# ==============================================
# Policy File of /vendor/bin/thermal Executable File

# ==============================================
# Common SEPolicy Rule
# ==============================================
type thermal_exec, exec_type, file_type, vendor_file_type;

init_daemon_domain(thermal)
net_domain(thermal)

allow thermal mtkrild:unix_stream_socket connectto;
allow thermal proc_thermal:dir search;
allow thermal proc_thermal:file rw_file_perms;
allow thermal rild_oem_socket:sock_file write;
allow thermal netd_socket:sock_file write;
allow thermal netd:unix_stream_socket connectto;
allow thermal self:udp_socket create;
allow thermal self:udp_socket ioctl;
allow thermal rpc_socket:sock_file write;
allow thermal viarild:unix_stream_socket connectto;
allow thermal statusd:unix_stream_socket connectto;
allow thermal rild:unix_stream_socket connectto;

# If thermal(which belongs to vendor partition) want to open binder dev node(e.g. Parcel) will be
# denied for no permission. Should use vndbinder dev node in vendor domain.
# Using the following sepolicy rule to allow thermal to use vendor binder.
vndbinder_use(thermal)

# Data: 2018/08/26
# Operation: Thermal
# Purpose : add permission for thermal daemon to access mtcloader
set_prop(thermal, vendor_mtk_thermal_config_prop)
allow thermal thermal_manager_data_file:file rw_file_perms;
allow thermal thermalloadalgod:unix_stream_socket connectto;
allow thermal proc_mtkcooler:dir search;