1 # Temperature sensor daemon (root process) 2 type thermald, domain; 3 type thermald_exec, exec_type, file_type; 4 5 # Started by init 6 init_daemon_domain(thermald) 7 8 allow thermald self:socket create_socket_perms; 9 10 # CPU hotplug uevent 11 allow thermald self:netlink_kobject_uevent_socket { create setopt bind read }; 12 # b/12450712: The dac_override should likely be fixed. It is included to 13 # allow access to a few /sys/module/msm_thermal/ files. Once 14 # the proper perms on those files are fixed this can likely be 15 # reverted. We also want to auditallow every instance 16 # of dac_override to track its behavior. 17 allow thermald self:capability { dac_override net_admin }; 18 auditallow thermald self:capability dac_override; 19 20 # Talk to qmuxd (/dev/socket/qmux_radio) 21 qmux_socket(thermald) 22 23 # Access shared logger (/dev/smem_log) 24 allow thermald shared_log_device:chr_file rw_file_perms; 25 26 # Access /sys/devices/system/cpu/ 27 allow thermald sysfs_devices_system_cpu:file rw_file_perms; 28 29 # Some files in /sys/devices/system/cpu may pop in and out of existance, 30 # defeating our attempt to label them. As a result, they could have the 31 # sysfs label, not the sysfs_devices_system_cpu label. 32 # Allow write access for now until we figure out a better solution. 33 # For example, the following files pop in and out of existance: 34 # /sys/devices/system/cpu/cpu1/cpufreq/cpuinfo_min_freq 35 # /sys/devices/system/cpu/cpu1/cpufreq/scaling_min_freq 36 allow thermald sysfs:file write; 37 38 # Create and access to /dev/socket/thermal-.* 39 type_transition thermald socket_device:sock_file thermald_socket; 40 allow thermald socket_device:dir w_dir_perms; 41 allow thermald thermald_socket:sock_file create_file_perms; 42 43 # Connect to mpdecision. 44 allow thermald mpdecision_socket:dir r_dir_perms; 45 unix_socket_connect(thermald, mpdecision, mpdecision) 46 47 # Access to /dev/msm_thermal_query 48 allow thermald thermal_engine_device:chr_file rw_file_perms; 49
