1# Temperature sensor daemon (root process) 2type thermald, domain; 3type thermald_exec, exec_type, file_type; 4 5# Started by init 6init_daemon_domain(thermald) 7 8allow thermald self:socket create_socket_perms; 9 10# CPU hotplug uevent 11allow thermald self:netlink_kobject_uevent_socket { create setopt bind read }; 12# b/12450712: The dac_override should likely be fixed. It is included to 13# allow access to a few /sys/module/msm_thermal/ files. Once 14# the proper perms on those files are fixed this can likely be 15# reverted. We also want to auditallow every instance 16# of dac_override to track its behavior. 17allow thermald self:capability { dac_override net_admin }; 18auditallow thermald self:capability dac_override; 19 20# Talk to qmuxd (/dev/socket/qmux_radio) 21qmux_socket(thermald) 22 23# Access shared logger (/dev/smem_log) 24allow thermald shared_log_device:chr_file rw_file_perms; 25 26# Access /sys/devices/system/cpu/ 27allow thermald sysfs_devices_system_cpu:file rw_file_perms; 28 29# Some files in /sys/devices/system/cpu may pop in and out of existance, 30# defeating our attempt to label them. As a result, they could have the 31# sysfs label, not the sysfs_devices_system_cpu label. 32# Allow write access for now until we figure out a better solution. 33# For example, the following files pop in and out of existance: 34# /sys/devices/system/cpu/cpu1/cpufreq/cpuinfo_min_freq 35# /sys/devices/system/cpu/cpu1/cpufreq/scaling_min_freq 36allow thermald sysfs:file write; 37 38# Create and access to /dev/socket/thermal-.* 39type_transition thermald socket_device:sock_file thermald_socket; 40allow thermald socket_device:dir w_dir_perms; 41allow thermald thermald_socket:sock_file create_file_perms; 42 43# Connect to mpdecision. 44allow thermald mpdecision_socket:dir r_dir_perms; 45unix_socket_connect(thermald, mpdecision, mpdecision) 46 47# Access to /dev/msm_thermal_query 48allow thermald thermal_engine_device:chr_file rw_file_perms; 49