87b0b914b1
We are going to enforce that each property has an explicit owner, such as system, vendor, or product. This attaches vendor_property_type to properties defined under vendor sepolicy directories. Bug: 159097992 Test: m selinux_policy && boot device Change-Id: Ibed833cd9e5d786e82985ded6bc62abdf8cd9ded Merged-In: Ibed833cd9e5d786e82985ded6bc62abdf8cd9ded (cherry picked from commit 44eb8e1f89adf04fd413a69391fd444ba68af742) (cherry picked from commit 1922128397116d551a663d5344b4456a84bf46eb)
39 lines
1.4 KiB
Plaintext
39 lines
1.4 KiB
Plaintext
type mi_thermald, domain;
|
|
type mi_thermald_exec, exec_type, vendor_file_type, file_type;
|
|
|
|
vendor_internal_prop(vendor_thermal_normal_prop)
|
|
type thermal_data_file, data_file_type, file_type;
|
|
|
|
init_daemon_domain(mi_thermald)
|
|
|
|
set_prop(mi_thermald, vendor_thermal_normal_prop)
|
|
|
|
allow mi_thermald thermal_data_file:dir rw_dir_perms;
|
|
allow mi_thermald thermal_data_file:file create_file_perms;
|
|
|
|
allow mi_thermald self:capability { fsetid sys_boot };
|
|
allow mi_thermald mi_thermald:capability { chown fowner };
|
|
allow mi_thermald mi_thermald:capability2 { wake_alarm block_suspend };
|
|
|
|
allow mi_thermald sysfs_devices_system_cpu:file rw_file_perms;
|
|
|
|
r_dir_file(mi_thermald, sysfs_thermal)
|
|
allow mi_thermald sysfs_thermal:file w_file_perms;
|
|
|
|
r_dir_file(mi_thermald, sysfs)
|
|
allow mi_thermald sysfs:file w_file_perms;
|
|
|
|
r_dir_file(mi_thermald, sysfs_leds)
|
|
|
|
allow mi_thermald vendor_sysfs_kgsl:dir r_dir_perms;
|
|
allow mi_thermald vendor_sysfs_kgsl:file rw_file_perms;
|
|
allow mi_thermald vendor_sysfs_kgsl:lnk_file r_file_perms;
|
|
|
|
allow mi_thermald vendor_sysfs_battery_supply:dir r_dir_perms;
|
|
allow mi_thermald vendor_sysfs_battery_supply:file rw_file_perms;
|
|
allow mi_thermald vendor_sysfs_battery_supply:lnk_file r_file_perms;
|
|
|
|
allow mi_thermald vendor_sysfs_graphics:dir r_dir_perms;
|
|
allow mi_thermald vendor_sysfs_graphics:file rw_file_perms;
|
|
allow mi_thermald vendor_sysfs_graphics:lnk_file r_file_perms;
|