Move thermald into enforcing.

I have not yet traced the source of all of thermald's capability requests, but
am allowing in order to move into enforcing mode. Also address a few other
observed denials.

<12>[   13.648000] type=1400 audit(57193.029:7): avc: denied { dac_override } for pid=373 comm="thermal-engine" capability=1 scontext=u:r:thermald:s0 tcontext=u:r:thermald:s0 tclass=capability permissive=1
<12>[   13.715266] type=1400 audit(57193.029:11): avc: denied { fsetid } for pid=373 comm="thermal-engine" capability=4 scontext=u:r:thermald:s0 tcontext=u:r:thermald:s0 tclass=capability permissive=1
<12>[   13.762708] type=1400 audit(57193.039:24): avc: denied { chown } for pid=343 comm="thermal-engine" capability=0 scontext=u:r:thermald:s0 tcontext=u:r:thermald:s0 tclass=capability permissive=1

<12>[  125.567298] type=1400 audit(6125.489:160): avc: denied { search } for pid=2998 comm="RenderThread" name="tmp" dev="dm-0" ino=1187842 scontext=u:r:system_app:s0 tcontext=u:object_r:shell_data_file:s0 tclass=dir permissive=0

<12>[  137.716704] type=1400 audit(1408045466.362:173): avc: denied { connectto } for pid=3115 comm="omm.timeservice" path=0074696D655F67656E6F6666 scontext=u:r:platform_app:s0 tcontext=u:r:time:s0 tclass=unix_stream_socket permissive=0

<12>[   63.383252] type=1400 audit(1408046324.590:158): avc: denied { write } for pid=2855 comm=time_daemon name=time dev=dm-0 ino=1458177 scontext=u:r:time:s0 tcontext=u:object_r:system_data_file:s0 tclass=dir permissive=0

Bug: 16319212
Change-Id: I5975f8b086b90037cc4255262708775c24197c8c

1 files changed, 1 insertions, 0 deletions

diff --git a/BoardConfig.mk b/BoardConfig.mk
index 99c10b24..95325c5d 100644
--- a/BoardConfig.mk
+++ b/BoardConfig.mk
@@ -114,6 +114,7 @@ BOARD_SEPOLICY_UNION += \
         rild.te \
         sensors.te \
         surfaceflinger.te \
+        system_app.te \
         system_server.te \
         tee.te \
         te_macros \