From d0f358d531eceba5fcd368b198f5cb444a05a2fb Mon Sep 17 00:00:00 2001 From: Cosmin Tanislav Date: Wed, 13 Oct 2021 11:13:16 +0300 Subject: [PATCH] sm8350-common: sepolicy: add mi_thermald rules --- sepolicy/vendor/file_contexts | 3 +++ sepolicy/vendor/mi_thermald.te | 25 +++++++++++++++++++++++++ 2 files changed, 28 insertions(+) diff --git a/sepolicy/vendor/file_contexts b/sepolicy/vendor/file_contexts index 12f3395..c0f5ac9 100644 --- a/sepolicy/vendor/file_contexts +++ b/sepolicy/vendor/file_contexts @@ -17,3 +17,6 @@ /sys/devices/platform/soc/soc:qcom,dsi-display-primary/fod_hbm u:object_r:vendor_sysfs_fod:s0 /sys/devices/platform/soc/soc:qcom,dsi-display-primary/fod_ui u:object_r:vendor_sysfs_fod:s0 /sys/devices/virtual/touch/tp_dev/fod_status u:object_r:vendor_sysfs_fod:s0 + +# Thermal +/data/vendor/thermal(/.*)? u:object_r:thermal_data_file:s0 diff --git a/sepolicy/vendor/mi_thermald.te b/sepolicy/vendor/mi_thermald.te index 6b64a18..a19d350 100644 --- a/sepolicy/vendor/mi_thermald.te +++ b/sepolicy/vendor/mi_thermald.te @@ -1,2 +1,27 @@ type mi_thermald, domain; type mi_thermald_exec, exec_type, vendor_file_type, file_type; +type thermal_data_file, data_file_type, file_type; + +r_dir_file(mi_thermald, sysfs) +r_dir_file(mi_thermald, sysfs_leds) +r_dir_file(mi_thermald, sysfs_thermal) +r_dir_file(mi_thermald, vendor_sysfs_kgsl) +r_dir_file(mi_thermald, vendor_sysfs_battery_supply) +r_dir_file(mi_thermald, vendor_sysfs_qcom_battery) +r_dir_file(mi_thermald, vendor_sysfs_graphics) +r_dir_file(mi_thermald, thermal_data_file) +r_dir_file(mi_thermald, vendor_data_file) + +allow mi_thermald sysfs:file w_file_perms; +allow mi_thermald sysfs_thermal:file w_file_perms; +allow mi_thermald vendor_sysfs_kgsl:file w_file_perms; +allow mi_thermald vendor_sysfs_battery_supply:file w_file_perms; +allow mi_thermald vendor_sysfs_qcom_battery:file w_file_perms; +allow mi_thermald vendor_sysfs_graphics:file w_file_perms; +allow mi_thermald thermal_data_file:file rw_file_perms; +allow mi_thermald vendor_data_file:file rw_file_perms; +allow mi_thermald vendor_data_file:dir w_dir_perms; +allow mi_thermald sysfs_devices_system_cpu:file rw_file_perms; + +allow mi_thermald self:capability { fsetid sys_boot chown fowner }; +allow mi_thermald self:capability2 { wake_alarm block_suspend };