thermal: add thermalhal related policy

1. Allow vendor_init to write thermal debugfs
2. Fix thermalHAL denied log while updting cooling device

Bug: 181184084
Bug: 181349449
Test: No avc denied log with switching thermal control property
Change-Id: Id8d79956ef86a438eb0290c2a1188f71ce6fac72

4 files changed, 7 insertions, 0 deletions

diff --git a/thermal/file.te b/thermal/file.te
index 5676e77..a2b1ab8 100644
--- a/thermal/file.te
+++ b/thermal/file.te
@@ -1 +1,2 @@
 type thermal_link_device, dev_type;
+type debugfs_thermal, debugfs_type, fs_type;
diff --git a/thermal/genfs_contexts b/thermal/genfs_contexts
index 83f2860..3000fa0 100644
--- a/thermal/genfs_contexts
+++ b/thermal/genfs_contexts
@@ -1,2 +1,3 @@
 genfscon sysfs /devices/virtual/thermal                                        u:object_r:sysfs_thermal:s0
 genfscon sysfs /class/thermal                                                  u:object_r:sysfs_thermal:s0
+genfscon debugfs /gs101-thermal                                                u:object_r:debugfs_thermal:s0
diff --git a/thermal/hal_thermal_default.te b/thermal/hal_thermal_default.te
index 846f07a..5d8af91 100644
--- a/thermal/hal_thermal_default.te
+++ b/thermal/hal_thermal_default.te
@@ -1,5 +1,7 @@
 allow hal_thermal_default sysfs_thermal:dir r_dir_perms;
 allow hal_thermal_default sysfs_thermal:file rw_file_perms;
+allow hal_thermal_default sysfs_thermal:lnk_file r_file_perms;
+allow hal_thermal_default thermal_link_device:dir r_dir_perms;
 allow hal_thermal_default proc_stat:file r_file_perms;
 
 allow hal_thermal_default self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl;
diff --git a/thermal/vendor_init.te b/thermal/vendor_init.te
index 3133b1e..875277e 100644
--- a/thermal/vendor_init.te
+++ b/thermal/vendor_init.te
@@ -1,2 +1,5 @@
 allow vendor_init thermal_link_device:dir r_dir_perms;
 allow vendor_init thermal_link_device:lnk_file r_file_perms;
+userdebug_or_eng(`
+  allow vendor_init debugfs_thermal:file w_file_perms;
+')