From 65c568d0dd92704a9dcf117e2b969e8a14716a37 Mon Sep 17 00:00:00 2001
From: Yifan Hong <elsk@google.com>
Date: Mon, 16 Jul 2018 17:19:38 -0700
Subject: [PATCH] perfprofd: talk to health HAL.

Test: perfprofd tests
Bug: 110890430
Change-Id: I0f7476d76b8d35b6b48fe6b77544ca8ccc71534d
---
 private/perfprofd.te | 6 +++---
 public/domain.te     | 2 --
 public/perfprofd.te  | 4 ++--
 3 files changed, 5 insertions(+), 7 deletions(-)

diff --git a/private/perfprofd.te b/private/perfprofd.te
index 2b4d53782..25f97111f 100644
--- a/private/perfprofd.te
+++ b/private/perfprofd.te
@@ -3,6 +3,6 @@ userdebug_or_eng(`
   init_daemon_domain(perfprofd)
 ')
 
-# Only servicemanager, statsd, su and systemserver can communicate.
-neverallow { domain userdebug_or_eng(`-statsd -system_server') } perfprofd:binder call;
-neverallow perfprofd { domain userdebug_or_eng(`-servicemanager -statsd -su -system_server') }:binder call;
+# Only servicemanager, statsd, su, systemserver, hwservicemanager, health HAL can communicate.
+neverallow { domain userdebug_or_eng(`-statsd -system_server -hal_health_server -hwservicemanager') } perfprofd:binder call;
+neverallow perfprofd { domain userdebug_or_eng(`-servicemanager -statsd -su -system_server -hal_health_server -hwservicemanager') }:binder call;
diff --git a/public/domain.te b/public/domain.te
index c6fc9f831..fbc9a7fbf 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -1421,7 +1421,5 @@ full_treble_only(`
     -charger
     # TODO(b/110891300): remove this exception
     -incidentd
-    # TODO(b/110890430): remove this exception
-    -perfprofd
   } sysfs_batteryinfo:file { open read };
 ')
diff --git a/public/perfprofd.te b/public/perfprofd.te
index f067af5d4..c041ec2a8 100644
--- a/public/perfprofd.te
+++ b/public/perfprofd.te
@@ -39,8 +39,8 @@ userdebug_or_eng(`
   # perfprofd looks at thermals.
   allow perfprofd sysfs_thermal:dir r_dir_perms;
 
-  # perfprofd checks power_supply.
-  r_dir_file(perfprofd, sysfs_batteryinfo)
+  # perfprofd gets charging status.
+  hal_client_domain(perfprofd, hal_health)
 
   # simpleperf reads kernel notes.
   allow perfprofd sysfs_kernel_notes:file r_file_perms;
-- 
GitLab