From dfdc5e42b2967d4efca2121bd4c435033b5bf38c Mon Sep 17 00:00:00 2001
From: Demon000 <demonsingur@gmail.com>
Date: Sat, 29 Aug 2020 20:43:37 +0300
Subject: [PATCH] sm6250-common: define sepolicy for xiaomi battery services

---
 sepolicy/vendor/battery.te    | 41 +++++++++++++++++++++++++++++++++++
 sepolicy/vendor/file_contexts |  5 +++++
 2 files changed, 46 insertions(+)
 create mode 100644 sepolicy/vendor/battery.te

diff --git a/sepolicy/vendor/battery.te b/sepolicy/vendor/battery.te
new file mode 100644
index 0000000..1b1b9af
--- /dev/null
+++ b/sepolicy/vendor/battery.te
@@ -0,0 +1,41 @@
+define(`battery_daemons', `{ batteryd batterysecret }')
+
+type batteryd, domain;
+type batteryd_exec, exec_type, vendor_file_type, file_type;
+type batterysecret, domain;
+type batterysecret_exec, exec_type, vendor_file_type, file_type;
+type persist_subsys_file, vendor_persist_type, file_type;
+
+init_daemon_domain(batteryd)
+init_daemon_domain(batterysecret)
+
+r_dir_file(battery_daemons, cgroup)
+r_dir_file(battery_daemons, mnt_vendor_file)
+r_dir_file(battery_daemons, persist_file)
+r_dir_file(battery_daemons, persist_subsys_file)
+r_dir_file(battery_daemons, rootfs)
+r_dir_file(battery_daemons, sysfs_battery_supply)
+r_dir_file(battery_daemons, sysfs_batteryinfo)
+r_dir_file(battery_daemons, sysfs_type)
+r_dir_file(battery_daemons, sysfs_usb_supply)
+r_dir_file(battery_daemons, sysfs_usbpd_device)
+
+allow battery_daemons persist_subsys_file:dir w_dir_perms;
+allow battery_daemons rootfs:dir w_dir_perms;
+
+allow battery_daemons kmsg_device:chr_file w_file_perms;
+allow battery_daemons persist_subsys_file:file w_file_perms;
+allow battery_daemons sysfs:file w_file_perms;
+allow battery_daemons sysfs_battery_supply:file w_file_perms;
+allow battery_daemons sysfs_usb:file w_file_perms;
+allow battery_daemons sysfs_usb_supply:file w_file_perms;
+allow battery_daemons sysfs_usbpd_device:file w_file_perms;
+
+allow battery_daemons self:global_capability_class_set sys_tty_config;
+allow battery_daemons self:global_capability_class_set sys_boot;
+
+allow battery_daemons self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
+
+allow battery_daemons self:capability { chown fsetid };
+
+wakelock_use(battery_daemons)
diff --git a/sepolicy/vendor/file_contexts b/sepolicy/vendor/file_contexts
index accc530..b0bf5b1 100644
--- a/sepolicy/vendor/file_contexts
+++ b/sepolicy/vendor/file_contexts
@@ -1,2 +1,7 @@
+# Battery
+/vendor/bin/batteryd		u:object_r:batteryd_exec:s0
+/vendor/bin/batterysecret		u:object_r:batterysecret_exec:s0
+/mnt/vendor/persist/subsys(/.*)?                u:object_r:persist_subsys_file:s0
+
 # Power HAL
 /vendor/bin/hw/android\.hardware\.power@1\.3-service\.xiaomi_sm6250                                     u:object_r:hal_power_default_exec:s0