From d0f358d531eceba5fcd368b198f5cb444a05a2fb Mon Sep 17 00:00:00 2001
From: Cosmin Tanislav <demonsingur@gmail.com>
Date: Wed, 13 Oct 2021 11:13:16 +0300
Subject: [PATCH] sm8350-common: sepolicy: add mi_thermald rules

---
 sepolicy/vendor/file_contexts  |  3 +++
 sepolicy/vendor/mi_thermald.te | 25 +++++++++++++++++++++++++
 2 files changed, 28 insertions(+)

diff --git a/sepolicy/vendor/file_contexts b/sepolicy/vendor/file_contexts
index 12f3395..c0f5ac9 100644
--- a/sepolicy/vendor/file_contexts
+++ b/sepolicy/vendor/file_contexts
@@ -17,3 +17,6 @@
 /sys/devices/platform/soc/soc:qcom,dsi-display-primary/fod_hbm     u:object_r:vendor_sysfs_fod:s0
 /sys/devices/platform/soc/soc:qcom,dsi-display-primary/fod_ui      u:object_r:vendor_sysfs_fod:s0
 /sys/devices/virtual/touch/tp_dev/fod_status                       u:object_r:vendor_sysfs_fod:s0
+
+# Thermal
+/data/vendor/thermal(/.*)?                           u:object_r:thermal_data_file:s0
diff --git a/sepolicy/vendor/mi_thermald.te b/sepolicy/vendor/mi_thermald.te
index 6b64a18..a19d350 100644
--- a/sepolicy/vendor/mi_thermald.te
+++ b/sepolicy/vendor/mi_thermald.te
@@ -1,2 +1,27 @@
 type mi_thermald, domain;
 type mi_thermald_exec, exec_type, vendor_file_type, file_type;
+type thermal_data_file, data_file_type, file_type;
+
+r_dir_file(mi_thermald, sysfs)
+r_dir_file(mi_thermald, sysfs_leds)
+r_dir_file(mi_thermald, sysfs_thermal)
+r_dir_file(mi_thermald, vendor_sysfs_kgsl)
+r_dir_file(mi_thermald, vendor_sysfs_battery_supply)
+r_dir_file(mi_thermald, vendor_sysfs_qcom_battery)
+r_dir_file(mi_thermald, vendor_sysfs_graphics)
+r_dir_file(mi_thermald, thermal_data_file)
+r_dir_file(mi_thermald, vendor_data_file)
+
+allow mi_thermald sysfs:file w_file_perms;
+allow mi_thermald sysfs_thermal:file w_file_perms;
+allow mi_thermald vendor_sysfs_kgsl:file w_file_perms;
+allow mi_thermald vendor_sysfs_battery_supply:file w_file_perms;
+allow mi_thermald vendor_sysfs_qcom_battery:file w_file_perms;
+allow mi_thermald vendor_sysfs_graphics:file w_file_perms;
+allow mi_thermald thermal_data_file:file rw_file_perms;
+allow mi_thermald vendor_data_file:file rw_file_perms;
+allow mi_thermald vendor_data_file:dir w_dir_perms;
+allow mi_thermald sysfs_devices_system_cpu:file rw_file_perms;
+
+allow mi_thermald self:capability { fsetid sys_boot chown fowner };
+allow mi_thermald self:capability2 { wake_alarm block_suspend };
-- 
GitLab