Use GID "wakelock" to control access to kernel wakelock
* Added new kernel GID named "wakelock" (AID_WAKELOCK = 3010)
* Changed the group access for /sys/power/wake_lock and
/sys/power/wake_unlock from "system" to "wakelock"
* Added "wakelock" to the list of groups for the healthd process/service
Bug: 25864142
Change-Id: Ieabee9964cccec3107971a361a43aa9805164aa9
diff --git a/include/private/android_filesystem_config.h b/include/private/android_filesystem_config.h
index d236938..bbe4486 100644
--- a/include/private/android_filesystem_config.h
+++ b/include/private/android_filesystem_config.h
@@ -104,6 +104,7 @@
#define AID_NET_BW_ACCT 3007 /* change bandwidth statistics accounting */
#define AID_NET_BT_STACK 3008 /* bluetooth: access config files */
#define AID_READPROC 3009 /* Allow /proc read access */
+#define AID_WAKELOCK 3010 /* Allow system wakelock read/write access */
/* The range 5000-5999 is also reserved for OEM, and must never be used here. */
#define AID_OEM_RESERVED_2_START 5000
@@ -197,6 +198,7 @@
{ "net_bw_acct", AID_NET_BW_ACCT, },
{ "net_bt_stack", AID_NET_BT_STACK, },
{ "readproc", AID_READPROC, },
+ { "wakelock", AID_WAKELOCK, },
{ "everybody", AID_EVERYBODY, },
{ "misc", AID_MISC, },
diff --git a/rootdir/init.rc b/rootdir/init.rc
index ab6afa2..6d5291c 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -456,8 +456,8 @@
chown system system /sys/power/autosleep
chown system system /sys/power/state
chown system system /sys/power/wakeup_count
- chown radio system /sys/power/wake_lock
- chown radio system /sys/power/wake_unlock
+ chown radio wakelock /sys/power/wake_lock
+ chown radio wakelock /sys/power/wake_unlock
chmod 0660 /sys/power/state
chmod 0660 /sys/power/wake_lock
chmod 0660 /sys/power/wake_unlock
@@ -586,7 +586,7 @@
class core
critical
seclabel u:r:healthd:s0
- group root system
+ group root system wakelock
service console /system/bin/sh
class core