blob: 6f93a3ebc12658ec7c0c0929fcd29bf5b7e18319 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
|
# Temperature sensor daemon (root process)
type thermald, domain;
type thermald_exec, exec_type, file_type;
# Started by init
init_daemon_domain(thermald)
# DAC overrides
allow thermald self:capability dac_override;
auditallow thermald self:capability dac_override;
allow thermald self:socket create_socket_perms;
# CPU hotplug uevent
allow thermald self:netlink_kobject_uevent_socket { create setopt bind read };
allow thermald self:capability net_admin;
# Talk to qmuxd (/dev/socket/qmux_radio)
qmux_socket(thermald)
# Access shared logger (/dev/smem_log)
allow thermald shared_log_device:chr_file rw_file_perms;
# Access /sys/devices/system/cpu/
allow thermald sysfs_devices_system_cpu:file rw_file_perms;
# Some files in /sys/devices/system/cpu may pop in and out of existance,
# defeating our attempt to label them. As a result, they could have the
# sysfs label, not the sysfs_devices_system_cpu label.
# Allow write access for now until we figure out a better solution.
# For example, the following files pop in and out of existance:
# /sys/devices/system/cpu/cpu1/cpufreq/cpuinfo_min_freq
# /sys/devices/system/cpu/cpu1/cpufreq/scaling_min_freq
allow thermald sysfs:file write;
# Connect to mpdecision.
allow thermald mpdecision_socket:dir r_dir_perms;
unix_socket_connect(thermald, mpdecision, mpdecision)
|
