cbd89e878c
[Detail] In Android P, the main restriction is system and vendor cant communicate with on-desk files. [Solution] 1.Move thermal setting file to vendor. 2.Remove selinux violation policy. 3.Add thermal manager access vendor data file policy. MTK-Commit-Id: e579309fd163aa58f632784ce9d594d09e673096 Change-Id: Ibdec1e275eccfbbbd697c413e70a57705e643817 CR-Id: ALPS03867358 Feature: Thermal Management Signed-off-by: jerry-sc.wu <jerry-sc.wu@mediatek.com>
55 lines
2.8 KiB
Plaintext
55 lines
2.8 KiB
Plaintext
# ==============================================
|
|
# Policy File of /system/bin/thermalloadalgod_exec Executable File
|
|
|
|
# ==============================================
|
|
# Type Declaration
|
|
# ==============================================
|
|
type thermalloadalgod ,domain;
|
|
type thermalloadalgod_exec , exec_type, file_type, vendor_file_type;
|
|
|
|
# ==============================================
|
|
# MTK Policy Rule
|
|
# ==============================================
|
|
init_daemon_domain(thermalloadalgod)
|
|
|
|
# Date : WK18.18
|
|
# Operation : P Migration
|
|
# Purpose : Allow thermal_manager to access vendor data file.
|
|
file_type_auto_trans(thermal_manager, vendor_data_file, thermal_manager_data_file)
|
|
|
|
|
|
# Data : WK14.43
|
|
# Operation : Migration
|
|
# Purpose : thermal algorithm daemon for access driver node
|
|
allow thermalloadalgod input_device:dir { r_dir_perms write };
|
|
allow thermalloadalgod input_device:file r_file_perms;
|
|
|
|
### TBD, neverallowxperm on line 177 of system/sepolicy/public/domain.te
|
|
#allow thermalloadalgod thermalloadalgod:netlink_kobject_uevent_socket { write create bind read};
|
|
allow thermalloadalgod thermalloadalgod:netlink_socket { create bind write read};
|
|
|
|
allow thermalloadalgod thermal_manager_data_file:dir create_dir_perms;
|
|
allow thermalloadalgod thermal_manager_data_file:file create_file_perms;
|
|
allow thermalloadalgod kmsg_device:chr_file write;
|
|
|
|
# Data : WK16.49
|
|
# Operation : SPA porting
|
|
# Purpose : thermal algorithm daemon for SPA
|
|
# For /proc/[pid]/cgroup accessing
|
|
typeattribute thermalloadalgod mlstrustedsubject;
|
|
allow thermalloadalgod proc:dir {search getattr};
|
|
allow thermalloadalgod proc:file {getattr open read write ioctl};
|
|
allow thermalloadalgod shell:dir search;
|
|
allow thermalloadalgod platform_app:dir search;
|
|
allow thermalloadalgod platform_app:file {open read getattr};
|
|
allow thermalloadalgod priv_app:dir search;
|
|
allow thermalloadalgod priv_app:file {open read getattr};
|
|
allow thermalloadalgod system_app:dir search;
|
|
allow thermalloadalgod system_app:file {open read getattr};
|
|
allow thermalloadalgod untrusted_app:dir search;
|
|
allow thermalloadalgod untrusted_app:file {open read getattr};
|
|
allow thermalloadalgod mediaserver:dir search;
|
|
allow thermalloadalgod mediaserver:file {open read getattr};
|
|
allow thermalloadalgod proc_thermal:dir search;
|
|
allow thermalloadalgod proc_thermal:file { open read write getattr };
|