thermal: sepolicy for thermalservice and Thermal HAL revision 1.1
Add sepolicy for thermalserviced daemon, IThermalService binder
service, IThermalCallback hwservice, and Thermal HAL revision 1.1.
Test: manual: marlin with modified thermal-engine.conf
Bug: 30982366
Change-Id: I207fa0f922a4e658338af91dea28c497781e8fe9
(cherry picked from commit ec3b6b7e25f709fcc9c177beebafae885d641f6d)
diff --git a/prebuilts/api/26.0/26.0.ignore.cil b/prebuilts/api/26.0/26.0.ignore.cil
index e713bc1..d09ce85 100644
--- a/prebuilts/api/26.0/26.0.ignore.cil
+++ b/prebuilts/api/26.0/26.0.ignore.cil
@@ -15,5 +15,9 @@
netd_stable_secret_prop
sysfs_fs_ext4_features
system_net_netd_hwservice
+ thermal_service
+ thermalcallback_hwservice
+ thermalserviced
+ thermalserviced_exec
timezone_service
tombstoned_java_trace_socket))
diff --git a/private/file_contexts b/private/file_contexts
index 876a17b..7f9f512 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -257,6 +257,7 @@
/system/bin/update_engine u:object_r:update_engine_exec:s0
/system/bin/bspatch u:object_r:update_engine_exec:s0
/system/bin/storaged u:object_r:storaged_exec:s0
+/system/bin/thermalserviced u:object_r:thermalserviced_exec:s0
/system/bin/webview_zygote32 u:object_r:webview_zygote_exec:s0
/system/bin/webview_zygote64 u:object_r:webview_zygote_exec:s0
/system/bin/virtual_touchpad u:object_r:virtual_touchpad_exec:s0
diff --git a/private/hwservice_contexts b/private/hwservice_contexts
index 40c33d9..107e483 100644
--- a/private/hwservice_contexts
+++ b/private/hwservice_contexts
@@ -37,6 +37,7 @@
android.hardware.sensors::ISensors u:object_r:hal_sensors_hwservice:s0
android.hardware.soundtrigger::ISoundTriggerHw u:object_r:hal_audio_hwservice:s0
android.hardware.thermal::IThermal u:object_r:hal_thermal_hwservice:s0
+android.hardware.thermal::IThermalCallback u:object_r:thermalcallback_hwservice:s0
android.hardware.tv.cec::IHdmiCec u:object_r:hal_tv_cec_hwservice:s0
android.hardware.tv.input::ITvInput u:object_r:hal_tv_input_hwservice:s0
android.hardware.usb::IUsb u:object_r:hal_usb_hwservice:s0
diff --git a/private/service_contexts b/private/service_contexts
index c6c7ec0..1cb7c58 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -149,6 +149,7 @@
textclassification u:object_r:textclassification_service:s0
textservices u:object_r:textservices_service:s0
timezone u:object_r:timezone_service:s0
+thermalservice u:object_r:thermal_service:s0
trust u:object_r:trust_service:s0
tv_input u:object_r:tv_input_service:s0
uimode u:object_r:uimode_service:s0
diff --git a/private/thermalserviced.te b/private/thermalserviced.te
new file mode 100644
index 0000000..1a09e20
--- /dev/null
+++ b/private/thermalserviced.te
@@ -0,0 +1,4 @@
+typeattribute thermalserviced coredomain;
+
+init_daemon_domain(thermalserviced)
+
diff --git a/public/hwservice.te b/public/hwservice.te
index 4daac31..1b11678 100644
--- a/public/hwservice.te
+++ b/public/hwservice.te
@@ -48,3 +48,4 @@
type hidl_token_hwservice, hwservice_manager_type, coredomain_hwservice;
type system_net_netd_hwservice, hwservice_manager_type, coredomain_hwservice;
type system_wifi_keystore_hwservice, hwservice_manager_type, coredomain_hwservice;
+type thermalcallback_hwservice, hwservice_manager_type;
diff --git a/public/service.te b/public/service.te
index 5722e25..a4a420f 100644
--- a/public/service.te
+++ b/public/service.te
@@ -24,6 +24,7 @@
type storaged_service, service_manager_type;
type surfaceflinger_service, service_manager_type;
type system_app_service, service_manager_type;
+type thermal_service, service_manager_type;
type update_engine_service, service_manager_type;
type virtual_touchpad_service, service_manager_type;
type vr_hwc_service, service_manager_type;
diff --git a/public/thermalserviced.te b/public/thermalserviced.te
new file mode 100644
index 0000000..5b6025c
--- /dev/null
+++ b/public/thermalserviced.te
@@ -0,0 +1,11 @@
+# thermalserviced -- thermal management services for system and vendor
+type thermalserviced, domain;
+type thermalserviced_exec, exec_type, file_type;
+
+binder_use(thermalserviced)
+binder_service(thermalserviced)
+add_service(thermalserviced, thermal_service)
+
+hwbinder_use(thermalserviced)
+hal_client_domain(thermalserviced, hal_thermal)
+add_hwservice(thermalserviced, thermalcallback_hwservice)
diff --git a/vendor/file_contexts b/vendor/file_contexts
index da5cbf5..08cc068 100644
--- a/vendor/file_contexts
+++ b/vendor/file_contexts
@@ -25,7 +25,7 @@
/(vendor|system/vendor)/bin/hw/android\.hardware\.power@1\.0-service u:object_r:hal_power_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.sensors@1\.0-service u:object_r:hal_sensors_default_exec:s0
/(vendor|system/vendor)/bin/hw/rild u:object_r:rild_exec:s0
-/(vendor|system/vendor)/bin/hw/android\.hardware\.thermal@1\.0-service u:object_r:hal_thermal_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.thermal@1\.[01]-service u:object_r:hal_thermal_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.tv\.cec@1\.0-service u:object_r:hal_tv_cec_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.tv\.input@1\.0-service u:object_r:hal_tv_input_default_exec:s0
/(vendor|system/vendor)/bin/hw/android\.hardware\.usb@1\.0-service u:object_r:hal_usb_default_exec:s0