db845c|rb5: Fix wakeup selinux denials
Label more wakeup nodes for the VTS
SuspendSepolicyTests#SuspendSepolicyTests test.
Othewise the following error message will be printed:
Unlabeled wakeup nodes found, your device is likely missing
device/oem specific selinux genfscon rules for suspend.
Please review and add the following generated rules to the
device specific genfs_contexts:
genfscon sysfs devices/platform/remoteproc-adsp/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs devices/platform/remoteproc-cdsp/wakeup u:object_r:sysfs_wakeup:s0
genfscon sysfs devices/platform/soc@0/c440000.spmi/spmi-0/0-00/c440000.spmi:pmic@0:rtc@6000/rtc/rtc0/alarmtimer.1.auto/wakeup u:object_r:sysfs_wakeup:s0
Missing sysfs_wakeup labels
Exit Code: 1
Fixes: 183f6a7cc351 ("db845c: bump PRODUCT_SHIPPING_API_LEVEL to 33")
Test: vts -m SuspendSepolicyTests
Suggested-by: Yongqin Liu <yongqin.liu@linaro.org>
Signed-off-by: Yongqin Liu <yongqin.liu@linaro.org>
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
Change-Id: I0a8a64711a7706a543230c9dfc5943259fa7da03
diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
index 660539c..7e548db 100644
--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts
@@ -23,20 +23,18 @@
/sys/devices/platform/soc@0/ae00000.mdss u:object_r:sysfs_gpu:s0
/sys/devices/platform/soc@0/ae00000.display-subsystem u:object_r:sysfs_gpu:s0
-#wakeups on db845c
-/sys/devices/platform/soc@0/1c00000.pci/pci0000:00/0000:00:00.0/0000:01:00.0/wakeup/wakeup1 u:object_r:sysfs_wakeup:s0
-/sys/devices/platform/soc@0/a6f8800.usb/wakeup/wakeup2 u:object_r:sysfs_wakeup:s0
-/sys/devices/platform/soc@0/a8f8800.usb/wakeup/wakeup3 u:object_r:sysfs_wakeup:s0
-/sys/devices/platform/soc@0/c440000.spmi/spmi-0/0-00/c440000.spmi:pmic@0:pon@800/c440000.spmi:pmic@0:pon@800:pwrkey/wakeup/wakeup4 u:object_r:sysfs_wakeup:s0
-/sys/devices/platform/soc@0/c440000.spmi/spmi-0/0-00/c440000.spmi:pmic@0:pon@800/c440000.spmi:pmic@0:pon@800:resin/wakeup/wakeup5 u:object_r:sysfs_wakeup:s0
-/sys/devices/platform/soc@0/c440000.spmi/spmi-0/0-00/c440000.spmi:pmic@0:rtc@6000/wakeup/wakeup6 u:object_r:sysfs_wakeup:s0
-/sys/devices/platform/soc@0/c440000.spmi/spmi-0/0-00/c440000.spmi:pmic@0:rtc@6000/rtc/rtc0/alarmtimer.2.auto/wakeup/wakeup7 u:object_r:sysfs_wakeup:s0
-
-#wakeups on RB5
-/sys/devices/platform/soc@0/a6f8800.usb/wakeup/wakeup0 u:object_r:sysfs_wakeup:s0
-/sys/devices/platform/soc@0/a8f8800.usb/wakeup/wakeup1 u:object_r:sysfs_wakeup:s0
-/sys/devices/platform/soc@0/c440000.spmi/spmi-0/0-00/c440000.spmi:pmic@0:rtc@6000/wakeup/wakeup3 u:object_r:sysfs_wakeup:s0
-/sys/devices/platform/soc@0/c440000.spmi/spmi-0/0-00/c440000.spmi:pmic@0:rtc@6000/rtc/rtc0/alarmtimer.1.auto/wakeup/wakeup4 u:object_r:sysfs_wakeup:s0
+#wakeups on db845c and rb5
+/sys/devices/platform/remoteproc-adsp/wakeup u:object_r:sysfs_wakeup:s0
+/sys/devices/platform/remoteproc-cdsp/wakeup u:object_r:sysfs_wakeup:s0
+/sys/devices/platform/soc@0/17300000.remoteproc/wakeup u:object_r:sysfs_wakeup:s0
+/sys/devices/platform/soc@0/1c00000.pci/pci0000:00 u:object_r:sysfs_wakeup:s0
+/sys/devices/platform/soc@0/1c00000.pcie/pci0000:00 u:object_r:sysfs_wakeup:s0
+/sys/devices/platform/soc@0/8300000.remoteproc/wakeup u:object_r:sysfs_wakeup:s0
+/sys/devices/platform/soc@0/a6f8800.usb/wakeup u:object_r:sysfs_wakeup:s0
+/sys/devices/platform/soc@0/a6f8800.usb/a600000.usb/wakeup u:object_r:sysfs_wakeup:s0
+/sys/devices/platform/soc@0/a8f8800.usb/wakeup u:object_r:sysfs_wakeup:s0
+/sys/devices/platform/soc@0/a8f8800.usb/a800000.usb/wakeup u:object_r:sysfs_wakeup:s0
+/sys/devices/platform/soc@0/c440000.spmi/spmi-0 u:object_r:sysfs_wakeup:s0
/sys/class/remoteproc u:object_r:sysfs_remoteproc:s0
/sys/devices/platform/remoteproc-adsp/remoteproc u:object_r:sysfs_remoteproc:s0
diff --git a/sepolicy/genfs_contexts b/sepolicy/genfs_contexts
index 4d7f4ea..d51b60f 100644
--- a/sepolicy/genfs_contexts
+++ b/sepolicy/genfs_contexts
@@ -10,17 +10,15 @@
genfscon sysfs /class/udc u:object_r:sysfs_udc:s0
genfscon sysfs /firmware/devicetree/base/compatible u:object_r:sysfs_dt_compatible:s0
-#wakeups on db845c
-genfscon sysfs /devices/platform/soc@0/1c00000.pci/pci0000:00/0000:00:00.0/0000:01:00.0/wakeup/wakeup1 u:object_r:sysfs_wakeup:s0
-genfscon sysfs /devices/platform/soc@0/a6f8800.usb/wakeup/wakeup2 u:object_r:sysfs_wakeup:s0
-genfscon sysfs /devices/platform/soc@0/a8f8800.usb/wakeup/wakeup3 u:object_r:sysfs_wakeup:s0
-genfscon sysfs /devices/platform/soc@0/c440000.spmi/spmi-0/0-00/c440000.spmi:pmic@0:pon@800/c440000.spmi:pmic@0:pon@800:pwrkey/wakeup/wakeup4 u:object_r:sysfs_wakeup:s0
-genfscon sysfs /devices/platform/soc@0/c440000.spmi/spmi-0/0-00/c440000.spmi:pmic@0:pon@800/c440000.spmi:pmic@0:pon@800:resin/wakeup/wakeup5 u:object_r:sysfs_wakeup:s0
-genfscon sysfs /devices/platform/soc@0/c440000.spmi/spmi-0/0-00/c440000.spmi:pmic@0:rtc@6000/wakeup/wakeup6 u:object_r:sysfs_wakeup:s0
-genfscon sysfs /devices/platform/soc@0/c440000.spmi/spmi-0/0-00/c440000.spmi:pmic@0:rtc@6000/rtc/rtc0/alarmtimer.2.auto/wakeup/wakeup7 u:object_r:sysfs_wakeup:s0
-
-#wakeups on RB5
-genfscon sysfs /devices/platform/soc@0/a6f8800.usb/wakeup/wakeup0 u:object_r:sysfs_wakeup:s0
-genfscon sysfs /devices/platform/soc@0/a8f8800.usb/wakeup/wakeup1 u:object_r:sysfs_wakeup:s0
-genfscon sysfs /devices/platform/soc@0/c440000.spmi/spmi-0/0-00/c440000.spmi:pmic@0:rtc@6000/wakeup/wakeup3 u:object_r:sysfs_wakeup:s0
-genfscon sysfs /devices/platform/soc@0/c440000.spmi/spmi-0/0-00/c440000.spmi:pmic@0:rtc@6000/rtc/rtc0/alarmtimer.1.auto/wakeup/wakeup4 u:object_r:sysfs_wakeup:s0
+#wakeups on db845c and rb5
+genfscon sysfs /devices/platform/remoteproc-adsp/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/remoteproc-cdsp/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc@0/17300000.remoteproc/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc@0/1c00000.pci/pci0000:00 u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc@0/1c00000.pcie/pci0000:00 u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc@0/8300000.remoteproc/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc@0/a6f8800.usb/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc@0/a6f8800.usb/a600000.usb/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc@0/a8f8800.usb/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc@0/a8f8800.usb/a800000.usb/wakeup u:object_r:sysfs_wakeup:s0
+genfscon sysfs /devices/platform/soc@0/c440000.spmi/spmi-0 u:object_r:sysfs_wakeup:s0
diff --git a/sepolicy/hal_health_default.te b/sepolicy/hal_health_default.te
new file mode 100644
index 0000000..d5d490d
--- /dev/null
+++ b/sepolicy/hal_health_default.te
@@ -0,0 +1,2 @@
+allow hal_health_default sysfs_wakeup:dir search;
+allow hal_health_default sysfs_wakeup:file { getattr open read };
diff --git a/sepolicy/system_server.te b/sepolicy/system_server.te
index e801436..5e0af39 100644
--- a/sepolicy/system_server.te
+++ b/sepolicy/system_server.te
@@ -1,3 +1,4 @@
gpu_access(system_server)
allow system_server wifi_hal_prop:file {open read getattr map};
allow system_server vendor_file:dir read;
+allow system_server sysfs_wakeup:file { getattr open read };