From: Tim Zimmermann <tim@linux4.de>
Date: Sun, 12 Nov 2023 06:12:59 +0000 (+0100)
Subject: common: Add policy for thermal_symlinks
X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=234ef9892612765f0e243c9cb50f110cb1226be3;p=GitHub%2FLineageOS%2Fandroid_device_samsung_slsi_sepolicy.git

common: Add policy for thermal_symlinks

Change-Id: I3f684ad2450884d1241dc3f29e3d0977ff169809
---

diff --git a/common/vendor/device.te b/common/vendor/device.te
index fca071f..dfdd469 100644
--- a/common/vendor/device.te
+++ b/common/vendor/device.te
@@ -20,4 +20,5 @@ type io_device, dev_type;
 type pm_qos_device, dev_type;
 type radio_qos_device, dev_type;
 type ssp_device, dev_type;
+type thermal_link_device, dev_type;
 type vendor_radio_device, dev_type;
diff --git a/common/vendor/file_contexts b/common/vendor/file_contexts
index 9450a6f..9f3bad0 100644
--- a/common/vendor/file_contexts
+++ b/common/vendor/file_contexts
@@ -38,6 +38,7 @@
 /dev/esfp[0-9]                               u:object_r:fp_sensor_device:s0
 /dev/batch_io                                u:object_r:io_device:s0
 /dev/ssp_sensorhub                           u:object_r:ssp_device:s0
+/dev/thermal(/.*)?                           u:object_r:thermal_link_device:s0
 
 # bluetooth
 /dev/ttySAC[0-9]                             u:object_r:bt_device:s0
@@ -125,6 +126,7 @@
 ### VENDOR
 /(vendor|system/vendor)/bin/cbd              u:object_r:cbd_exec:s0
 /(vendor|system/vendor)/bin/secril_config_svc    u:object_r:secril_config_svc_exec:s0
+/(vendor|system/vendor)/bin/thermal_symlinks\.samsung  u:object_r:init-thermal-symlinks-sh_exec:s0
 
 /(vendor|system/vendor)/bin/hw/gpsd              u:object_r:gpsd_exec:s0
 /(vendor|system/vendor)/bin/hw/lhd               u:object_r:lhd_exec:s0
diff --git a/common/vendor/init-thermal-symlinks-sh.te b/common/vendor/init-thermal-symlinks-sh.te
new file mode 100644
index 0000000..093512c
--- /dev/null
+++ b/common/vendor/init-thermal-symlinks-sh.te
@@ -0,0 +1,12 @@
+type init-thermal-symlinks-sh, domain;
+type init-thermal-symlinks-sh_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(init-thermal-symlinks-sh)
+
+allow init-thermal-symlinks-sh vendor_toolbox_exec:file rx_file_perms;
+allow init-thermal-symlinks-sh thermal_link_device:dir rw_dir_perms;
+allow init-thermal-symlinks-sh thermal_link_device:lnk_file create_file_perms;
+allow init-thermal-symlinks-sh sysfs_thermal:dir r_dir_perms;
+allow init-thermal-symlinks-sh sysfs_thermal:file r_file_perms;
+allow init-thermal-symlinks-sh sysfs_thermal:lnk_file r_file_perms;
+set_prop(init-thermal-symlinks-sh, vendor_thermal_prop)
diff --git a/common/vendor/property.te b/common/vendor/property.te
index 4b2edae..4242eab 100644
--- a/common/vendor/property.te
+++ b/common/vendor/property.te
@@ -4,4 +4,5 @@ vendor_internal_prop(vendor_cbd_prop)
 vendor_restricted_prop(vendor_hwc_prop)
 vendor_internal_prop(vendor_radio_prop)
 vendor_internal_prop(vendor_fastcharge_prop)
+vendor_internal_prop(vendor_thermal_prop)
 vendor_internal_prop(vendor_wifi_prop)
diff --git a/common/vendor/property_contexts b/common/vendor/property_contexts
index 13a59df..dabaa4e 100644
--- a/common/vendor/property_contexts
+++ b/common/vendor/property_contexts
@@ -13,6 +13,9 @@ ro.vendor.radio.               u:object_r:vendor_radio_prop:s0
 ### fastcharge
 persist.vendor.sec.fastchg_enabled     u:object_r:vendor_fastcharge_prop:s0
 
+## thermal
+vendor.thermal.                u:object_r:vendor_thermal_prop:s0
+
 ### wifi
 vendor.wifi.                   u:object_r:vendor_wifi_prop:s0
 ro.vendor.wifi.                u:object_r:vendor_wifi_prop:s0