diff --git a/basic/non_plat/file.te b/basic/non_plat/file.te index 494e224..20d1581 100644 --- a/basic/non_plat/file.te +++ b/basic/non_plat/file.te @@ -482,6 +482,9 @@ type thermal_manager_data_file, file_type, data_file_type; # thermal core config file type thermal_core_data_file, file_type, data_file_type; +# Thermal link device +type thermal_link_device, dev_type; + #autokd data file type autokd_data_file, file_type, data_file_type; diff --git a/basic/non_plat/file_contexts b/basic/non_plat/file_contexts index 383a6a2..9832253 100644 --- a/basic/non_plat/file_contexts +++ b/basic/non_plat/file_contexts @@ -671,6 +671,7 @@ /(vendor|system/vendor)/bin/frs64 u:object_r:thermal_core_exec:s0 /(vendor|system/vendor)/bin/thermalloadalgod u:object_r:thermalloadalgod_exec:s0 /(vendor|system/vendor)/bin/hw/android\.hardware\.thermal@2\.0-service\.mtk u:object_r:hal_thermal_default_exec:s0 +/(vendor|system/vendor)/bin/hw/android\.hardware\.thermal@2\.0-service\.mediatek u:object_r:hal_thermal_default_exec:s0 /(vendor|system/vendor)/bin/lbs_hidl_service u:object_r:lbs_hidl_service_exec:s0 /(vendor|system/vendor)/bin/meta_tst u:object_r:meta_tst_exec:s0 /(vendor|system/vendor)/bin/kisd u:object_r:kisd_exec:s0 @@ -732,6 +733,11 @@ # Trustonic TEE /(vendor|system/vendor)/bin/hw/android\.hardware\.security\.keymint-service\.trustonic u:object_r:hal_keymint_default_exec:s0 +# Thermal +/vendor/bin/thermal_logd_mediatek u:object_r:init-thermal-logging-sh_exec:s0 +/vendor/bin/thermal_symlinks_mediatek u:object_r:init-thermal-symlinks-sh_exec:s0 +/dev/thermal(/.*)? u:object_r:thermal_link_device:s0 + # Microtrust SE /(vendor|system/vendor)/bin/hw/vendor\.microtrust\.hardware\.se@1\.0-service u:object_r:hal_secure_element_default_exec:s0 diff --git a/basic/non_plat/hal_thermal_default.te b/basic/non_plat/hal_thermal_default.te index 0403fee..c9691af 100644 --- a/basic/non_plat/hal_thermal_default.te +++ b/basic/non_plat/hal_thermal_default.te @@ -2,12 +2,18 @@ # Common SEPolicy Rule # ============================================== +r_dir_file(hal_thermal_default, sysfs_therm) +allow hal_thermal_default sysfs_therm:file w_file_perms; + +allow hal_thermal_default thermal_link_device:dir r_dir_perms; + allow hal_thermal_default proc_mtktz:dir search; allow hal_thermal_default proc_mtktz:file r_file_perms; allow hal_thermal_default proc_stat:file r_file_perms; #for uevent handle allow hal_thermal_default self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl; +allow hal_thermal_default self:netlink_generic_socket create_socket_perms_no_ioctl; #for thermal sysfs allow hal_thermal_default sysfs_therm:file rw_file_perms; @@ -15,4 +21,9 @@ allow hal_thermal_default sysfs_therm:dir search; #for thermal hal socket allow hal_thermal_default thermal_hal_socket:dir { rw_dir_perms setattr}; -allow hal_thermal_default thermal_hal_socket:sock_file create_file_perms; \ No newline at end of file +allow hal_thermal_default thermal_hal_socket:sock_file create_file_perms; + +hal_client_domain(hal_thermal_default, hal_power); + +# read thermal_config +get_prop(hal_thermal_default, vendor_thermal_prop) diff --git a/basic/non_plat/init-thermal-logging.sh.te b/basic/non_plat/init-thermal-logging.sh.te new file mode 100644 index 0000000..3cf560c --- /dev/null +++ b/basic/non_plat/init-thermal-logging.sh.te @@ -0,0 +1,10 @@ +type init-thermal-logging-sh, domain; +type init-thermal-logging-sh_exec, exec_type, vendor_file_type, file_type; + +init_daemon_domain(init-thermal-logging-sh) + +userdebug_or_eng(` + allow init-thermal-logging-sh vendor_toolbox_exec:file rx_file_perms; + allow init-thermal-logging-sh sysfs_therm:dir r_dir_perms; + allow init-thermal-logging-sh sysfs_therm:file r_file_perms; +') diff --git a/basic/non_plat/init-thermal-symlinks.sh.te b/basic/non_plat/init-thermal-symlinks.sh.te new file mode 100644 index 0000000..227f2ad --- /dev/null +++ b/basic/non_plat/init-thermal-symlinks.sh.te @@ -0,0 +1,12 @@ +type init-thermal-symlinks-sh, domain; +type init-thermal-symlinks-sh_exec, exec_type, vendor_file_type, file_type; + +init_daemon_domain(init-thermal-symlinks-sh) + +allow init-thermal-symlinks-sh vendor_toolbox_exec:file rx_file_perms; +allow init-thermal-symlinks-sh thermal_link_device:dir rw_dir_perms; +allow init-thermal-symlinks-sh thermal_link_device:lnk_file create_file_perms; + +r_dir_file(init-thermal-symlinks-sh, sysfs_therm) + +set_prop(init-thermal-symlinks-sh, vendor_thermal_prop) diff --git a/basic/non_plat/property.te b/basic/non_plat/property.te index e39ee78..f16a8a7 100644 --- a/basic/non_plat/property.te +++ b/basic/non_plat/property.te @@ -25,6 +25,7 @@ vendor_internal_prop(vendor_mtk_factory_prop) vendor_internal_prop(vendor_mtk_factory_start_prop) vendor_internal_prop(vendor_mtk_eara_io_prop) vendor_internal_prop(vendor_power_prop) +vendor_internal_prop(vendor_thermal_prop) # Properties which can't be written outside vendor vendor_restricted_prop(vendor_mtk_aal_ro_prop) diff --git a/basic/non_plat/property_contexts b/basic/non_plat/property_contexts index 4cc3d94..6aca195 100644 --- a/basic/non_plat/property_contexts +++ b/basic/non_plat/property_contexts @@ -406,3 +406,6 @@ persist.vendor.xfrm_support u:object_r:vendor_mtk_xfrm_support_prop:s0 mtk.vendor.omx.core.log u:object_r:vendor_mtk_omx_core_prop:s0 ro.mtk_crossmount_support u:object_r:vendor_mtk_crossmount_prop:s0 ro.mtk_deinterlace_support u:object_r:vendor_mtk_deinterlace_prop:s0 + +# Thermal +vendor.thermal. u:object_r:vendor_thermal_prop:s0 diff --git a/basic/non_plat/vendor_init.te b/basic/non_plat/vendor_init.te index 83b9011..fa3202b 100644 --- a/basic/non_plat/vendor_init.te +++ b/basic/non_plat/vendor_init.te @@ -169,3 +169,8 @@ set_prop(vendor_init, vendor_power_prop) # Allow vendor_init to write to sysfs_devices_block allow vendor_init sysfs_devices_block:file w_file_perms; + +# Thermal +allow vendor_init thermal_link_device:dir r_dir_perms; +allow vendor_init thermal_link_device:lnk_file r_file_perms; +set_prop(vendor_init, vendor_thermal_prop)