sepolicy: Add policy for thermal HIDL service Bug: 32022261 Test: manual Change-Id: I664a3b5c37f6a3a36e4e5beb91b384a9599c83f8

commit: 9785f2addd24282370b5158abb1d5640e1738219 [log] [tgz]
author: Polina Bondarenko <pbond@google.com> Tue Oct 18 00:07:34 2016 +0200
committer: Polina Bondarenko <pbond@google.com> Tue Nov 08 13:34:31 2016 +0100
tree: 43315f028a53d0239e22b80172db1991b8c485e7
parent: 68f233648ed3e413050c6d33848f570fc24a5398 [diff]
diff --git a/public/hal_thermal.te b/public/hal_thermal.te
new file mode 100644
index 0000000..665471b
--- /dev/null
+++ b/public/hal_thermal.te

@@ -0,0 +1,9 @@
+# thermal subsystem
+type hal_thermal, domain;
+type hal_thermal_exec, exec_type, file_type;
+
+# hwbinder access
+hwbinder_use(hal_thermal)
+
+# call into system_server process (callbacks)
+binder_call(hal_thermal, system_server)

diff --git a/public/system_server.te b/public/system_server.te
index 924a6d3..ac1e8bd 100644
--- a/public/system_server.te
+++ b/public/system_server.te

@@ -151,6 +151,7 @@
 binder_call(system_server, hal_light)
 binder_call(system_server, hal_memtrack)
 binder_call(system_server, hal_power)
+binder_call(system_server, hal_thermal)
 binder_call(system_server, hal_vibrator)
 binder_call(system_server, hal_vr)
 binder_call(system_server, binderservicedomain)
@@ -568,7 +569,6 @@
 # Allow system_server to make binder calls to hwservicemanager
 binder_call(system_server, hwservicemanager)
 
-
 ###
 ### Neverallow rules
 ###
commit	9785f2addd24282370b5158abb1d5640e1738219	[log] [tgz]
author	Polina Bondarenko <pbond@google.com>	Tue Oct 18 00:07:34 2016 +0200
committer	Polina Bondarenko <pbond@google.com>	Tue Nov 08 13:34:31 2016 +0100
tree	43315f028a53d0239e22b80172db1991b8c485e7
parent	68f233648ed3e413050c6d33848f570fc24a5398 [diff]