sepolicy: Add thermal-engine rules

Signed-off-by: DennySPb <dennyspb@gmail.com>
Change-Id: I4ef5664b036d0cff81ebb39646276b208da4986b

sepolicy/vendor/file.te

@@ -2,6 +2,7 @@ type display_data_file, file_type, data_file_type, core_data_file_type;
 type proc_touchpanel, fs_type, proc_type;
 type sysfs_oem, sysfs_type, fs_type;
 
+type thermal_data_file, data_file_type, file_type;
 type sysfs_msm_subsys, sysfs_type, fs_type;
 type sysfs_system_sleep_stats, sysfs_type, fs_type;
 type sysfs_rpm, sysfs_type, fs_type;

sepolicy/vendor/property.te

@@ -3,3 +3,4 @@ type vendor_camera_prop, property_type;
 #type vendor_display_prop, property_type;
 #type vendor_audio_prop, property_type;
 type vendor_power_prop, property_type;
+type thermal_engine_prop, property_type;

sepolicy/vendor/property_contexts

@@ -12,3 +12,6 @@ vendor.powerhal.audio      u:object_r:vendor_power_prop:s0
 vendor.powerhal.lpm        u:object_r:vendor_power_prop:s0
 vendor.powerhal.init       u:object_r:vendor_power_prop:s0
 vendor.powerhal.rendering  u:object_r:vendor_power_prop:s0
+
+# Thermal
+persist.sys.thermal.       u:object_r:thermal_engine_prop:s0

sepolicy/vendor/thermal-engine.te

@@ -0,0 +1,10 @@
+allow thermal-engine thermal_data_file:dir rw_dir_perms;
+allow thermal-engine thermal_data_file:file create_file_perms;
+
+allow thermal-engine self:capability { chown fowner };
+allow thermal-engine sysfs_devfreq:dir r_dir_perms;
+
+set_prop(thermal-engine, thermal_engine_prop)
+
+dontaudit thermal-engine sysfs:dir read;
+dontaudit thermal-engine self:capability dac_override;