From 443c0d84afb214207d28a8eb36942ed77eadadd1 Mon Sep 17 00:00:00 2001
From: LuK1337 <priv.luk@gmail.com>
Date: Wed, 28 Feb 2018 09:58:11 +0000
Subject: legacy: Address perfd denials

Change-Id: If569ce1cb560a19123b1b7bfae5e10e653825f35
---
 legacy-common/hal_audio_default.te  | 1 +
 legacy-common/hal_camera_default.te | 1 +
 legacy-common/perfd.te              | 8 ++++++++
 3 files changed, 10 insertions(+)
 create mode 100644 legacy-common/hal_audio_default.te
 create mode 100644 legacy-common/hal_camera_default.te

diff --git a/legacy-common/hal_audio_default.te b/legacy-common/hal_audio_default.te
new file mode 100644
index 00000000..ecb0204c
--- /dev/null
+++ b/legacy-common/hal_audio_default.te
@@ -0,0 +1 @@
+allow hal_audio_default mpctl_socket:dir search;
diff --git a/legacy-common/hal_camera_default.te b/legacy-common/hal_camera_default.te
new file mode 100644
index 00000000..670d8bcc
--- /dev/null
+++ b/legacy-common/hal_camera_default.te
@@ -0,0 +1 @@
+allow hal_camera_default mpctl_socket:dir search;
diff --git a/legacy-common/perfd.te b/legacy-common/perfd.te
index 5595fffa..0d2bed10 100644
--- a/legacy-common/perfd.te
+++ b/legacy-common/perfd.te
@@ -3,6 +3,8 @@ type perfd_exec, exec_type, vendor_file_type, file_type;
 
 init_daemon_domain(perfd)
 
+allow perfd self:capability fsetid;
+
 allow perfd {
     sysfs_devices_system_cpu
     sysfs_cpu_online
@@ -30,6 +32,10 @@ allow perfd sysfs_lib:file w_file_perms;
 r_dir_file(perfd, sysfs_kgsl)
 allow perfd sysfs_kgsl:file write;
 
+# Allow access to thermal sysfs entry
+allow perfd sysfs_thermal:dir search;
+allow perfd sysfs_thermal:file w_file_perms;
+
 # mpctl socket
 allow perfd mpctl_socket:dir rw_dir_perms;
 allow perfd mpctl_socket:sock_file create_file_perms;
@@ -46,3 +52,5 @@ set_prop(perfd, freq_prop)
 
 allow perfd cgroup:file r_file_perms;
 allow perfd sysfs:dir r_dir_perms;
+
+r_dir_file(perfd, hal_power_default)
-- 
cgit v1.2.3