From 961898527d92a1c0c2dd1b974c247378d926a9f4 Mon Sep 17 00:00:00 2001
From: Bruno Martins <bgcngm@gmail.com>
Date: Wed, 16 Dec 2020 14:48:00 +0300
Subject: [PATCH] sepolicy: Add thermal-engine rules

Signed-off-by: DennySPb <dennyspb@gmail.com>
Change-Id: I4ef5664b036d0cff81ebb39646276b208da4986b
---
 sepolicy/vendor/file.te           |  1 +
 sepolicy/vendor/property.te       |  1 +
 sepolicy/vendor/property_contexts |  3 +++
 sepolicy/vendor/thermal-engine.te | 10 ++++++++++
 4 files changed, 15 insertions(+)
 create mode 100644 sepolicy/vendor/thermal-engine.te

diff --git a/sepolicy/vendor/file.te b/sepolicy/vendor/file.te
index 784d80c..d503fd0 100644
--- a/sepolicy/vendor/file.te
+++ b/sepolicy/vendor/file.te
@@ -2,6 +2,7 @@ type display_data_file, file_type, data_file_type, core_data_file_type;
 type proc_touchpanel, fs_type, proc_type;
 type sysfs_oem, sysfs_type, fs_type;
 
+type thermal_data_file, data_file_type, file_type;
 type sysfs_msm_subsys, sysfs_type, fs_type;
 type sysfs_system_sleep_stats, sysfs_type, fs_type;
 type sysfs_rpm, sysfs_type, fs_type;
diff --git a/sepolicy/vendor/property.te b/sepolicy/vendor/property.te
index 5dc804e..f63437e 100644
--- a/sepolicy/vendor/property.te
+++ b/sepolicy/vendor/property.te
@@ -3,3 +3,4 @@ type vendor_camera_prop, property_type;
 #type vendor_display_prop, property_type;
 #type vendor_audio_prop, property_type;
 type vendor_power_prop, property_type;
+type thermal_engine_prop, property_type;
diff --git a/sepolicy/vendor/property_contexts b/sepolicy/vendor/property_contexts
index e7e10a5..001058f 100644
--- a/sepolicy/vendor/property_contexts
+++ b/sepolicy/vendor/property_contexts
@@ -12,3 +12,6 @@ vendor.powerhal.audio      u:object_r:vendor_power_prop:s0
 vendor.powerhal.lpm        u:object_r:vendor_power_prop:s0
 vendor.powerhal.init       u:object_r:vendor_power_prop:s0
 vendor.powerhal.rendering  u:object_r:vendor_power_prop:s0
+
+# Thermal
+persist.sys.thermal.       u:object_r:thermal_engine_prop:s0
diff --git a/sepolicy/vendor/thermal-engine.te b/sepolicy/vendor/thermal-engine.te
new file mode 100644
index 0000000..6ef661d
--- /dev/null
+++ b/sepolicy/vendor/thermal-engine.te
@@ -0,0 +1,10 @@
+allow thermal-engine thermal_data_file:dir rw_dir_perms;
+allow thermal-engine thermal_data_file:file create_file_perms;
+
+allow thermal-engine self:capability { chown fowner };
+allow thermal-engine sysfs_devfreq:dir r_dir_perms;
+
+set_prop(thermal-engine, thermal_engine_prop)
+
+dontaudit thermal-engine sysfs:dir read;
+dontaudit thermal-engine self:capability dac_override;