1type system_suspend, domain, coredomain, system_suspend_server, system_suspend_internal_server; 2 3type system_suspend_exec, system_file_type, exec_type, file_type; 4init_daemon_domain(system_suspend) 5 6# To serve ISuspendControlService. 7binder_use(system_suspend) 8add_service(system_suspend, system_suspend_control_service) 9 10add_service(system_suspend, hal_system_suspend_service) 11 12# Access to /sys/power/{ wakeup_count, state } suspend interface. 13allow system_suspend sysfs_power:file rw_file_perms; 14 15# Access to wakeup, suspend stats, and wakeup reasons. 16r_dir_file(system_suspend, sysfs_suspend_stats) 17r_dir_file(system_suspend, sysfs_wakeup) 18r_dir_file(system_suspend, sysfs_wakeup_reasons) 19# To resolve arbitrary sysfs paths from /sys/class/wakeup/* symlinks. 20allow system_suspend sysfs_type:dir search; 21 22# Access to suspend_hal system properties 23get_prop(system_suspend, suspend_prop) 24 25# To call BTAA registered callbacks 26allow system_suspend bluetooth:binder call; 27 28# For adding `dumpsys syspend_control` output to bugreport 29allow system_suspend dumpstate:fd use; 30allow system_suspend dumpstate:fifo_file write; 31 32# Allow init to take kernel wakelock and system suspend to 33# remove kenel wakelocks and the capability to access these 34# files 35allow init sysfs_wake_lock:file rw_file_perms; 36allow init self:global_capability2_class_set block_suspend; 37allow system_suspend sysfs_wake_lock:file rw_file_perms; 38allow system_suspend self:global_capability2_class_set block_suspend; 39 40neverallow { 41 domain 42 -atrace # tracing 43 -bluetooth # support Bluetooth activity attribution (BTAA) 44 -dumpstate # bug reports 45 -system_suspend # implements system_suspend_control_service 46 -system_server # configures system_suspend via ISuspendControlService 47 -traceur_app # tracing 48} system_suspend_control_service:service_manager find; 49