1# Temperature sensor daemon (root process) 2type thermald, domain; 3type thermald_exec, exec_type, file_type; 4 5# Started by init 6init_daemon_domain(thermald) 7 8# DAC overrides 9allow thermald self:capability dac_override; 10auditallow thermald self:capability dac_override; 11 12allow thermald self:socket create_socket_perms; 13 14# CPU hotplug uevent 15allow thermald self:netlink_kobject_uevent_socket { create setopt bind read }; 16allow thermald self:capability net_admin; 17 18# Talk to qmuxd (/dev/socket/qmux_radio) 19qmux_socket(thermald) 20 21# Access shared logger (/dev/smem_log) 22allow thermald shared_log_device:chr_file rw_file_perms; 23 24# Access /sys/devices/system/cpu/ 25allow thermald sysfs_devices_system_cpu:file rw_file_perms; 26 27# Some files in /sys/devices/system/cpu may pop in and out of existance, 28# defeating our attempt to label them. As a result, they could have the 29# sysfs label, not the sysfs_devices_system_cpu label. 30# Allow write access for now until we figure out a better solution. 31# For example, the following files pop in and out of existance: 32# /sys/devices/system/cpu/cpu1/cpufreq/cpuinfo_min_freq 33# /sys/devices/system/cpu/cpu1/cpufreq/scaling_min_freq 34allow thermald sysfs:file write; 35 36# Connect to mpdecision. 37allow thermald mpdecision_socket:dir r_dir_perms; 38unix_socket_connect(thermald, mpdecision, mpdecision) 39