From 9785f2addd24282370b5158abb1d5640e1738219 Mon Sep 17 00:00:00 2001
From: Polina Bondarenko <pbond@google.com>
Date: Tue, 18 Oct 2016 00:07:34 +0200
Subject: [PATCH] sepolicy: Add policy for thermal HIDL service

Bug: 32022261
Test: manual
Change-Id: I664a3b5c37f6a3a36e4e5beb91b384a9599c83f8
---
 private/file_contexts   | 1 +
 private/hal_thermal.te  | 2 ++
 public/hal_thermal.te   | 9 +++++++++
 public/system_server.te | 2 +-
 4 files changed, 13 insertions(+), 1 deletion(-)
 create mode 100644 private/hal_thermal.te
 create mode 100644 public/hal_thermal.te

diff --git a/private/file_contexts b/private/file_contexts
index 61126eba3..ebc8a718d 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -226,6 +226,7 @@
 /system/bin/hw/android\.hardware\.memtrack@1\.0-service       u:object_r:hal_memtrack_exec:s0
 /system/bin/hw/android\.hardware\.nfc@1\.0-service            u:object_r:hal_nfc_exec:s0
 /system/bin/hw/android\.hardware\.power@1\.0-service          u:object_r:hal_power_exec:s0
+/system/bin/hw/android\.hardware\.thermal@1\.0-service        u:object_r:hal_thermal_exec:s0
 /system/bin/hw/android\.hardware\.vibrator@1\.0-service       u:object_r:hal_vibrator_exec:s0
 /system/bin/hw/android\.hardware\.vr@1\.0-service             u:object_r:hal_vr_exec:s0
 /system/bin/hw/android\.hardware\.wifi@1\.0-service           u:object_r:hal_wifi_exec:s0
diff --git a/private/hal_thermal.te b/private/hal_thermal.te
new file mode 100644
index 000000000..2623e3f2f
--- /dev/null
+++ b/private/hal_thermal.te
@@ -0,0 +1,2 @@
+# May be started by init
+init_daemon_domain(hal_thermal)
diff --git a/public/hal_thermal.te b/public/hal_thermal.te
new file mode 100644
index 000000000..665471b9a
--- /dev/null
+++ b/public/hal_thermal.te
@@ -0,0 +1,9 @@
+# thermal subsystem
+type hal_thermal, domain;
+type hal_thermal_exec, exec_type, file_type;
+
+# hwbinder access
+hwbinder_use(hal_thermal)
+
+# call into system_server process (callbacks)
+binder_call(hal_thermal, system_server)
diff --git a/public/system_server.te b/public/system_server.te
index 924a6d308..ac1e8bd60 100644
--- a/public/system_server.te
+++ b/public/system_server.te
@@ -151,6 +151,7 @@ binder_call(system_server, hal_boot)
 binder_call(system_server, hal_light)
 binder_call(system_server, hal_memtrack)
 binder_call(system_server, hal_power)
+binder_call(system_server, hal_thermal)
 binder_call(system_server, hal_vibrator)
 binder_call(system_server, hal_vr)
 binder_call(system_server, binderservicedomain)
@@ -568,7 +569,6 @@ r_dir_file(system_server, sysfs_type)
 # Allow system_server to make binder calls to hwservicemanager
 binder_call(system_server, hwservicemanager)
 
-
 ###
 ### Neverallow rules
 ###
-- 
GitLab