From ec3b6b7e25f709fcc9c177beebafae885d641f6d Mon Sep 17 00:00:00 2001
From: Todd Poynor <toddpoynor@google.com>
Date: Fri, 9 Jun 2017 11:27:08 -0700
Subject: [PATCH] thermal: sepolicy for thermalservice and Thermal HAL revision
1.1
Add sepolicy for thermalserviced daemon, IThermalService binder
service, IThermalCallback hwservice, and Thermal HAL revision 1.1.
Test: manual: marlin with modified thermal-engine.conf
Bug: 30982366
Change-Id: I207fa0f922a4e658338af91dea28c497781e8fe9
---
prebuilts/api/26.0/26.0.ignore.cil | 4 ++++
private/file_contexts | 1 +
private/hwservice_contexts | 1 +
private/service_contexts | 1 +
private/thermalserviced.te | 4 ++++
public/hwservice.te | 1 +
public/service.te | 1 +
public/thermalserviced.te | 11 +++++++++++
vendor/file_contexts | 2 +-
9 files changed, 25 insertions(+), 1 deletion(-)
create mode 100644 private/thermalserviced.te
create mode 100644 public/thermalserviced.te
diff --git a/prebuilts/api/26.0/26.0.ignore.cil b/prebuilts/api/26.0/26.0.ignore.cil
index 5d7623321..ef3c1e2ff 100644
--- a/prebuilts/api/26.0/26.0.ignore.cil
+++ b/prebuilts/api/26.0/26.0.ignore.cil
@@ -12,5 +12,9 @@
memcg_device
netd_stable_secret_prop
sysfs_fs_ext4_features
+ thermal_service
+ thermalcallback_hwservice
+ thermalserviced
+ thermalserviced_exec
timezone_service
tombstoned_java_trace_socket))
diff --git a/private/file_contexts b/private/file_contexts
index 90f7bbf44..29c0fe615 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -257,6 +257,7 @@
/system/bin/update_engine u:object_r:update_engine_exec:s0
/system/bin/bspatch u:object_r:update_engine_exec:s0
/system/bin/storaged u:object_r:storaged_exec:s0
+/system/bin/thermalserviced u:object_r:thermalserviced_exec:s0
/system/bin/webview_zygote32 u:object_r:webview_zygote_exec:s0
/system/bin/webview_zygote64 u:object_r:webview_zygote_exec:s0
/system/bin/virtual_touchpad u:object_r:virtual_touchpad_exec:s0
diff --git a/private/hwservice_contexts b/private/hwservice_contexts
index 702795d8b..9a02bba06 100644
--- a/private/hwservice_contexts
+++ b/private/hwservice_contexts
@@ -36,6 +36,7 @@ android.hardware.renderscript::IDevice u:object_r:hal_r
android.hardware.sensors::ISensors u:object_r:hal_sensors_hwservice:s0
android.hardware.soundtrigger::ISoundTriggerHw u:object_r:hal_audio_hwservice:s0
android.hardware.thermal::IThermal u:object_r:hal_thermal_hwservice:s0
+android.hardware.thermal::IThermalCallback u:object_r:thermalcallback_hwservice:s0
android.hardware.tv.cec::IHdmiCec u:object_r:hal_tv_cec_hwservice:s0
android.hardware.tv.input::ITvInput u:object_r:hal_tv_input_hwservice:s0
android.hardware.usb::IUsb u:object_r:hal_usb_hwservice:s0
diff --git a/private/service_contexts b/private/service_contexts
index c6c7ec081..1cb7c58dc 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -149,6 +149,7 @@ telephony.registry u:object_r:registry_service:s0
textclassification u:object_r:textclassification_service:s0
textservices u:object_r:textservices_service:s0
timezone u:object_r:timezone_service:s0
+thermalservice u:object_r:thermal_service:s0
trust u:object_r:trust_service:s0
tv_input u:object_r:tv_input_service:s0
uimode u:object_r:uimode_service:s0
diff --git a/private/thermalserviced.te b/private/thermalserviced.te
new file mode 100644
index 000000000..1a09e203e
--- /dev/null
+++ b/private/thermalserviced.te
@@ -0,0 +1,4 @@
+typeattribute thermalserviced coredomain;
+
+init_daemon_domain(thermalserviced)
+
diff --git a/public/hwservice.te b/public/hwservice.te
index 815221d9c..c0fa66678 100644
--- a/public/hwservice.te
+++ b/public/hwservice.te
@@ -46,3 +46,4 @@ type hidl_manager_hwservice, hwservice_manager_type, coredomain_hwservice;
type hidl_memory_hwservice, hwservice_manager_type, coredomain_hwservice;
type hidl_token_hwservice, hwservice_manager_type, coredomain_hwservice;
type system_wifi_keystore_hwservice, hwservice_manager_type, coredomain_hwservice;
+type thermalcallback_hwservice, hwservice_manager_type;
diff --git a/public/service.te b/public/service.te
index 5722e25fb..a4a420f0e 100644
--- a/public/service.te
+++ b/public/service.te
@@ -24,6 +24,7 @@ type radio_service, service_manager_type;
type storaged_service, service_manager_type;
type surfaceflinger_service, service_manager_type;
type system_app_service, service_manager_type;
+type thermal_service, service_manager_type;
type update_engine_service, service_manager_type;
type virtual_touchpad_service, service_manager_type;
type vr_hwc_service, service_manager_type;
diff --git a/public/thermalserviced.te b/public/thermalserviced.te
new file mode 100644
index 000000000..5b6025cea
--- /dev/null
+++ b/public/thermalserviced.te
@@ -0,0 +1,11 @@
+# thermalserviced -- thermal management services for system and vendor
+type thermalserviced, domain;
+type thermalserviced_exec, exec_type, file_type;
+
+binder_use(thermalserviced)
+binder_service(thermalserviced)
+add_service(thermalserviced, thermal_service)
+
+hwbinder_use(thermalserviced)
+hal_client_domain(thermalserviced, hal_thermal)
+add_hwservice(thermalserviced, thermalcallback_hwservice)
diff --git a/vendor/file_contexts b/vendor/file_contexts
index da5cbf581..08cc068d2 100644
--- a/vendor/file_contexts
+++ b/vendor/file_contexts
@@ -25,7 +25,7 @@
/(vendor|system/vendor)/bin/hw/android\.hardware\.power@1\.0-service u:object_r:hal_power_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.sensors@1\.0-service u:object_r:hal_sensors_default_exec:s0
/(vendor|system/vendor)/bin/hw/rild u:object_r:rild_exec:s0
-/(vendor|system/vendor)/bin/hw/android\.hardware\.thermal@1\.0-service u:object_r:hal_thermal_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.thermal@1\.[01]-service u:object_r:hal_thermal_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.tv\.cec@1\.0-service u:object_r:hal_tv_cec_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.tv\.input@1\.0-service u:object_r:hal_tv_input_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.usb@1\.0-service u:object_r:hal_usb_default_exec:s0
--
GitLab