From 90fd300e5f681de28f9a64bea301ad5e6fab69d2 Mon Sep 17 00:00:00 2001 From: Ram Chandrasekar Date: Fri, 28 Jul 2023 16:08:09 -0700 Subject: [PATCH] thermal-hal: Add thermal HAL configs Add all thermal HAL sepolicy and makefile to the new common folder. Bug: 289146743 Test: Compilation test Change-Id: I133dcdac20a970e7ff4026fa503e46fd073be34f Signed-off-by: Ram Chandrasekar --- thermal/sepolicy/thermal_hal/file.te | 2 ++ thermal/sepolicy/thermal_hal/file_contexts | 6 ++++++ thermal/sepolicy/thermal_hal/genfs_contexts | 3 +++ .../sepolicy/thermal_hal/hal_thermal_default.te | 16 ++++++++++++++++ .../thermal_hal/init-thermal-logging.sh.te | 10 ++++++++++ .../thermal_hal/init-thermal-symlinks.sh.te | 12 ++++++++++++ .../thermal_hal/pixel-thermal-control.sh.te | 13 +++++++++++++ thermal/sepolicy/thermal_hal/property.te | 2 ++ thermal/sepolicy/thermal_hal/property_contexts | 1 + thermal/sepolicy/thermal_hal/vendor_init.te | 3 +++ thermal/thermal_hal/device.mk | 10 ++++++++++ 11 files changed, 78 insertions(+) create mode 100644 thermal/sepolicy/thermal_hal/file.te create mode 100644 thermal/sepolicy/thermal_hal/file_contexts create mode 100644 thermal/sepolicy/thermal_hal/genfs_contexts create mode 100644 thermal/sepolicy/thermal_hal/hal_thermal_default.te create mode 100644 thermal/sepolicy/thermal_hal/init-thermal-logging.sh.te create mode 100644 thermal/sepolicy/thermal_hal/init-thermal-symlinks.sh.te create mode 100644 thermal/sepolicy/thermal_hal/pixel-thermal-control.sh.te create mode 100644 thermal/sepolicy/thermal_hal/property.te create mode 100644 thermal/sepolicy/thermal_hal/property_contexts create mode 100644 thermal/sepolicy/thermal_hal/vendor_init.te create mode 100644 thermal/thermal_hal/device.mk diff --git a/thermal/sepolicy/thermal_hal/file.te b/thermal/sepolicy/thermal_hal/file.te new file mode 100644 index 0000000..a2b1ab8 --- /dev/null +++ b/thermal/sepolicy/thermal_hal/file.te @@ -0,0 +1,2 @@ +type thermal_link_device, dev_type; +type debugfs_thermal, debugfs_type, fs_type; diff --git a/thermal/sepolicy/thermal_hal/file_contexts b/thermal/sepolicy/thermal_hal/file_contexts new file mode 100644 index 0000000..c3fb04f --- /dev/null +++ b/thermal/sepolicy/thermal_hal/file_contexts @@ -0,0 +1,6 @@ +/vendor/bin/hw/android\.hardware\.thermal@2\.0-service\.pixel u:object_r:hal_thermal_default_exec:s0 +/vendor/bin/hw/android\.hardware\.thermal-service\.pixel u:object_r:hal_thermal_default_exec:s0 +/vendor/bin/thermal_logd u:object_r:init-thermal-logging-sh_exec:s0 +/vendor/bin/thermal_controld u:object_r:pixel-thermal-control-sh_exec:s0 +/vendor/bin/thermal_symlinks u:object_r:init-thermal-symlinks-sh_exec:s0 +/dev/thermal(/.*)? u:object_r:thermal_link_device:s0 diff --git a/thermal/sepolicy/thermal_hal/genfs_contexts b/thermal/sepolicy/thermal_hal/genfs_contexts new file mode 100644 index 0000000..3000fa0 --- /dev/null +++ b/thermal/sepolicy/thermal_hal/genfs_contexts @@ -0,0 +1,3 @@ +genfscon sysfs /devices/virtual/thermal u:object_r:sysfs_thermal:s0 +genfscon sysfs /class/thermal u:object_r:sysfs_thermal:s0 +genfscon debugfs /gs101-thermal u:object_r:debugfs_thermal:s0 diff --git a/thermal/sepolicy/thermal_hal/hal_thermal_default.te b/thermal/sepolicy/thermal_hal/hal_thermal_default.te new file mode 100644 index 0000000..45ccf3a --- /dev/null +++ b/thermal/sepolicy/thermal_hal/hal_thermal_default.te @@ -0,0 +1,16 @@ +allow hal_thermal_default sysfs_thermal:dir r_dir_perms; +allow hal_thermal_default sysfs_thermal:file rw_file_perms; +allow hal_thermal_default sysfs_thermal:lnk_file r_file_perms; +allow hal_thermal_default thermal_link_device:dir r_dir_perms; +allow hal_thermal_default proc_stat:file r_file_perms; +allow hal_thermal_default self:netlink_generic_socket create_socket_perms_no_ioctl; +allow hal_thermal_default self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl; + +hal_client_domain(hal_thermal_default, hal_power); + +# read thermal_config +get_prop(hal_thermal_default, vendor_thermal_prop) + +# Needed for reporting thermal stats event +allow hal_thermal_default fwk_stats_service:service_manager find; +binder_call(hal_thermal_default, servicemanager) diff --git a/thermal/sepolicy/thermal_hal/init-thermal-logging.sh.te b/thermal/sepolicy/thermal_hal/init-thermal-logging.sh.te new file mode 100644 index 0000000..3da540e --- /dev/null +++ b/thermal/sepolicy/thermal_hal/init-thermal-logging.sh.te @@ -0,0 +1,10 @@ +type init-thermal-logging-sh, domain; +type init-thermal-logging-sh_exec, exec_type, vendor_file_type, file_type; + +init_daemon_domain(init-thermal-logging-sh) + +userdebug_or_eng(` + allow init-thermal-logging-sh vendor_toolbox_exec:file rx_file_perms; + allow init-thermal-logging-sh sysfs_thermal:dir r_dir_perms; + allow init-thermal-logging-sh sysfs_thermal:file r_file_perms; +') diff --git a/thermal/sepolicy/thermal_hal/init-thermal-symlinks.sh.te b/thermal/sepolicy/thermal_hal/init-thermal-symlinks.sh.te new file mode 100644 index 0000000..093512c --- /dev/null +++ b/thermal/sepolicy/thermal_hal/init-thermal-symlinks.sh.te @@ -0,0 +1,12 @@ +type init-thermal-symlinks-sh, domain; +type init-thermal-symlinks-sh_exec, exec_type, vendor_file_type, file_type; + +init_daemon_domain(init-thermal-symlinks-sh) + +allow init-thermal-symlinks-sh vendor_toolbox_exec:file rx_file_perms; +allow init-thermal-symlinks-sh thermal_link_device:dir rw_dir_perms; +allow init-thermal-symlinks-sh thermal_link_device:lnk_file create_file_perms; +allow init-thermal-symlinks-sh sysfs_thermal:dir r_dir_perms; +allow init-thermal-symlinks-sh sysfs_thermal:file r_file_perms; +allow init-thermal-symlinks-sh sysfs_thermal:lnk_file r_file_perms; +set_prop(init-thermal-symlinks-sh, vendor_thermal_prop) diff --git a/thermal/sepolicy/thermal_hal/pixel-thermal-control.sh.te b/thermal/sepolicy/thermal_hal/pixel-thermal-control.sh.te new file mode 100644 index 0000000..a6430f1 --- /dev/null +++ b/thermal/sepolicy/thermal_hal/pixel-thermal-control.sh.te @@ -0,0 +1,13 @@ +type pixel-thermal-control-sh, domain; +type pixel-thermal-control-sh_exec, exec_type, vendor_file_type, file_type; + +init_daemon_domain(pixel-thermal-control-sh) + +userdebug_or_eng(` + allow pixel-thermal-control-sh vendor_toolbox_exec:file execute_no_trans; + allow pixel-thermal-control-sh sysfs_thermal:dir r_dir_perms; + allow pixel-thermal-control-sh sysfs_thermal:file rw_file_perms; + allow pixel-thermal-control-sh sysfs_thermal:lnk_file r_file_perms; + allow pixel-thermal-control-sh thermal_link_device:dir r_dir_perms; + get_prop(pixel-thermal-control-sh, vendor_thermal_prop) +') diff --git a/thermal/sepolicy/thermal_hal/property.te b/thermal/sepolicy/thermal_hal/property.te new file mode 100644 index 0000000..676c85a --- /dev/null +++ b/thermal/sepolicy/thermal_hal/property.te @@ -0,0 +1,2 @@ +#thermal HAL +vendor_internal_prop(vendor_thermal_prop) diff --git a/thermal/sepolicy/thermal_hal/property_contexts b/thermal/sepolicy/thermal_hal/property_contexts new file mode 100644 index 0000000..65a02ee --- /dev/null +++ b/thermal/sepolicy/thermal_hal/property_contexts @@ -0,0 +1 @@ +vendor.thermal. u:object_r:vendor_thermal_prop:s0 diff --git a/thermal/sepolicy/thermal_hal/vendor_init.te b/thermal/sepolicy/thermal_hal/vendor_init.te new file mode 100644 index 0000000..aaf6ac1 --- /dev/null +++ b/thermal/sepolicy/thermal_hal/vendor_init.te @@ -0,0 +1,3 @@ +allow vendor_init thermal_link_device:dir r_dir_perms; +allow vendor_init thermal_link_device:lnk_file r_file_perms; +set_prop(vendor_init, vendor_thermal_prop) diff --git a/thermal/thermal_hal/device.mk b/thermal/thermal_hal/device.mk new file mode 100644 index 0000000..260b59f --- /dev/null +++ b/thermal/thermal_hal/device.mk @@ -0,0 +1,10 @@ +PRODUCT_PACKAGES += android.hardware.thermal-service.pixel + +# Thermal utils +PRODUCT_PACKAGES += thermal_symlinks + +# Thermal logd +PRODUCT_PACKAGES_DEBUG += thermal_logd +PRODUCT_PACKAGES_ENG += thermal_logd + +BOARD_SEPOLICY_DIRS += device/google/gs-common/thermal/sepolicy/thermal_hal