common: Add policy for thermal_symlinks

Change-Id: I3f684ad2450884d1241dc3f29e3d0977ff169809

diff --git a/common/vendor/device.te b/common/vendor/device.te
index fca071fcad94c1194780ddd9f5cbcd9ec2d0e946..dfdd469ee48874593409d85ade599afe27eaa6ee 100644 (file)
--- a/common/vendor/device.te
+++ b/common/vendor/device.te
@@ -20,4 +20,5 @@ type io_device, dev_type;
 type pm_qos_device, dev_type;
 type radio_qos_device, dev_type;
 type ssp_device, dev_type;
+type thermal_link_device, dev_type;
 type vendor_radio_device, dev_type;

diff --git a/common/vendor/file_contexts b/common/vendor/file_contexts
index 9450a6f7ed50a8469a4b5a1a286d4b9511d37048..9f3bad091e7e66adccf52d6a2d8d727265d470d1 100644 (file)
--- a/common/vendor/file_contexts
+++ b/common/vendor/file_contexts
@@ -38,6 +38,7 @@
 /dev/esfp[0-9]                               u:object_r:fp_sensor_device:s0
 /dev/batch_io                                u:object_r:io_device:s0
 /dev/ssp_sensorhub                           u:object_r:ssp_device:s0
+/dev/thermal(/.*)?                           u:object_r:thermal_link_device:s0
 
 # bluetooth
 /dev/ttySAC[0-9]                             u:object_r:bt_device:s0
@@ -125,6 +126,7 @@
 ### VENDOR
 /(vendor|system/vendor)/bin/cbd              u:object_r:cbd_exec:s0
 /(vendor|system/vendor)/bin/secril_config_svc    u:object_r:secril_config_svc_exec:s0
+/(vendor|system/vendor)/bin/thermal_symlinks\.samsung  u:object_r:init-thermal-symlinks-sh_exec:s0
 
 /(vendor|system/vendor)/bin/hw/gpsd              u:object_r:gpsd_exec:s0
 /(vendor|system/vendor)/bin/hw/lhd               u:object_r:lhd_exec:s0

diff --git a/common/vendor/init-thermal-symlinks-sh.te b/common/vendor/init-thermal-symlinks-sh.te
new file mode 100644 (file)
index 0000000..093512c
--- /dev/null
+++ b/common/vendor/init-thermal-symlinks-sh.te
@@ -0,0 +1,12 @@
+type init-thermal-symlinks-sh, domain;
+type init-thermal-symlinks-sh_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(init-thermal-symlinks-sh)
+
+allow init-thermal-symlinks-sh vendor_toolbox_exec:file rx_file_perms;
+allow init-thermal-symlinks-sh thermal_link_device:dir rw_dir_perms;
+allow init-thermal-symlinks-sh thermal_link_device:lnk_file create_file_perms;
+allow init-thermal-symlinks-sh sysfs_thermal:dir r_dir_perms;
+allow init-thermal-symlinks-sh sysfs_thermal:file r_file_perms;
+allow init-thermal-symlinks-sh sysfs_thermal:lnk_file r_file_perms;
+set_prop(init-thermal-symlinks-sh, vendor_thermal_prop)

diff --git a/common/vendor/property.te b/common/vendor/property.te
index 4b2edae21d86bc84576193c93377d8e0628120ff..4242eab215ceca9f0ea5033df727176c42dbb6b2 100644 (file)
--- a/common/vendor/property.te
+++ b/common/vendor/property.te
@@ -4,4 +4,5 @@ vendor_internal_prop(vendor_cbd_prop)
 vendor_restricted_prop(vendor_hwc_prop)
 vendor_internal_prop(vendor_radio_prop)
 vendor_internal_prop(vendor_fastcharge_prop)
+vendor_internal_prop(vendor_thermal_prop)
 vendor_internal_prop(vendor_wifi_prop)

diff --git a/common/vendor/property_contexts b/common/vendor/property_contexts
index 13a59df9e990b78417ad76b22094d0cd6f183070..dabaa4e00c8b09cd231cddd9caa61002874d3a6c 100644 (file)
--- a/common/vendor/property_contexts
+++ b/common/vendor/property_contexts
@@ -13,6 +13,9 @@ ro.vendor.radio.               u:object_r:vendor_radio_prop:s0
 ### fastcharge
 persist.vendor.sec.fastchg_enabled     u:object_r:vendor_fastcharge_prop:s0
 
+## thermal
+vendor.thermal.                u:object_r:vendor_thermal_prop:s0
+
 ### wifi
 vendor.wifi.                   u:object_r:vendor_wifi_prop:s0
 ro.vendor.wifi.                u:object_r:vendor_wifi_prop:s0