thermal: bringup thermal_controld sepolicy rules
Bug: 202805103
Test: switch thermal tj property and check thermal threshold
Change-Id: I351dfd300186a6de8bdcf1edfcb7a461e80670cd
diff --git a/thermal/file_contexts b/thermal/file_contexts
index 40e00a9..acd360f 100644
--- a/thermal/file_contexts
+++ b/thermal/file_contexts
@@ -1,4 +1,5 @@
/vendor/bin/hw/android\.hardware\.thermal@2\.0-service\.pixel u:object_r:hal_thermal_default_exec:s0
/vendor/bin/thermal_logd u:object_r:init-thermal-logging-sh_exec:s0
+/vendor/bin/thermal_controld u:object_r:pixel-thermal-control-sh_exec:s0
/vendor/bin/thermal_symlinks u:object_r:init-thermal-symlinks-sh_exec:s0
/dev/thermal(/.*)? u:object_r:thermal_link_device:s0
diff --git a/thermal/pixel-thermal-control.sh.te b/thermal/pixel-thermal-control.sh.te
new file mode 100644
index 0000000..a6430f1
--- /dev/null
+++ b/thermal/pixel-thermal-control.sh.te
@@ -0,0 +1,13 @@
+type pixel-thermal-control-sh, domain;
+type pixel-thermal-control-sh_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(pixel-thermal-control-sh)
+
+userdebug_or_eng(`
+ allow pixel-thermal-control-sh vendor_toolbox_exec:file execute_no_trans;
+ allow pixel-thermal-control-sh sysfs_thermal:dir r_dir_perms;
+ allow pixel-thermal-control-sh sysfs_thermal:file rw_file_perms;
+ allow pixel-thermal-control-sh sysfs_thermal:lnk_file r_file_perms;
+ allow pixel-thermal-control-sh thermal_link_device:dir r_dir_perms;
+ get_prop(pixel-thermal-control-sh, vendor_thermal_prop)
+')