1type system_suspend, domain, coredomain, system_suspend_server, system_suspend_internal_server; 2 3type system_suspend_exec, system_file_type, exec_type, file_type; 4init_daemon_domain(system_suspend) 5 6# To serve ISuspendControlService. 7binder_use(system_suspend) 8add_service(system_suspend, system_suspend_control_service) 9 10add_service(system_suspend, hal_system_suspend_service) 11 12# Access to /sys/power/{ wakeup_count, state } suspend interface. 13allow system_suspend sysfs_power:file rw_file_perms; 14 15# Access to wakeup, suspend stats, and wakeup reasons. 16r_dir_file(system_suspend, sysfs_suspend_stats) 17r_dir_file(system_suspend, sysfs_wakeup) 18r_dir_file(system_suspend, sysfs_wakeup_reasons) 19# To resolve arbitrary sysfs paths from /sys/class/wakeup/* symlinks. 20allow system_suspend sysfs_type:dir search; 21 22# Access to suspend_hal system properties 23get_prop(system_suspend, suspend_prop) 24 25# Access to system_suspend debug system properties 26userdebug_or_eng(` 27 get_prop(system_suspend, suspend_debug_prop) 28') 29 30# To call BTAA registered callbacks 31allow system_suspend bluetooth:binder call; 32 33# For adding `dumpsys syspend_control` output to bugreport 34allow system_suspend dumpstate:fd use; 35allow system_suspend dumpstate:fifo_file write; 36 37# Allow init to take kernel wakelock and system suspend to 38# remove kenel wakelocks and the capability to access these 39# files 40allow init sysfs_wake_lock:file rw_file_perms; 41allow init self:global_capability2_class_set block_suspend; 42allow system_suspend sysfs_wake_lock:file rw_file_perms; 43allow system_suspend self:global_capability2_class_set block_suspend; 44 45# Allow init to set /sys/power/sync_on_suspend. 46allow init sysfs_sync_on_suspend:file w_file_perms; 47 48neverallow { 49 domain 50 -atrace # tracing 51 -bluetooth # support Bluetooth activity attribution (BTAA) 52 -dumpstate # bug reports 53 -system_suspend # implements system_suspend_control_service 54 -system_server # configures system_suspend via ISuspendControlService 55 -traceur_app # tracing 56} system_suspend_control_service:service_manager find; 57