Added thermal engine allow rule and defined sysfs_thermal files

Added the allow and relevant sysfs_thermal specifications to handle the
following bootup denials:

denied { read write } for pid=795 comm="thermal-engine"
name="trip_point_1_temp" dev="sysfs" ino=43298
scontext=u:r:thermal-engine:s0 tcontext=u:object_r:sysfs_thermal:s0
tclass=file

denied { ioctl write } for pid=761 comm="thermal-engine" path="socket:[18584]"
dev="sockfs" ino=18584 ioctlcmd=c302 scontext=u:r:thermal-engine:s0
tcontext=u:r:thermal-engine:s0 tclass=socket

denied { read } for pid=729 comm="thermal-engine" name="thermal_zone11"
dev="sysfs" ino=43236 scontext=u:r:thermal-engine:s0
tcontext=u:object_r:sysfs_thermal:s0 tclass=dir

denied { search } for pid=783 comm="thermal-engine" name="thermal"
dev="sysfs" ino=42709 scontext=u:r:thermal-engine:s0
tcontext=u:object_r:sysfs_thermal:s0 tclass=dir

Bug: 34784662
Test: The above denials no longer appear during boot
Change-Id: If6fd93e10a85968a16b1266d148b0303ac0e09dd

sepolicy/file_contexts

@@ -38,6 +38,8 @@
 /dev/socket/thermal-recv-passive-client         u:object_r:thermal_socket:s0
 
 # files in sysfs
+/sys/devices/virtual/thermal(/.*)?                                  u:object_r:sysfs_thermal:s0
+/sys/module/msm_thermal(/.*)?                                       u:object_r:sysfs_thermal:s0
 /sys/devices/virtual/graphics/fb([0-2])+/idle_time                  u:object_r:sysfs_graphics:s0
 
 # files in /system

sepolicy/thermal-engine.te

@@ -3,6 +3,12 @@ type thermal-engine_exec, exec_type, file_type;
 
 init_daemon_domain(thermal-engine)
 
+allow thermal-engine sysfs_thermal:dir r_dir_perms;
+allow thermal-engine sysfs_thermal:file rw_file_perms;
+
+allow thermal-engine self:socket create_socket_perms;
+allowxperm thermal-engine self:socket ioctl msm_sock_ipc_ioctls;
+
 userdebug_or_eng(`
 permissive thermal-engine;
 ')