Use GID "wakelock" to control access to kernel wakelock

* Added new kernel GID named "wakelock" (AID_WAKELOCK = 3010)
* Changed the group access for /sys/power/wake_lock and
  /sys/power/wake_unlock from "system" to "wakelock"
* Added "wakelock" to the list of groups for the healthd process/service

Bug: 25864142
Change-Id: Ieabee9964cccec3107971a361a43aa9805164aa9

include/private/android_filesystem_config.h

@@ -104,6 +104,7 @@
 #define AID_NET_BW_ACCT   3007  /* change bandwidth statistics accounting */
 #define AID_NET_BT_STACK  3008  /* bluetooth: access config files */
 #define AID_READPROC      3009  /* Allow /proc read access */
+#define AID_WAKELOCK      3010  /* Allow system wakelock read/write access */
 
 /* The range 5000-5999 is also reserved for OEM, and must never be used here. */
 #define AID_OEM_RESERVED_2_START 5000
@@ -197,6 +198,7 @@ static const struct android_id_info android_ids[] = {
     { "net_bw_acct",   AID_NET_BW_ACCT, },
     { "net_bt_stack",  AID_NET_BT_STACK, },
     { "readproc",      AID_READPROC, },
+    { "wakelock",      AID_WAKELOCK, },
 
     { "everybody",     AID_EVERYBODY, },
     { "misc",          AID_MISC, },

rootdir/init.rc

@@ -456,8 +456,8 @@ on boot
     chown system system /sys/power/autosleep
     chown system system /sys/power/state
     chown system system /sys/power/wakeup_count
-    chown radio system /sys/power/wake_lock
-    chown radio system /sys/power/wake_unlock
+    chown radio wakelock /sys/power/wake_lock
+    chown radio wakelock /sys/power/wake_unlock
     chmod 0660 /sys/power/state
     chmod 0660 /sys/power/wake_lock
     chmod 0660 /sys/power/wake_unlock
@@ -586,7 +586,7 @@ service healthd /sbin/healthd
     class core
     critical
     seclabel u:r:healthd:s0
-    group root system
+    group root system wakelock
 
 service console /system/bin/sh
     class core