From: Tim Zimmermann <tim@linux4.de>
Date: Sun, 12 Nov 2023 05:47:00 +0000 (+0100)
Subject: common: Add policy for AIDL thermal HAL
X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=876b8191b8ba7aff71884cb8a157f9bad95138a6;p=GitHub%2FLineageOS%2Fandroid_device_samsung_slsi_sepolicy.git

common: Add policy for AIDL thermal HAL

Change-Id: I7e6a6b51700b09a474616b32731b2a2173f2e7af
---

diff --git a/common/vendor/file_contexts b/common/vendor/file_contexts
index d32b9c0..9450a6f 100644
--- a/common/vendor/file_contexts
+++ b/common/vendor/file_contexts
@@ -146,7 +146,7 @@
 /(vendor|system/vendor)/bin/hw/android\.hardware\.memtrack-service\.samsung-mali                  u:object_r:hal_memtrack_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.power@[0-9].[0-9]-service\.exynos               u:object_r:hal_power_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.power(@[0-9]\.[0-9])?-service\.samsung-libperfmgr   u:object_r:hal_power_default_exec:s0
-/(vendor|system/vendor)/bin/hw/android\.hardware\.thermal@[0-9].[0-9]-service\.samsung            u:object_r:hal_thermal_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.thermal(@[0-9].[0-9])?-service\.samsung         u:object_r:hal_thermal_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.usb(@[0-9]\.[0-9])?-service\.samsung            u:object_r:hal_usb_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.nfc@[0-9]\.[0-9]-service\.samsung               u:object_r:hal_nfc_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.vibrator(@[0-9].[0-9])?-service\.samsung(-haptic)?    u:object_r:hal_vibrator_default_exec:s0
diff --git a/common/vendor/hal_thermal_default.te b/common/vendor/hal_thermal_default.te
index 7cd9ba0..27772b0 100644
--- a/common/vendor/hal_thermal_default.te
+++ b/common/vendor/hal_thermal_default.te
@@ -6,3 +6,9 @@ allow hal_thermal_default cgroup:file getattr;
 # /sys/devices/virtual/thermal/
 allow hal_thermal_default sysfs_thermal:dir r_dir_perms;
 allow hal_thermal_default sysfs_thermal:file r_file_perms;
+
+get_prop(hal_thermal_default, vendor_thermal_prop)
+
+hal_client_domain(hal_thermal_default, hal_power)
+
+allow hal_thermal_default self:netlink_kobject_uevent_socket { create bind read setopt };