thermal-engine: permission to read files in /sys

avc: denied { read } for pid=491 comm="thermal-engine" name="devices" dev="sysfs" ino=27703 scontext=u:r:thermal-engine:s0 tcontext=u:object_r:sysfs:s0 tclass=dir permissive=1
avc: denied { open } for pid=491 comm="thermal-engine" path="/sys/bus/esoc/devices" dev="sysfs" ino=27703 scontext=u:r:thermal-engine:s0 tcontext=u:object_r:sysfs:s0 tclass=dir permissive=1
avc: denied { search } for pid=491 comm="thermal-engine" name="msm_subsys" dev="sysfs" ino=16150 scontext=u:r:thermal-engine:s0 tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=dir permissive=1
avc: denied { read } for pid=491 comm="thermal-engine" name="devices" dev="sysfs" ino=16152 scontext=u:r:thermal-engine:s0 tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=dir permissive=1
avc: denied { open } for pid=491 comm="thermal-engine" path="/sys/bus/msm_subsys/devices" dev="sysfs" ino=16152 scontext=u:r:thermal-engine:s0 tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=dir permissive=1
avc: denied { read } for pid=491 comm="thermal-engine" name="subsys0" dev="sysfs" ino=31967 scontext=u:r:thermal-engine:s0 tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=lnk_file permissive=1
avc: denied { read } for pid=491 comm="thermal-engine" name="name" dev="sysfs" ino=31961 scontext=u:r:thermal-engine:s0 tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=file permissive=1
avc: denied { open } for pid=491 comm="thermal-engine" path="/sys/devices/soc/ce0000.qcom,venus/subsys0/name" dev="sysfs" ino=31961 scontext=u:r:thermal-engine:s0 tcontext=u:object_r:sysfs_msm_subsys:s0 tclass=file permissive=1
avc: denied { search } for pid=491 comm="thermal-engine" name="soc0" dev="sysfs" ino=46619 scontext=u:r:thermal-engine:s0 tcontext=u:object_r:sysfs_soc:s0 tclass=dir permissive=1
avc: denied { read } for pid=491 comm="thermal-engine" name="soc_id" dev="sysfs" ino=46623 scontext=u:r:thermal-engine:s0 tcontext=u:object_r:sysfs_soc:s0 tclass=file permissive=1
avc: denied { open } for pid=491 comm="thermal-engine" path="/sys/devices/soc0/soc_id" dev="sysfs" ino=46623 scontext=u:r:thermal-engine:s0 tcontext=u:object_r:sysfs_soc:s0 tclass=file permissive=1
avc: denied { getattr } for pid=491 comm="thermal-engine" path="/sys/devices/soc0/soc_id" dev="sysfs" ino=46623 scontext=u:r:thermal-engine:s0 tcontext=u:object_r:sysfs_soc:s0 tclass=file permissive=1
avc: denied { read } for pid=491 comm="thermal-engine" name="cluster_info" dev="sysfs" ino=47504 scontext=u:r:thermal-engine:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1
avc: denied { open } for pid=491 comm="thermal-engine" path="/sys/module/msm_thermal/cluster_info" dev="sysfs" ino=47504 scontext=u:r:thermal-engine:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1
avc: denied { getattr } for pid=491 comm="thermal-engine" path="/sys/module/msm_thermal/cluster_info" dev="sysfs" ino=47504 scontext=u:r:thermal-engine:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1

Change-Id: I9120a49a3ec34dda0c661bc4263b1ab6a1f1ba98

sepolicy/file_contexts

@@ -87,6 +87,7 @@
 # /sys
 /sys/devices/virtual/nanohub/nanohub/download_bl u:object_r:sysfs_nanoapp_cmd:s0
 /sys/devices/virtual/thermal(/.*)?               u:object_r:sysfs_thermal:s0
+/sys/module/msm_thermal(/.*)?                    u:object_r:sysfs_thermal:s0
 /sys/devices/virtual/net(/.*)?                   u:object_r:sysfs_net:s0
 /devices/soc/0\.qcom,rmtfs_sharedmem/uio(/.*)?   u:object_r:sysfs_uio:s0
 /sys/bus/msm_subsys(/.*)?                        u:object_r:sysfs_msm_subsys:s0

sepolicy/thermal-engine.te

@@ -12,9 +12,12 @@ allow thermal-engine self:socket create_socket_perms;
 # /dev/msm_thermal_query
 allow thermal-engine thermal_device:chr_file rw_file_perms;
 
-# files in /sys/devices/virtual/thermal
+# files in /sys/
+allow thermal-engine sysfs:dir r_dir_perms;
 allow thermal-engine sysfs_thermal:dir r_dir_perms;
 allow thermal-engine sysfs_thermal:file rw_file_perms;
+r_dir_file(thermal-engine, sysfs_msm_subsys)
+r_dir_file(thermal-engine, sysfs_soc)
 
 allow thermal-engine uio_device:chr_file rw_file_perms;