blob: ce5583d3a93db764597fff859407706f936b3c98 [file] [log] [blame]
# Temperature sensor daemon (root process)
type thermald, domain;
type thermald_exec, exec_type, file_type;
# Started by init
allow thermald shared_log_device:chr_file rw_file_perms;
# TODO - track down source of these capabilities requests, audit for now
allow thermald self:capability { dac_override fsetid chown };
auditallow thermald self:capability { dac_override fsetid chown };
# Access to /dev/msm_thermal_query
allow thermald thermal_engine_device:chr_file rw_file_perms;
# Talk to qmuxd (/dev/socket/qmux_radio)
# Create and access to /dev/socket/thermal-.*
type_transition thermald socket_device:sock_file thermald_socket;
allow thermald socket_device:dir w_dir_perms;
allow thermald thermald_socket:sock_file create_file_perms;
allow thermald self:socket create_socket_perms;
# TODO specify specific labels for /sys/ files
allow thermald sysfs:file write;