1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
|
# Thermal-engine daemon
type thermal-engine, domain, domain_deprecated;
type thermal-engine_exec, exec_type, file_type;
# Started by init
init_daemon_domain(thermal-engine)
# Allow to read and write cpufreq sysfs
allow thermal-engine sysfs_devices_system_cpu:file rw_file_perms;
# This is to access thermal query device and smem log device
allow thermal-engine { thermal_device smem_log_device }:chr_file rw_file_perms;
allow thermal-engine self:capability {
dac_read_search
dac_override
fsetid
sys_boot
};
allow thermal-engine self:socket create_socket_perms;
# This is required to access thermal sockets
allow thermal-engine thermal_socket:dir w_dir_perms;
allow thermal-engine thermal_socket:sock_file create_file_perms;
allow thermal-engine socket_device:dir w_dir_perms;
# This is required for thermal sysfs access
r_dir_file(thermal-engine, sysfs_thermal)
allow thermal-engine { sysfs_thermal sysfs }:file w_file_perms;
# This is required for qmi access
qmux_socket(thermal-engine);
allow thermal-engine sysfs_mpdecision:file rw_file_perms;
r_dir_file(thermal-engine, sysfs_ssr);
# This is required for wake alarm access
allow thermal-engine self:capability2 wake_alarm;
# This is required for thermal perfd access
allow thermal-engine mpctl_socket:dir search;
allow thermal-engine mpctl_socket:sock_file write;
unix_socket_send(thermal-engine, mpctl, perfd)
unix_socket_connect(thermal-engine, mpctl, perfd)
unix_socket_send(thermal-engine, mpctl, mpdecision)
unix_socket_connect(thermal-engine, mpctl, mpdecision)
#This is to allow access to uio device
allow thermal-engine uio_device:chr_file rw_file_perms;
userdebug_or_eng(`
diag_use(thermal-engine)
')
|