sdm660-common: sepolicy: Adjust sepolicy for qti thermal

Co-Authored-By: Clarence K <clarencekuiek@proton.me>

sepolicy/vendor/hal_thermal_default.te

@@ -0,0 +1,11 @@
+# This is required to access proc stat for fetching CPU usage
+allow hal_thermal_default proc_stat:file { getattr open read };
+
+allow hal_thermal_default sysfs_thermal:dir r_dir_perms;
+allow hal_thermal_default sysfs_thermal:file rw_file_perms;
+allow hal_thermal_default proc_stat:file r_file_perms;
+
+allow hal_thermal_default self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
+
+# read thermal config
+get_prop(hal_thermal_default, vendor_thermal_prop)

sepolicy/vendor/property.te

@@ -4,6 +4,6 @@ vendor_public_prop(mlipay_prop);
 vendor_restricted_prop(vendor_camera_prop);
 vendor_internal_prop(dirac_prop);
 vendor_internal_prop(vendor_power_prop)
-vendor_internal_prop(thermal_engine_prop);
+vendor_internal_prop(vendor_thermal_prop);
 vendor_public_prop(hal_bluetooth_qti_prop);
 vendor_public_prop(vendor_wcnss_service_prop);

sepolicy/vendor/property_contexts

@@ -106,5 +106,5 @@ ro.miui.                                u:object_r:telephony_status_prop:s0
 rild.libpath				u:object_r:vendor_rild_libpath_prop:s0
 
 # Thermal engine
-persist.sys.thermal.                    u:object_r:thermal_engine_prop:s0
-sys.thermal.                            u:object_r:thermal_engine_prop:s0
+vendor.thermal.config                   u:object_r:vendor_thermal_prop:s0
+

sepolicy/vendor/thermal-engine.te

@@ -3,7 +3,10 @@ allow thermal-engine thermal_data_file:file create_file_perms;
 allow thermal-engine sysfs:dir r_dir_perms;
 allow thermal-engine self:capability { chown fowner };
 
-set_prop(thermal-engine, thermal_engine_prop);
+# Rule for thermal-engine to access init process
+unix_socket_connect(thermal-engine, property, init);
+
+set_prop(thermal-engine, vendor_thermal_prop);
 r_dir_file(thermal-engine, sysfs_thermal)
 
 dontaudit thermal-engine self:capability dac_override;