aboutsummaryrefslogtreecommitdiff
path: root/sepolicy
diff options
context:
space:
mode:
Diffstat (limited to 'sepolicy')
-rw-r--r--sepolicy/private/devicesettings_app.te28
-rw-r--r--sepolicy/private/seapp_contexts1
-rw-r--r--sepolicy/public/devicesettings_app.te3
-rw-r--r--sepolicy/vendor/thermal-engine.te11
4 files changed, 11 insertions, 32 deletions
diff --git a/sepolicy/private/devicesettings_app.te b/sepolicy/private/devicesettings_app.te
deleted file mode 100644
index 6e6a44b..0000000
--- a/sepolicy/private/devicesettings_app.te
+++ /dev/null
@@ -1,28 +0,0 @@
-app_domain(devicesettings_app)
-
-# Allow devicesettings_app to find *_service
-allow devicesettings_app {
- app_api_service
- audioserver_service
- cameraserver_service
- drmserver_service
- mediaextractor_service
- mediametrics_service
- mediaserver_service
-}:service_manager find;
-
-# Allow devicesettings_app read and write /data/data subdirectory
-allow devicesettings_app system_app_data_file:dir create_dir_perms;
-allow devicesettings_app system_app_data_file:{ file lnk_file } create_file_perms;
-
-# Allow binder communication with gpuservice
-binder_call(devicesettings_app, gpuservice)
-
-# Allow devicesettings_app to read and write to cgroup/sysfs_leds/sysfs_thermal
-allow devicesettings_app sysfs_leds:dir search;
-#allow devicesettings_app vendor_sysfs_graphics:dir search;
-allow devicesettings_app {
- cgroup
- sysfs_leds
- sysfs_thermal
-}:{ file lnk_file } rw_file_perms; \ No newline at end of file
diff --git a/sepolicy/private/seapp_contexts b/sepolicy/private/seapp_contexts
deleted file mode 100644
index 0b3253a..0000000
--- a/sepolicy/private/seapp_contexts
+++ /dev/null
@@ -1 +0,0 @@
-user=system seinfo=platform name=org.lineageos.settings domain=devicesettings_app type=system_app_data_file \ No newline at end of file
diff --git a/sepolicy/public/devicesettings_app.te b/sepolicy/public/devicesettings_app.te
deleted file mode 100644
index 7af5e9b..0000000
--- a/sepolicy/public/devicesettings_app.te
+++ /dev/null
@@ -1,3 +0,0 @@
-type devicesettings_app, domain;
-typeattribute devicesettings_app mlstrustedsubject;
-dontaudit devicesettings_app default_prop:file read; \ No newline at end of file
diff --git a/sepolicy/vendor/thermal-engine.te b/sepolicy/vendor/thermal-engine.te
new file mode 100644
index 0000000..6e59f5b
--- /dev/null
+++ b/sepolicy/vendor/thermal-engine.te
@@ -0,0 +1,11 @@
+allow vendor_thermal-engine {
+ vendor_sysfs_devfreq
+ thermal_data_file
+}:dir r_dir_perms;
+
+allow vendor_thermal-engine vendor_sysfs_devfreq:file rw_file_perms;
+
+# Rule for vendor_thermal-engine to access init process
+unix_socket_connect(vendor_thermal-engine, property, init);
+
+set_prop(vendor_thermal-engine, vendor_thermal_normal_prop) \ No newline at end of file