allow thermal-engine thermal_data_file:dir rw_dir_perms;
allow thermal-engine thermal_data_file:file create_file_perms;
allow thermal-engine sysfs:dir r_dir_perms;
allow thermal-engine self:capability { chown fowner };

# Rule for thermal-engine to access init process
unix_socket_connect(thermal-engine, property, init);

set_prop(thermal-engine, vendor_thermal_prop);
r_dir_file(thermal-engine, sysfs_thermal)

dontaudit thermal-engine self:capability dac_override;