From aecfc158546c658a4cd331275a471251262bbd10 Mon Sep 17 00:00:00 2001
From: "jerry-sc.wu" <jerry-sc.wu@mediatek.com>
Date: Sat, 18 Jan 2020 10:18:30 +0800
Subject: [PATCH] [ALPS04735619] Thermal: add file permission

[Detail]
Add file permission for thermal manager.

MTK-Commit-Id: f28b99158ef677c1370a0bd92fbff8732756512b

Change-Id: I6c871f828fb0dee9f71254f15fb198889c7a0578
Signed-off-by: jerry-sc.wu <jerry-sc.wu@mediatek.com>
CR-Id: ALPS04735619
Feature: Thermal Management
(cherry picked from commit 2a10700b959d147f2db80be8143c2cd6f43ba2a9)
---
 non_plat/file_contexts      | 1 +
 non_plat/thermal_manager.te | 7 +++++--
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/non_plat/file_contexts b/non_plat/file_contexts
index 81318de..c963e84 100644
--- a/non_plat/file_contexts
+++ b/non_plat/file_contexts
@@ -18,6 +18,7 @@
 #############################
 # Data files
 #
+/data/vendor/.tp(/.*)?  u:object_r:thermal_manager_data_file:s0
 /data/vendor_de/meta(/.*)?    u:object_r:mddb_data_file:s0
 /data/aee_exp(/.*)?  u:object_r:aee_exp_data_file:s0
 /data/vendor/aee_exp(/.*)?  u:object_r:aee_exp_vendor_file:s0
diff --git a/non_plat/thermal_manager.te b/non_plat/thermal_manager.te
index 96b5248..2ad3f91 100644
--- a/non_plat/thermal_manager.te
+++ b/non_plat/thermal_manager.te
@@ -23,9 +23,11 @@ allow thermal_manager proc_thermal:file rw_file_perms;
 # Date : WK15.30
 # Operation : Migration
 # Purpose : Use file_type_auto_trans to specify label to avoid violated(never allow)
-allow thermal_manager thermal_manager_data_file:file { create write read open setattr write lock};
+
+allow thermal_manager thermal_manager_data_file:file create_file_perms;
 allow thermal_manager thermal_manager_data_file:dir { rw_dir_perms setattr };
 
+
 allow thermal_manager mediaserver:fd use;
 allow thermal_manager mediaserver:fifo_file { read write };
 allow thermal_manager mediaserver:tcp_socket { read write };
@@ -51,5 +53,6 @@ allow thermal_manager mtk_thermal_config_prop:property_service set;
 # Date : WK18.18
 # Operation : P Migration
 # Purpose : Allow thermal_manager to access vendor data file.
-allow thermal_manager vendor_data_file:dir { write add_name };
+
 allow thermal_manager self:capability { fowner chown };
+