From 6f201db16af851202153be5ebb031fe4250164b7 Mon Sep 17 00:00:00 2001
From: Jenny Ho <hsiufangho@google.com>
Date: Thu, 13 Apr 2023 12:54:11 +0800
Subject: [PATCH] sepolicy: fix charger_vendor permission denied
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

type=1400 audit(1679973171.472:14): avc: denied { search } for comm="android.hardwar" name="vendor" dev="tmpfs" ino=2 scontext=u:r:charger_vendor:s0 tcontext=u:object_r:mnt_vendor_file:s0 tclass=dir permissive=0
type=1400 audit(1679973171.256:10): avc: denied { read } for comm="android.hardwar" name="stat" dev="sysfs" ino=67924 scontext=u:r:charger_vendor:s0 tcontext=u:object_r:sysfs_scsi_devices_0000:s0 tclass=file permissive=0␍␊
type=1107 audit(1679973171.472:20): uid=0 auid=4294967295 ses=4294967295 subj=u:r:init:s0 msg='avc: denied { set } for property=vendor.battery.defender.state pid=414 uid=1000 gid=1000 scontext=u:r:charger_vendor:s0 tcontext=u:object_r:vendor_battery_defender_prop:s0 tclass=property_service permissive=0
type=1400 audit(1679973171.476:23): avc: denied { read } for comm="android.hardwar" name="u:object_r:vendor_battery_defender_prop:s0" dev="tmpfs" ino=356 scontext=u:r:charger_vendor:s0 tcontext=u:object_r:vendor_battery_defender_prop:s0 tclass=file permissive=0
type=1400 audit(1679973171.472:21): avc: denied { write } for comm="android.hardwar" name="capacity" dev="sysfs" ino=74690 scontext=u:r:charger_vendor:s0 tcontext=u:object_r:sysfs_batteryinfo:s0 tclass=file permissive=0
type=1400 audit(1679973171.476:32): avc: denied { read } for comm="android.hardwar" name="u:object_r:default_prop:s0" dev="tmpfs" ino=164 scontext=u:r:charger_vendor:s0 tcontext=u:object_r:default_prop:s0 tclass=file permissive=0
type=1400 audit(1681358719.792:6): avc:  denied  { search } for  comm="android.hardwar" name="/" dev="sda1" ino=3 scontext=u:r:charger_vendor:s0 tcontext=u:object_r:persist_file:s0 tclass=dir permissive=0

Bug: 277898259
Change-Id: I055eaab6df7c4549cc3817aaec80b0f85ec3b475
Signed-off-by: Jenny Ho <hsiufangho@google.com>
---
 vendor/charger_vendor.te | 7 +++++++
 1 file changed, 7 insertions(+)
 create mode 100644 vendor/charger_vendor.te

diff --git a/vendor/charger_vendor.te b/vendor/charger_vendor.te
new file mode 100644
index 00000000..d992247b
--- /dev/null
+++ b/vendor/charger_vendor.te
@@ -0,0 +1,7 @@
+# charger_vendor for battery in off-mode charging
+allow charger_vendor mnt_vendor_file:dir search;
+allow charger_vendor persist_file:dir search;
+allow charger_vendor sysfs_batteryinfo:file w_file_perms;
+allow charger_vendor sysfs_scsi_devices_0000:file r_file_perms;
+dontaudit charger_vendor default_prop:file r_file_perms;
+set_prop(charger_vendor, vendor_battery_defender_prop)