commit a86fd523d62beb6f596218f144f151bf3a4272d4
author Kurva Harish <hkurva@codeaurora.org> Wed Nov 19 17:06:16 2014 -0800
committer Gerrit - the friendly Code Review server <code-review@localhost> Sun Nov 23 21:45:12 2014 -0800
tree 970fca5b62cbcba665dd2deeaa5998dbb1af6767
parent c242f59bd319331d8e0e5e12929618a7ff8ecda7

Seandroid: Added rules to thermal-engine

Added rules to thermal-engine for access to thermal-sockets which
is needed for  mediaserver ,camera and couple of other services.

Change-Id: I7f5f89c112357ee595f275b20325fede40439924

common/mediaserver.te

diff --git a/common/mediaserver.te b/common/mediaserver.te
index dbd59da..273890c 100644
--- a/common/mediaserver.te
+++ b/common/mediaserver.te
@@ -30,3 +30,6 @@
 allow mediaserver mpctl_socket:dir r_dir_perms;
 unix_socket_send(mediaserver, mpctl, perfd)
 unix_socket_connect(mediaserver, mpctl, perfd)
+
+# for thermal sock files
+unix_socket_connect(mediaserver, thermal, thermal-engine)

common/system_server.te

diff --git a/common/system_server.te b/common/system_server.te
index 9a1c7db..803ab08 100644
--- a/common/system_server.te
+++ b/common/system_server.te
@@ -42,3 +42,6 @@
 
 #For ssr
 allow system_server ssr_device:chr_file { read open };
+
+allow system_server fuse:dir search;
+allow system_server persist_file:dir search;

common/thermal-engine.te

diff --git a/common/thermal-engine.te b/common/thermal-engine.te
index e42e9b2..053ca84 100644
--- a/common/thermal-engine.te
+++ b/common/thermal-engine.te
@@ -7,17 +7,17 @@
 
 #============= thermal-engine ==============
 #This is to access thermal query device
-allow thermal-engine thermal_device:chr_file { read write ioctl open };
+allow thermal-engine thermal_device:chr_file rw_file_perms;
 #This is required to access smem log device
-allow thermal-engine smem_log_device:chr_file { read write ioctl open };
+allow thermal-engine smem_log_device:chr_file rw_file_perms;
 allow thermal-engine self:capability { dac_read_search dac_override fsetid };
-allow thermal-engine self:socket { create ioctl read };
+allow thermal-engine self:socket create_socket_perms;
 #This is required to access thermal sockets
-allow thermal-engine thermal_socket:dir { write add_name };
+allow thermal-engine thermal_socket:dir w_dir_perms;
 allow thermal-engine thermal_socket:sock_file { create setattr open read write };
 #This is required for thermal sysfs access
-allow thermal-engine sysfs_thermal:dir { read search open };
-allow thermal-engine sysfs_thermal:file { read write getattr open };
+allow thermal-engine sysfs_thermal:dir r_dir_perms;
+allow thermal-engine sysfs_thermal:file rw_file_perms;
 allow thermal-engine sysfs_thermal:lnk_file read;
 #This is required for qmi access
 qmux_socket(thermal-engine);