sm7250-common: Import minimal Pixel Thermal sepolicy

*can't use source one since it conflicts with qcom's
2022-06-16 13:19:12 +10:00 · 2022-06-16 13:19:12 +10:00 · d206831937
commit d206831937
parent 1f04cc785d
5 changed files with 25 additions and 0 deletions
--- a/sepolicy/vendor/file.te
+++ b/sepolicy/vendor/file.te
@ -25,3 +25,5 @@ type thermal_data_file, file_type, data_file_type;
 type ultrasound_device, dev_type;

 type vendor_sysfs_iio, fs_type, sysfs_type;
+
+type thermal_link_device, dev_type;
--- a/sepolicy/vendor/file_contexts
+++ b/sepolicy/vendor/file_contexts
@ -89,6 +89,9 @@
 # Thermal
 /vendor/bin/mi_thermald                                                 u:object_r:mi_thermald_exec:s0
 /data/vendor/thermal(/.*)?                                              u:object_r:thermal_data_file:s0
+/vendor/bin/hw/android\.hardware\.thermal@2\.0-service\.pixel                     u:object_r:hal_thermal_default_exec:s0
+/vendor/bin/thermal_symlinks                                                      u:object_r:init-thermal-symlinks-sh_exec:s0
+/dev/thermal(/.*)?                                                                u:object_r:thermal_link_device:s0

 # USB
 /vendor/bin/init\.mi\.usb\.sh                                           u:object_r:vendor_qti_init_shell_exec:s0
--- a/sepolicy/vendor/hal_thermal_default.te
+++ b/sepolicy/vendor/hal_thermal_default.te
@ -0,0 +1,9 @@
+allow hal_thermal_default sysfs_thermal:dir r_dir_perms;
+allow hal_thermal_default sysfs_thermal:file rw_file_perms;
+allow hal_thermal_default sysfs_thermal:lnk_file r_file_perms;
+allow hal_thermal_default thermal_link_device:dir r_dir_perms;
+allow hal_thermal_default proc_stat:file r_file_perms;
+allow hal_thermal_default self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
+hal_client_domain(hal_thermal_default, hal_power);
+# read thermal_config
+get_prop(hal_thermal_default, vendor_thermal_normal_prop)
--- a/sepolicy/vendor/init-thermal-symlinks.sh.te
+++ b/sepolicy/vendor/init-thermal-symlinks.sh.te
@ -0,0 +1,10 @@
+type init-thermal-symlinks-sh, domain;
+type init-thermal-symlinks-sh_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(init-thermal-symlinks-sh)
+allow init-thermal-symlinks-sh vendor_toolbox_exec:file rx_file_perms;
+allow init-thermal-symlinks-sh thermal_link_device:dir rw_dir_perms;
+allow init-thermal-symlinks-sh thermal_link_device:lnk_file create_file_perms;
+allow init-thermal-symlinks-sh sysfs_thermal:dir r_dir_perms;
+allow init-thermal-symlinks-sh sysfs_thermal:file r_file_perms;
+allow init-thermal-symlinks-sh sysfs_thermal:lnk_file r_file_perms;
+set_prop(init-thermal-symlinks-sh, vendor_thermal_normal_prop)
--- a/sepolicy/vendor/property_contexts
+++ b/sepolicy/vendor/property_contexts
@ -40,3 +40,4 @@ ro.vendor.ril                                   u:object_r:vendor_public_vendor_
 sys.thermal.                                    u:object_r:vendor_thermal_normal_prop:s0
 vendor.sys.thermal.                             u:object_r:vendor_thermal_normal_prop:s0
 persist.sys.thermal.config                      u:object_r:vendor_thermal_normal_prop:s0
+vendor.thermal.                                 u:object_r:vendor_thermal_normal_prop:s0