android_mt6572_jiabo/device/qcom/sepolicy/common/thermal-engine.te

# Thermal-engine daemon
type thermal-engine, domain, domain_deprecated;
type thermal-engine_exec, exec_type, file_type;

# Started by init
init_daemon_domain(thermal-engine)

# Allow to read and write cpufreq sysfs
allow thermal-engine sysfs_devices_system_cpu:file rw_file_perms;

# This is to access thermal query device and smem log device
allow thermal-engine { thermal_device smem_log_device }:chr_file rw_file_perms;

allow thermal-engine self:capability {
    dac_read_search
    dac_override
    fsetid
    sys_boot
};

allow thermal-engine self:socket create_socket_perms;

# This is required to access thermal sockets
allow thermal-engine thermal_socket:dir w_dir_perms;
allow thermal-engine thermal_socket:sock_file create_file_perms;
allow thermal-engine socket_device:dir w_dir_perms;

# This is required for thermal sysfs access
r_dir_file(thermal-engine, sysfs_thermal)
allow thermal-engine { sysfs_thermal sysfs }:file w_file_perms;

# This is required for qmi access
qmux_socket(thermal-engine);
allow thermal-engine sysfs_mpdecision:file rw_file_perms;

r_dir_file(thermal-engine, sysfs_ssr);

# This is required for wake alarm access
allow thermal-engine self:capability2 wake_alarm;

# This is required for thermal perfd access
allow thermal-engine mpctl_socket:dir search;
allow thermal-engine mpctl_socket:sock_file write;
unix_socket_send(thermal-engine, mpctl, perfd)
unix_socket_connect(thermal-engine, mpctl, perfd)
unix_socket_send(thermal-engine, mpctl, mpdecision)
unix_socket_connect(thermal-engine, mpctl, mpdecision)

#This is to allow access to uio device
allow thermal-engine uio_device:chr_file rw_file_perms;

#Label the thermal sockets correctly
type_transition thermal-engine socket_device:sock_file thermal_socket;

userdebug_or_eng(`
  diag_use(thermal-engine)
')

# To get GPU frequencies
allow thermal-engine sysfs_kgsl:file r_file_perms;