# ==============================================
# Policy File of /system/bin/thermal_manager Executable File

# ==============================================
# Type Declaration
# ==============================================
type thermal_manager_exec , exec_type, file_type, vendor_file_type;
type thermal_manager ,domain;

# ==============================================
# MTK Policy Rule
# ==============================================
init_daemon_domain(thermal_manager)

allow thermal_manager proc_mtkcooler:dir search;
allow thermal_manager proc_mtktz:dir search;
allow thermal_manager proc_thermal:dir search;
allow thermal_manager proc_mtkcooler:file rw_file_perms;
allow thermal_manager proc_mtktz:file rw_file_perms;
allow thermal_manager proc_thermal:file rw_file_perms;

allow thermal_manager thermal_manager_data_file:file create_file_perms;
allow thermal_manager thermal_manager_data_file:dir { rw_dir_perms setattr };

allow thermal_manager mediaserver:fd use;
allow thermal_manager mediaserver:fifo_file { read write };
allow thermal_manager mediaserver:tcp_socket { read write };

# Date : WK16.30
# Operation : Migration
# Purpose :
allow thermal_manager camera_isp_device:chr_file { read write };
allow thermal_manager cameraserver:fd use;
allow thermal_manager kd_camera_hw_device:chr_file { read write };
allow thermal_manager MTK_SMI_device:chr_file read;
allow thermal_manager surfaceflinger:fd use;
set_prop(thermal_manager, vendor_mtk_thermal_config_prop)

# Date : 2019/09/12
# Operation : Migration
# Purpose : add sysfs permission
# path = " sys/devices/virtual/thermal/"
# path = " sys/class/thermal/"
allow thermal_manager sysfs_therm:file w_file_perms;



# Date : WK18.18
# Operation : P Migration
# Purpose : Allow thermal_manager to access vendor data file.

allow thermal_manager self:capability { fowner chown };