Fix thermal-engine dac_override denial.
We occasionally see a dac_override SELinux denial from thermal-engine
trying to access /dev/diag. This seems to be a race between
thermal-engine reading the file and init setting its permissions to
666 (they are initially set to 660 and in the diag group).
This commit adds thermal-engine to the diag group so that it can read
the file even if it is not world-readable.
Bug: 72458250
Test: Boot Sailfish and test wifi and camera.
Change-Id: I55adfcf731a5da3ba7bb52d957d64e8e1f26febb
diff --git a/init.common.rc b/init.common.rc
index 30a4229..dfa92db 100644
--- a/init.common.rc
+++ b/init.common.rc
@@ -579,7 +579,7 @@
service thermal-engine /vendor/bin/thermal-engine -c ${sys.qcom.thermalcfg:-/vendor/etc/thermal-engine.conf}
class main
user root
- group root system
+ group root system diag
socket thermal-send-client stream 0666 system system
socket thermal-recv-client stream 0660 system system
socket thermal-recv-passive-client stream 0666 system system
diff --git a/sepolicy/bug_map b/sepolicy/bug_map
index 608041a..054beda 100644
--- a/sepolicy/bug_map
+++ b/sepolicy/bug_map
@@ -2,4 +2,3 @@
radio sysfs dir 72066170
netutils_wrapper proc_net file 72099135
netutils_wrapper sysfs_net file 72157903
-thermal-engine thermal-engine capability 72458250