# ==============================================
# Policy File of /vendor/bin/thermalloadalgod_exec Executable File

# ==============================================
# Type Declaration
# ==============================================
type thermalloadalgod ,domain;
type thermalloadalgod_exec, exec_type, file_type, vendor_file_type;
typeattribute thermalloadalgod mlstrustedsubject;

# ==============================================
# Common SEPolicy Rule
# ==============================================
init_daemon_domain(thermalloadalgod)

# Data : WK14.43
# Operation : Migration
# Purpose : thermal algorithm daemon for access driver node
allow thermalloadalgod input_device:dir rw_dir_perms;
allow thermalloadalgod input_device:file r_file_perms;

allow thermalloadalgod thermalloadalgod:netlink_socket create_socket_perms_no_ioctl;

allow thermalloadalgod thermal_manager_data_file:dir create_dir_perms;
allow thermalloadalgod thermal_manager_data_file:file create_file_perms;
allow thermalloadalgod kmsg_device:chr_file w_file_perms;

# Data : WK16.49
# Operation : SPA porting
# Purpose : thermal algorithm daemon for SPA
# For /proc/[pid]/cgroup accessing
allow thermalloadalgod proc:dir { search getattr };
allow thermalloadalgod shell:dir search;
allow thermalloadalgod platform_app:dir search;
allow thermalloadalgod platform_app:file r_file_perms;
allow thermalloadalgod priv_app:dir search;
allow thermalloadalgod priv_app:file r_file_perms;
allow thermalloadalgod system_app:dir search;
allow thermalloadalgod system_app:file r_file_perms;
allow thermalloadalgod untrusted_app:dir search;
allow thermalloadalgod untrusted_app:file r_file_perms;
allow thermalloadalgod mediaserver:dir search;
allow thermalloadalgod mediaserver:file r_file_perms;
allow thermalloadalgod proc_thermal:dir search;
allow thermalloadalgod proc_thermal:file rw_file_perms;