sepolicy: Remove some denials

* Allow apps to run the "df" command to look at disk usage. * Allow thermal engine to check/set battery limits. Change-Id: I67c863a82a94007e7a5e8ccfde9c095b7277ab84
author: Steve Kondik <steve@cyngn.com> 2015-11-16 19:11:50 -0800
committer: Steve Kondik <steve@cyngn.com> 2015-11-16 19:46:00 -0800
commit: 2c3b5d353e14fe5daa024e416fc4c92f4fff516f (patch)
tree: a26badff2c1764e5a309e9eed1a7400b7bc98d7c /sepolicy/qcom
parent: 816dec8fe919bd5002a6090a05ee0ea242bb72fe (diff)
download: vendor_replicant-2c3b5d353e14fe5daa024e416fc4c92f4fff516f.zip
vendor_replicant-2c3b5d353e14fe5daa024e416fc4c92f4fff516f.tar.gz
vendor_replicant-2c3b5d353e14fe5daa024e416fc4c92f4fff516f.tar.bz2
2 files changed, 5 insertions, 0 deletions
diff --git a/sepolicy/qcom/domain.te b/sepolicy/qcom/domain.te
new file mode 100644
index 0000000..5af099f
--- /dev/null
+++ b/sepolicy/qcom/domain.te
@@ -0,0 +1,2 @@
+allow domain persist_file:dir getattr;
+allow domain persist_block_device:blk_file getattr;
diff --git a/sepolicy/qcom/thermal-engine.te b/sepolicy/qcom/thermal-engine.te
index e616275..8f8967e 100644
--- a/sepolicy/qcom/thermal-engine.te
+++ b/sepolicy/qcom/thermal-engine.te
@@ -1,4 +1,7 @@
 allow thermal-engine self:netlink_kobject_uevent_socket create_socket_perms;
 r_dir_file(thermal-engine, sysfs_rqstats);
 
+allow thermal-engine sysfs_battery_supply:file rw_file_perms;
+allow thermal-engine sysfs_battery_supply:dir r_dir_perms;
+
 allow thermal-engine self:capability { net_admin } ;
author	Steve Kondik <steve@cyngn.com>	2015-11-16 19:11:50 -0800
committer	Steve Kondik <steve@cyngn.com>	2015-11-16 19:46:00 -0800
commit	2c3b5d353e14fe5daa024e416fc4c92f4fff516f (patch)
tree	a26badff2c1764e5a309e9eed1a7400b7bc98d7c /sepolicy/qcom
parent	816dec8fe919bd5002a6090a05ee0ea242bb72fe (diff)
download	vendor_replicant-2c3b5d353e14fe5daa024e416fc4c92f4fff516f.zip vendor_replicant-2c3b5d353e14fe5daa024e416fc4c92f4fff516f.tar.gz vendor_replicant-2c3b5d353e14fe5daa024e416fc4c92f4fff516f.tar.bz2