw/android\.frameworks\.bufferhub@1\.0-service u:object_r:fwk_bufferhub_exec:s0
/system/bin/hw/android\.hidl\.allocator@1\.0-service u:object_r:hal_allocator_default_exec:s0
-/system/bin/hw/android\.system\.suspend@1\.0-service u:object_r:hal_system_suspend_default_exec:s0
+/system/bin/hw/android\.system\.suspend@1\.0-service u:object_r:system_suspend_exec:s0
/system/etc/cgroups\.json u:object_r:cgroup_desc_file:s0
/system/etc/event-log-tags u:object_r:system_event_log_tags_file:s0
/system/etc/ld\.config.* u:object_r:system_linker_config_file:s0
diff --git a/private/hal_system_suspend_default.te b/private/hal_system_suspend_default.te
deleted file mode 100644
index c948051..0000000
--- a/private/hal_system_suspend_default.te
+++ /dev/null
@@ -1,5 +0,0 @@
-type hal_system_suspend_default, domain, coredomain;
-hal_server_domain(hal_system_suspend_default, hal_system_suspend)
-
-type hal_system_suspend_default_exec, system_file_type, exec_type, file_type;
-init_daemon_domain(hal_system_suspend_default)
diff --git a/private/perfprofd.te b/private/perfprofd.te
index dfe4c3c..c65c6f1 100644
--- a/private/perfprofd.te
+++ b/private/perfprofd.te
@@ -5,11 +5,24 @@
neverallow {
domain
- -hal_system_suspend_server
- userdebug_or_eng(`-statsd -system_server -hal_health_server -hwservicemanager')
+ userdebug_or_eng(`
+ -statsd
+ -system_server
+ -system_suspend_server
+ -hal_health_server
+ -hwservicemanager
+ ')
} perfprofd:binder call;
+
neverallow perfprofd {
domain
- -hal_system_suspend_server
- userdebug_or_eng(`-servicemanager -statsd -su -system_server -hal_health_server -hwservicemanager')
+ userdebug_or_eng(`
+ -servicemanager
+ -statsd
+ -su
+ -system_server
+ -system_suspend_server
+ -hal_health_server
+ -hwservicemanager
+ ')
}:binder call;
diff --git a/private/system_server.te b/private/system_server.te
index 7ed5339..22dcac8 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -75,8 +75,6 @@
sys_tty_config
};
-wakelock_use(system_server)
-
# Trigger module auto-load.
allow system_server kernel:system module_request;
@@ -228,7 +226,6 @@
hal_client_domain(system_server, hal_power)
hal_client_domain(system_server, hal_power_stats)
hal_client_domain(system_server, hal_sensors)
-hal_client_domain(system_server, hal_system_suspend)
hal_client_domain(system_server, hal_tetheroffload)
hal_client_domain(system_server, hal_thermal)
hal_client_domain(system_server, hal_tv_cec)
@@ -1006,6 +1003,11 @@
# Allow system server to communicate to system-suspend's control interface
allow system_server system_suspend_control_service:service_manager find;
+binder_call(system_server, system_suspend)
+binder_call(system_suspend, system_server)
+
+# Allow system server to communicate to system-suspend's wakelock interface
+wakelock_use(system_server)
# Allow the system server to read files under /data/apex. The system_server
# needs these privileges to compare file signatures while processing installs.
diff --git a/private/system_suspend.te b/private/system_suspend.te
new file mode 100644
index 0000000..1ed24bb
--- /dev/null
+++ b/private/system_suspend.te
@@ -0,0 +1,11 @@
+type system_suspend, domain, coredomain, system_suspend_server;
+
+type system_suspend_exec, system_file_type, exec_type, file_type;
+init_daemon_domain(system_suspend)
+
+# To serve ISuspendControlService.aidl.
+binder_use(system_suspend)
+add_service(system_suspend, system_suspend_control_service)
+
+# Access to /sys/power/{ wakeup_count, state } suspend interface.
+allow system_suspend sysfs_power:file rw_file_perms;
diff --git a/public/attributes b/public/attributes
index 5a40421..8f52637 100644
--- a/public/attributes
+++ b/public/attributes
@@ -280,7 +280,6 @@
hal_attribute(power_stats);
hal_attribute(secure_element);
hal_attribute(sensors);
-hal_attribute(system_suspend);
hal_attribute(telephony);
hal_attribute(tetheroffload);
hal_attribute(thermal);
@@ -307,3 +306,4 @@
attribute display_service_server;
attribute wifi_keystore_service_server;
attribute mediaswcodec_server;
+attribute system_suspend_server;
diff --git a/public/hal_system_suspend.te b/public/hal_system_suspend.te
deleted file mode 100644
index 13fb654..0000000
--- a/public/hal_system_suspend.te
+++ /dev/null
@@ -1,13 +0,0 @@
-binder_use(hal_system_suspend_server)
-binder_call(hal_system_suspend_client, hal_system_suspend_server)
-binder_call(hal_system_suspend_server, hal_system_suspend_client)
-
-# To preserve the semantics of wakelock_use macro, not all clients of
-# system_suspend_hwservice have hal_system_suspend_client attribute. For that
-# reason we don't use hal_attribute_hwservice macro here.
-add_hwservice(hal_system_suspend_server, system_suspend_hwservice)
-add_service(hal_system_suspend_server, system_suspend_control_service)
-allow hal_system_suspend_client system_suspend_hwservice:hwservice_manager find;
-
-allow hal_system_suspend_server sysfs_power:file rw_file_perms;
-allow hal_system_suspend_server system_server:fd use;
diff --git a/public/su.te b/public/su.te
index e09248b..346b1fe 100644
--- a/public/su.te
+++ b/public/su.te
@@ -87,7 +87,6 @@
typeattribute su hal_power_client;
typeattribute su hal_secure_element_client;
typeattribute su hal_sensors_client;
- typeattribute su hal_system_suspend_client;
typeattribute su hal_telephony_client;
typeattribute su hal_tetheroffload_client;
typeattribute su hal_thermal_client;
diff --git a/public/system_suspend_server.te b/public/system_suspend_server.te
new file mode 100644
index 0000000..8e8310d
--- /dev/null
+++ b/public/system_suspend_server.te
@@ -0,0 +1,6 @@
+# Required to export a HIDL interface.
+hwbinder_use(system_suspend_server)
+get_prop(system_suspend_server, hwservicemanager_prop)
+
+# To serve ISystemSuspend.hal.
+add_hwservice(system_suspend_server, system_suspend_hwservice)
diff --git a/public/te_macros b/public/te_macros
index 6541525..b9a6c05 100644
--- a/public/te_macros
+++ b/public/te_macros
@@ -399,19 +399,16 @@
# wakelock_use(domain)
# Allow domain to manage wake locks
define(`wakelock_use', `
+# TODO(b/115946999): Remove /sys/power/* permissions once CONFIG_PM_WAKELOCKS is
+# deprecated.
# Access /sys/power/wake_lock and /sys/power/wake_unlock
allow $1 sysfs_wake_lock:file rw_file_perms;
# Accessing these files requires CAP_BLOCK_SUSPEND
allow $1 self:global_capability2_class_set block_suspend;
-# TODO(b/36375663): wake lock clients should be tagged with
-# hal_system_suspend_client and halclientdomain attributes. However,
-# typeattribute statements do not allow applying attributes to other attributes,
-# so instead we grant appropriate permissions directly within this macro.
-# hal_system_suspend_client permissions
-binder_call($1, hal_system_suspend_server)
-binder_call(hal_system_suspend_server, $1)
+# system_suspend permissions
+binder_call($1, system_suspend_server)
allow $1 system_suspend_hwservice:hwservice_manager find;
-# halclientdomain perimssions
+# halclientdomain permissions
hwbinder_use($1)
get_prop($1, hwservicemanager_prop)
allow $1 hidl_manager_hwservice:hwservice_manager find;
diff --git a/public/vold.te b/public/vold.te
index d201257..ace733f 100644
--- a/public/vold.te
+++ b/public/vold.te
@@ -294,7 +294,7 @@
-ashmemd
-hal_health_storage_server
-hal_keymaster_server
- -hal_system_suspend_server
+ -system_suspend_server
-hal_bootctl_server
-healthd
-hwservicemanager