From cbd89e878c97ee4253d811d5de94828b3d1f7a4c Mon Sep 17 00:00:00 2001 From: "jerry-sc.wu" Date: Sat, 18 Jan 2020 09:42:39 +0800 Subject: [PATCH] [ALPS03867358] Thermal: P Migration [Detail] In Android P, the main restriction is system and vendor cant communicate with on-desk files. [Solution] 1.Move thermal setting file to vendor. 2.Remove selinux violation policy. 3.Add thermal manager access vendor data file policy. MTK-Commit-Id: e579309fd163aa58f632784ce9d594d09e673096 Change-Id: Ibdec1e275eccfbbbd697c413e70a57705e643817 CR-Id: ALPS03867358 Feature: Thermal Management Signed-off-by: jerry-sc.wu --- non_plat/thermal_manager.te | 11 +++++++---- non_plat/thermalloadalgod.te | 6 +++++- 2 files changed, 12 insertions(+), 5 deletions(-) diff --git a/non_plat/thermal_manager.te b/non_plat/thermal_manager.te index f28166e..a000c1e 100644 --- a/non_plat/thermal_manager.te +++ b/non_plat/thermal_manager.te @@ -18,14 +18,12 @@ allow thermal_manager proc_thermal:dir search; allow thermal_manager proc_mtkcooler:file rw_file_perms; allow thermal_manager proc_mtktz:file rw_file_perms; allow thermal_manager proc_thermal:file rw_file_perms; -typeattribute thermal_manager data_between_core_and_vendor_violators; -allow thermal_manager system_data_file:dir { write add_name }; -#allow thermal_manager self:capability { fowner chown fsetid dac_override }; + # Date : WK15.30 # Operation : Migration # Purpose : Use file_type_auto_trans to specify label to avoid violated(never allow) -#allow thermal_manager thermal_manager_data_file:file { create write read open setattr write lock}; +allow thermal_manager thermal_manager_data_file:file { create write read open setattr write lock}; allow thermal_manager thermal_manager_data_file:dir { rw_dir_perms setattr }; allow thermal_manager mediaserver:fd use; @@ -50,3 +48,8 @@ allow thermal_manager sysfs:file write; # Purpose : Allow thermal_manager to notify SPA. allow thermal_manager mtk_thermal_config_prop:file { getattr open read }; allow thermal_manager mtk_thermal_config_prop:property_service set; + +# Date : WK18.18 +# Operation : P Migration +# Purpose : Allow thermal_manager to access vendor data file. +allow thermal_manager vendor_data_file:dir { write add_name }; diff --git a/non_plat/thermalloadalgod.te b/non_plat/thermalloadalgod.te index 9cbd171..f2c2a89 100644 --- a/non_plat/thermalloadalgod.te +++ b/non_plat/thermalloadalgod.te @@ -11,7 +11,11 @@ type thermalloadalgod_exec , exec_type, file_type, vendor_file_type; # MTK Policy Rule # ============================================== init_daemon_domain(thermalloadalgod) -file_type_auto_trans(thermal_manager, system_data_file, thermal_manager_data_file) + +# Date : WK18.18 +# Operation : P Migration +# Purpose : Allow thermal_manager to access vendor data file. +file_type_auto_trans(thermal_manager, vendor_data_file, thermal_manager_data_file) # Data : WK14.43