From f16a701e6b15ea3af962c354992bdaa1cc52ddb6 Mon Sep 17 00:00:00 2001 From: Todd Poynor Date: Thu, 24 Aug 2017 00:18:16 -0700 Subject: [PATCH] sepolicy: move thermal HAL to thermal-engine Move standalone Thermal HAL daemon permissions to thermal-engine Thermal HAL for Qualcomm-based devices is now served by the vendor daemon for thermal management: thermal-engine. Bug: 30982366 Test: manual on walleye: audit logs Change-Id: I95e8dde9825b99c5ad28212f4eb34b774d1759e9 --- sepolicy/vendor/hal_thermal_default.te | 4 ---- sepolicy/vendor/thermal-engine.te | 5 +++++ 2 files changed, 5 insertions(+), 4 deletions(-) delete mode 100644 sepolicy/vendor/hal_thermal_default.te diff --git a/sepolicy/vendor/hal_thermal_default.te b/sepolicy/vendor/hal_thermal_default.te deleted file mode 100644 index bafcb555..00000000 --- a/sepolicy/vendor/hal_thermal_default.te +++ /dev/null @@ -1,4 +0,0 @@ -allow hal_thermal_default sysfs_thermal:dir { open read search }; -allow hal_thermal_default sysfs_thermal:file { getattr open read }; -allow hal_thermal_default sysfs_thermal:lnk_file read; -allow hal_thermal_default proc_stat:file { getattr open read }; diff --git a/sepolicy/vendor/thermal-engine.te b/sepolicy/vendor/thermal-engine.te index d92b845f..8009959d 100644 --- a/sepolicy/vendor/thermal-engine.te +++ b/sepolicy/vendor/thermal-engine.te @@ -14,8 +14,13 @@ allow thermal-engine sysfs_soc:dir search; allow thermal-engine sysfs_soc:file r_file_perms; allow thermal-engine sysfs_thermal:dir r_dir_perms; allow thermal-engine sysfs_thermal:file rw_file_perms; +allow thermal-engine sysfs_thermal:lnk_file read; allow thermal-engine sysfs_rmtfs:dir search; allow thermal-engine sysfs_rmtfs:file r_file_perms; +# to read /proc/stat +allow thermal-engine proc_stat:file { getattr open read }; +# IThermal Thermal HAL +hal_server_domain(thermal-engine, hal_thermal) allow thermal-engine thermal_device:chr_file rw_file_perms;