[ALPS04735619] Thermal: add file permission

[Detail] Add file permission for thermal manager. MTK-Commit-Id: f28b99158ef677c1370a0bd92fbff8732756512b Change-Id: I6c871f828fb0dee9f71254f15fb198889c7a0578 Signed-off-by: jerry-sc.wu <jerry-sc.wu@mediatek.com> CR-Id: ALPS04735619 Feature: Thermal Management (cherry picked from commit 2a10700b959d147f2db80be8143c2cd6f43ba2a9)
2020-01-18 10:18:30 +08:00 · 2020-01-18 10:18:30 +08:00 · aecfc15854
commit aecfc15854
parent 673540dbc3
2 changed files with 6 additions and 2 deletions
--- a/non_plat/file_contexts
+++ b/non_plat/file_contexts
@ -18,6 +18,7 @@
 #############################
 # Data files
 #
+/data/vendor/.tp(/.*)?  u:object_r:thermal_manager_data_file:s0
 /data/vendor_de/meta(/.*)?    u:object_r:mddb_data_file:s0
 /data/aee_exp(/.*)?  u:object_r:aee_exp_data_file:s0
 /data/vendor/aee_exp(/.*)?  u:object_r:aee_exp_vendor_file:s0
--- a/non_plat/thermal_manager.te
+++ b/non_plat/thermal_manager.te
@ -23,9 +23,11 @@ allow thermal_manager proc_thermal:file rw_file_perms;
 # Date : WK15.30
 # Operation : Migration
 # Purpose : Use file_type_auto_trans to specify label to avoid violated(never allow)
-allow thermal_manager thermal_manager_data_file:file { create write read open setattr write lock};
+
+allow thermal_manager thermal_manager_data_file:file create_file_perms;
 allow thermal_manager thermal_manager_data_file:dir { rw_dir_perms setattr };

+
 allow thermal_manager mediaserver:fd use;
 allow thermal_manager mediaserver:fifo_file { read write };
 allow thermal_manager mediaserver:tcp_socket { read write };
@ -51,5 +53,6 @@ allow thermal_manager mtk_thermal_config_prop:property_service set;
 # Date : WK18.18
 # Operation : P Migration
 # Purpose : Allow thermal_manager to access vendor data file.
-allow thermal_manager vendor_data_file:dir { write add_name };
+
 allow thermal_manager self:capability { fowner chown };
+