From 2c3b5d353e14fe5daa024e416fc4c92f4fff516f Mon Sep 17 00:00:00 2001
From: Steve Kondik <steve@cyngn.com>
Date: Mon, 16 Nov 2015 19:11:50 -0800
Subject: [PATCH] sepolicy: Remove some denials

 * Allow apps to run the "df" command to look at disk usage.
 * Allow thermal engine to check/set battery limits.

Change-Id: I67c863a82a94007e7a5e8ccfde9c095b7277ab84
---
 sepolicy/domain.te              | 5 +++++
 sepolicy/qcom/domain.te         | 2 ++
 sepolicy/qcom/thermal-engine.te | 3 +++
 3 files changed, 10 insertions(+)
 create mode 100644 sepolicy/domain.te
 create mode 100644 sepolicy/qcom/domain.te

diff --git a/sepolicy/domain.te b/sepolicy/domain.te
new file mode 100644
index 00000000..b1fc15ee
--- /dev/null
+++ b/sepolicy/domain.te
@@ -0,0 +1,5 @@
+allow domain block_device:dir { search getattr }; 
+allow domain block_device:blk_file getattr;
+allow domain cache_block_device:blk_file getattr;
+allow domain userdata_block_device:blk_file getattr;
+allow domain fuse_device:chr_file getattr;
diff --git a/sepolicy/qcom/domain.te b/sepolicy/qcom/domain.te
new file mode 100644
index 00000000..5af099fe
--- /dev/null
+++ b/sepolicy/qcom/domain.te
@@ -0,0 +1,2 @@
+allow domain persist_file:dir getattr;
+allow domain persist_block_device:blk_file getattr;
diff --git a/sepolicy/qcom/thermal-engine.te b/sepolicy/qcom/thermal-engine.te
index e616275d..8f8967e2 100644
--- a/sepolicy/qcom/thermal-engine.te
+++ b/sepolicy/qcom/thermal-engine.te
@@ -1,4 +1,7 @@
 allow thermal-engine self:netlink_kobject_uevent_socket create_socket_perms;
 r_dir_file(thermal-engine, sysfs_rqstats);
 
+allow thermal-engine sysfs_battery_supply:file rw_file_perms;
+allow thermal-engine sysfs_battery_supply:dir r_dir_perms;
+
 allow thermal-engine self:capability { net_admin } ;