# permissions for /system/bin/tune-thermal-gov.sh
type thermal_gov, domain, device_domain_deprecated;
type thermal_gov_exec, exec_type, file_type;

init_daemon_domain(thermal_gov)

allow thermal_gov shell_exec:file rx_file_perms;

# write to files in /sys/class/thermal/thermal_zone
allow thermal_gov sysfs:file w_file_perms;

# execute toolbox/toybox
allow thermal_gov toolbox_exec:file rx_file_perms;