| # Thermal-engine daemon |
| type thermal-engine, domain; |
| type thermal-engine_exec, exec_type, file_type; |
| |
| # Started by init |
| init_daemon_domain(thermal-engine) |
| |
| # Allow to read and write cpufreq sysfs |
| allow thermal-engine sysfs_devices_system_cpu:file rw_file_perms; |
| |
| # This is to access thermal query device and smem log device |
| allow thermal-engine { thermal_device smem_log_device }:chr_file rw_file_perms; |
| |
| allow thermal-engine self:capability { |
| dac_read_search |
| dac_override |
| fsetid |
| sys_boot |
| }; |
| |
| allow thermal-engine self:socket create_socket_perms; |
| |
| # This is required to access thermal sockets |
| allow thermal-engine thermal_socket:dir w_dir_perms; |
| allow thermal-engine thermal_socket:sock_file create_file_perms; |
| allow thermal-engine socket_device:dir w_dir_perms; |
| |
| # This is required for thermal sysfs access |
| r_dir_file(thermal-engine, sysfs_thermal) |
| allow thermal-engine { sysfs_thermal sysfs }:file w_file_perms; |
| |
| # This is required for qmi access |
| qmux_socket(thermal-engine); |
| allow thermal-engine sysfs_mpdecision:file rw_file_perms; |
| |
| r_dir_file(thermal-engine, sysfs_ssr); |
| |
| # This is required for wake alarm access |
| allow thermal-engine self:capability2 wake_alarm; |
| |
| # This is required for thermal perfd access |
| allow thermal-engine mpctl_socket:dir search; |
| allow thermal-engine mpctl_socket:sock_file write; |
| unix_socket_send(thermal-engine, mpctl, perfd) |
| unix_socket_connect(thermal-engine, mpctl, perfd) |
| unix_socket_send(thermal-engine, mpctl, mpdecision) |
| unix_socket_connect(thermal-engine, mpctl, mpdecision) |
| |
| #This is to allow access to uio device |
| allow thermal-engine uio_device:chr_file rw_file_perms; |