android_device_xiaomi_sdm66.../sepolicy/vendor/thermal-engine.te

allow thermal-engine thermal_data_file:dir rw_dir_perms;
allow thermal-engine thermal_data_file:file create_file_perms;
allow thermal-engine sysfs:dir r_dir_perms;
allow thermal-engine self:capability { chown fowner sys_admin };

set_prop(thermal-engine, thermal_engine_prop);
r_dir_file(thermal-engine, sysfs_thermal)

dontaudit thermal-engine self:capability dac_override;
sdm660-common: sepolicy: Update sepolicy and cleanup * Address some denials from android 11 * Fix video recording * Sort in alphabetic order Signed-off-by: OdSazib <odsazib@gmail.com> 2020-08-06 04:08:04 -04:00			`allow thermal-engine thermal_data_file:dir rw_dir_perms;`
			`allow thermal-engine thermal_data_file:file create_file_perms;`
sdm660-common: sepolicy: Rework sepolicy (No more neverallow) - Thanks to LineageOS and our sdm660 community Change-Id: I54c7d76260041b7c383428449e149aa35d51de9b3c 2021-04-17 13:30:26 -04:00			`allow thermal-engine sysfs:dir r_dir_perms;`
sdm660-common: sepolicy: Address many sys_admin and kill denials sdm660-common: sepolicy: Address qti_init_shell kill denial avc: denied { kill } for comm="init.class_main" capability=5 scontext=u:r:qti_init_shell:s0 tcontext=u:r:qti_init_shell:s0 tclass=capability permissive=0 sdm660-common: sepolicy: Address hal_power_default kill and sys_admin denial avc: denied { sys_admin } for comm="android.hardwar" capability=21 scontext=u:r:hal_power_default:s0 tcontext=u:r:hal_power_default:s0 tclass=capability permissive=0 avc: denied { kill } for comm="android.hardwar" capability=5 scontext=u:r:hal_power_default:s0 tcontext=u:r:hal_power_default:s0 tclass=capability permissive=0 sdm660-common: sepolicy: Address vdc sys_admin denial avc: denied { sys_admin } for comm="vdc" capability=21 scontext=u:r:vdc:s0 tcontext=u:r:vdc:s0 tclass=capability permissive=0 sdm660-common: sepolicy: Address vold_prepare_subdirs sys_admin denial avc: denied { sys_admin } for comm="vold_prepare_su" capability=21 scontext=u:r:vold_prepare_subdirs:s0 tcontext=u:r:vold_prepare_subdirs:s0 tclass=capability permissive=0 sdm660-common: sepolicy: Address fsck sys_admin denial avc: denied { sys_admin } for comm="e2fsck" capability=21 scontext=u:r:fsck:s0 tcontext=u:r:fsck:s0 tclass=capability permissive=0 sdm660-common: sepolicy: address toolbox sys_admin, kill denial avc: denied { sys_admin } for comm="mkswap" capability=21 scontext=u:r:toolbox:s0 tcontext=u:r:toolbox:s0 tclass=capability permissive=0 avc: denied { kill } for comm="mkswap" capability=5 scontext=u:r:toolbox:s0 tcontext=u:r:toolbox:s0 tclass=capability permissive=0 sdm660-common: sepolicy: Address ueventd kill and sys_admin denials avc: denied { sys_admin } for pid=460 comm="ueventd" capability=21 scontext=u:r:ueventd:s0 tcontext=u:r:ueventd:s0 tclass=capability permissive=0 avc: denied { kill } for comm="ueventd" capability=5 scontext=u:r:ueventd:s0 tcontext=u:r:ueventd:s0 tclass=capability permissive=0 sdm660-common: sepolicy: Address irsc_util sys_admin denial avc: denied { sys_admin } for comm="irsc_util" capability=21 scontext=u:r:irsc_util:s0 tcontext=u:r:irsc_util:s0 tclass=capability permissive=0 sdm660-common: sepolicy: Address rfs_access sys_admin denial avc: denied { sys_admin } for comm="tftp_server" capability=21 scontext=u:r:rfs_access:s0 tcontext=u:r:rfs_access:s0 tclass=capability permissive=0 sdm660-common: sepolicy: Address rmt_storage sys_admin denial avc: denied { sys_admin } for comm="rmt_storage" capability=21 scontext=u:r:rmt_storage:s0 tcontext=u:r:rmt_storage:s0 tclass=capability permissive=0 sdm660-common: sepolicy: Address vendor_pd_mapper sys_admin denial sdm660-common: sepolicy: Address vendor_modprobe sys_admin denial avc: denied { sys_admin } for comm="modprobe" capability=21 scontext=u:r:vendor_modprobe:s0 tcontext=u:r:vendor_modprobe:s0 tclass=capability permissive=0 sdm660-common: sepolicy: Address adbd sys_admin denial avc: denied { sys_admin } for comm="adbd" capability=21 scontext=u:r:adbd:s0 tcontext=u:r:adbd:s0 tclass=capability permissive=0 sdm660-common: sepolicy: Address vendor_dpmd sys_admin denial avc: denied { sys_admin } for comm="dpmd" capability=21 scontext=u:r:vendor_dpmd:s0 tcontext=u:r:vendor_dpmd:s0 tclass=capability permissive=0 sdm660-common: sepolicy: Address thermal-engine sys_admin denial avc: denied { sys_admin } for comm="thermal-engine" capability=21 scontext=u:r:thermal-engine:s0 tcontext=u:r:thermal-engine:s0 tclass=capability permissive=0 sdm660-common: sepolicy: Address usbd sys_admin denial avc: denied { sys_admin } for comm="usbd" capability=21 scontext=u:r:usbd:s0 tcontext=u:r:usbd:s0 tclass=capability permissive=0 sdm660-common: sepolicy: Address vendor_msm_irqbalanced sys_admin denial avc: denied { sys_admin } for comm="msm_irqbalance" capability=21 scontext=u:r:vendor_msm_irqbalanced:s0 tcontext=u:r:vendor_msm_irqbalanced:s0 tclass=capability permissive=0 sdm660-common: sepolicy: Address hal_wifi_supplicant_default sys_admin denial avc: denied { sys_admin } for comm="wpa_supplicant" capability=21 scontext=u:r:hal_wifi_supplicant_default:s0 tcontext=u:r:hal_wifi_supplicant_default:s0 tclass=capability permissive=0 sdm660-common: sepolicy: Address boringssl_self_test sys_admin denial avc: denied { sys_admin } for pid=460 comm="boringssl_self_" capability=21 scontext=u:r:boringssl_self_test:s0 tcontext=u:r:boringssl_self_test:s0 tclass=capability permissive=0 sdm660-common: sepolicy: Address vendor_boringssl_self_test sys_admin denial avc: denied { sys_admin } for pid=462 comm="boringssl_self_" capability=21 scontext=u:r:vendor_boringssl_self_test:s0 tcontext=u:r:vendor_boringssl_self_test:s0 tclass=capability permissive=0 sdm660-common: sepolicy: Address linkerconfig sys_admin denial avc: denied { sys_admin } for pid=459 comm="linkerconfig" capability=21 scontext=u:r:linkerconfig:s0 tcontext=u:r:linkerconfig:s0 tclass=capability permissive=0 sdm660-common: sepolicy: Address fsverity_init sys_admin denial avc: denied { sys_admin } for comm="fsverity_init" capability=21 scontext=u:r:fsverity_init:s0 tcontext=u:r:fsverity_init:s0 tclass=capability permissive=0 sdm660-common: sepolicy: Address migrate_legacy_obb_data sys_admin denial avc: denied { sys_admin } for comm="migrate_legacy_" capability=21 scontext=u:r:migrate_legacy_obb_data:s0 tcontext=u:r:migrate_legacy_obb_data:s0 tclass=capability permissive=0 avc: denied { sys_admin } for comm="rm" capability=21 scontext=u:r:migrate_legacy_obb_data:s0 tcontext=u:r:migrate_legacy_obb_data:s0 tclass=capability permissive=0 avc: denied { sys_admin } for comm="mkdir" capability=21 scontext=u:r:migrate_legacy_obb_data:s0 tcontext=u:r:migrate_legacy_obb_data:s0 tclass=capability permissive=0 avc: denied { sys_admin } for comm="touch" capability=21 scontext=u:r:migrate_legacy_obb_data:s0 tcontext=u:r:migrate_legacy_obb_data:s0 tclass=capability permissive=0 avc: denied { sys_admin } for comm="rm" capability=21 scontext=u:r:migrate_legacy_obb_data:s0 tcontext=u:r:migrate_legacy_obb_data:s0 tclass=capability permissive=0 avc: denied { sys_admin } for comm="rmdir" capability=21 scontext=u:r:migrate_legacy_obb_data:s0 tcontext=u:r:migrate_legacy_obb_data:s0 tclass=capability permissive=0 avc: denied { sys_admin } for comm="log" capability=21 scontext=u:r:migrate_legacy_obb_data:s0 tcontext=u:r:migrate_legacy_obb_data:s0 tclass=capability permissive=0 sdm660-common: sepolicy: Address hvdcp sys_admin denial avc: denied { sys_admin } for comm="hvdcp_opti" capability=21 scontext=u:r:hvdcp:s0 tcontext=u:r:hvdcp:s0 tclass=capability permissive=0 sdm660-common: sepolicy: Address netmgrd sys_admin denial avc: denied { sys_admin } for comm="netmgrd" capability=21 scontext=u:r:netmgrd:s0 tcontext=u:r:netmgrd:s0 tclass=capability permissive=0 sdm660-common: sepolicy: Address adbroot sys_admin denial avc: denied { sys_admin } for comm="adb_root" capability=21 scontext=u:r:adbroot:s0 tcontext=u:r:adbroot:s0 tclass=capability permissive=0 Signed-off-by: pix106 <sbordenave@gmail.com> 2021-07-30 07:46:54 -04:00			`allow thermal-engine self:capability { chown fowner sys_admin };`
sdm660-common: sepolicy: Rework sepolicy (No more neverallow) - Thanks to LineageOS and our sdm660 community Change-Id: I54c7d76260041b7c383428449e149aa35d51de9b3c 2021-04-17 13:30:26 -04:00
Revert "sdm660-common: sepolicy: Adjust sepolicy for qti thermal" This reverts commit 77c4792ac9364166523b0c32164de2fe3736aad1. 2021-07-30 12:10:45 -04:00			`set_prop(thermal-engine, thermal_engine_prop);`
sdm660-common: sepolicy: Rework sepolicy (No more neverallow) - Thanks to LineageOS and our sdm660 community Change-Id: I54c7d76260041b7c383428449e149aa35d51de9b3c 2021-04-17 13:30:26 -04:00			`r_dir_file(thermal-engine, sysfs_thermal)`
sdm660-common: sepolicy: Update sepolicy for 4.19 2021-06-27 12:45:59 -04:00
			`dontaudit thermal-engine self:capability dac_override;`