| # Temperature sensor daemon (root process) |
| type thermal-engine, domain; |
| type thermal-engine_exec, exec_type, file_type; |
| |
| # Started by init |
| init_daemon_domain(thermal-engine) |
| |
| allow thermal-engine shared_log_device:chr_file rw_file_perms; |
| |
| allow thermal-engine self:capability { dac_read_search dac_override fsetid chown }; |
| |
| # Access to /dev/msm_thermal_query |
| allow thermal-engine thermal_engine_device:chr_file rw_file_perms; |
| |
| # Talk to qmuxd (/dev/socket/qmux_radio) |
| qmux_socket(thermal-engine) |
| |
| # Create and access to /dev/socket/thermal-.* |
| type_transition thermal-engine socket_device:sock_file thermal_socket; |
| allow thermal-engine socket_device:dir w_dir_perms; |
| allow thermal-engine thermal_socket:sock_file create_file_perms; |
| |
| allow thermal-engine self:socket create_socket_perms; |
| |
| # TODO specify specific labels for /sys/ files |
| allow thermal-engine sysfs:file write; |
| |
| allow thermal-engine sysfs_thermal:dir r_dir_perms; |
| allow thermal-engine sysfs_thermal:file rw_file_perms; |
| allow thermal-engine sysfs_thermal:lnk_file read; |
| |
| # Writes to /sys/module/msm_thermal/core_control/cpus_offlined |
| allow thermal-engine sysfs_mpdecision:file rw_file_perms; |
| |
| r_dir_file(thermal-engine, sysfs_ssr) |
