# charger needs to tell init to continue the boot
# process when running in charger mode.
set_prop(charger_type, charger_status_prop)
get_prop(charger_type, charger_config_prop)

# get minui properties
get_prop(charger_type, recovery_config_prop)

# Write to /dev/kmsg
allow charger_type kmsg_device:chr_file rw_file_perms;

# Read access to pseudo filesystems.
r_dir_file(charger_type, rootfs)
r_dir_file(charger_type, cgroup)
r_dir_file(charger_type, cgroup_v2)

# Allow to read /sys/class/power_supply directory
allow charger_type sysfs_type:dir r_dir_perms;

allow charger_type self:global_capability_class_set {
    sys_boot
    sys_tty_config
};

wakelock_use(charger_type)

allow charger_type self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;

# Read/write to /sys/power/state
allow charger_type sysfs_power:file rw_file_perms;

r_dir_file(charger_type, sysfs_batteryinfo)

# Read /sys/fs/pstore/console-ramoops
# Don't worry about overly broad permissions for now, as there's
# only one file in /sys/fs/pstore
allow charger_type pstorefs:dir r_dir_perms;
allow charger_type pstorefs:file r_file_perms;

allow charger_type graphics_device:dir r_dir_perms;
allow charger_type graphics_device:chr_file rw_file_perms;
allow charger_type input_device:dir r_dir_perms;
allow charger_type input_device:chr_file r_file_perms;
allow charger_type tty_device:chr_file rw_file_perms;
allow charger_type proc_sysrq:file rw_file_perms;

### Neverallow rules for charger properties

# charger_config_prop: Only init and vendor_init is allowed to set it
neverallow {
    domain
    -init
    -vendor_init
} charger_config_prop:property_service set;

# charger_status_prop: Only init, vendor_init, charger, and charger_vendor
# are allowed to set it
neverallow {
    domain
    -init
    -vendor_init
    -charger
    -charger_vendor
} charger_status_prop:property_service set;

# Both charger_config_prop and charger_status_prop:
# Only init, vendor_init, dumpstate, charger, and charger_vendor
# are allowed to read it
neverallow {
    domain
    -init
    -dumpstate
    -vendor_init
    -charger
    -charger_vendor
} { charger_config_prop charger_status_prop }:file no_rw_file_perms;