sepolicy: Add policy for thermal HIDL service am: 9785f2addd am: 458888a7d3

am: abbc718f19

Change-Id: Idc25b53e2e5cc1ac4ab9a93814773d69548a3db0

private/file_contexts

@@ -226,6 +226,7 @@
 /system/bin/hw/android\.hardware\.memtrack@1\.0-service       u:object_r:hal_memtrack_exec:s0
 /system/bin/hw/android\.hardware\.nfc@1\.0-service            u:object_r:hal_nfc_exec:s0
 /system/bin/hw/android\.hardware\.power@1\.0-service          u:object_r:hal_power_exec:s0
+/system/bin/hw/android\.hardware\.thermal@1\.0-service        u:object_r:hal_thermal_exec:s0
 /system/bin/hw/android\.hardware\.vibrator@1\.0-service       u:object_r:hal_vibrator_exec:s0
 /system/bin/hw/android\.hardware\.vr@1\.0-service             u:object_r:hal_vr_exec:s0
 /system/bin/hw/android\.hardware\.wifi@1\.0-service           u:object_r:hal_wifi_exec:s0

private/hal_thermal.te

@@ -0,0 +1,2 @@
+# May be started by init
+init_daemon_domain(hal_thermal)

public/hal_thermal.te

@@ -0,0 +1,9 @@
+# thermal subsystem
+type hal_thermal, domain;
+type hal_thermal_exec, exec_type, file_type;
+
+# hwbinder access
+hwbinder_use(hal_thermal)
+
+# call into system_server process (callbacks)
+binder_call(hal_thermal, system_server)

public/system_server.te

@@ -151,6 +151,7 @@ binder_call(system_server, hal_boot)
 binder_call(system_server, hal_light)
 binder_call(system_server, hal_memtrack)
 binder_call(system_server, hal_power)
+binder_call(system_server, hal_thermal)
 binder_call(system_server, hal_vibrator)
 binder_call(system_server, hal_vr)
 binder_call(system_server, binderservicedomain)
@@ -568,7 +569,6 @@ r_dir_file(system_server, sysfs_type)
 # Allow system_server to make binder calls to hwservicemanager
 binder_call(system_server, hwservicemanager)
 
-
 ###
 ### Neverallow rules
 ###