1 # Temperature sensor daemon (root process) 2 type thermald, domain; 3 type thermald_exec, exec_type, file_type; 4 5 # Started by init 6 init_daemon_domain(thermald) 7 8 # DAC overrides 9 allow thermald self:capability dac_override; 10 auditallow thermald self:capability dac_override; 11 12 allow thermald self:socket create_socket_perms; 13 14 # CPU hotplug uevent 15 allow thermald self:netlink_kobject_uevent_socket { create setopt bind read }; 16 allow thermald self:capability net_admin; 17 18 # Talk to qmuxd (/dev/socket/qmux_radio) 19 qmux_socket(thermald) 20 21 # Access shared logger (/dev/smem_log) 22 allow thermald shared_log_device:chr_file rw_file_perms; 23 24 # Access /sys/devices/system/cpu/ 25 allow thermald sysfs_devices_system_cpu:file rw_file_perms; 26 27 # Some files in /sys/devices/system/cpu may pop in and out of existance, 28 # defeating our attempt to label them. As a result, they could have the 29 # sysfs label, not the sysfs_devices_system_cpu label. 30 # Allow write access for now until we figure out a better solution. 31 # For example, the following files pop in and out of existance: 32 # /sys/devices/system/cpu/cpu1/cpufreq/cpuinfo_min_freq 33 # /sys/devices/system/cpu/cpu1/cpufreq/scaling_min_freq 34 allow thermald sysfs:file write; 35 36 # Connect to mpdecision. 37 allow thermald mpdecision_socket:dir r_dir_perms; 38 unix_socket_connect(thermald, mpdecision, mpdecision) 39
