1# Copyright (c) 2022 Huawei Device Co., Ltd. 2# Licensed under the Apache License, Version 2.0 (the "License"); 3# you may not use this file except in compliance with the License. 4# You may obtain a copy of the License at 5# 6# http://www.apache.org/licenses/LICENSE-2.0 7# 8# Unless required by applicable law or agreed to in writing, software 9# distributed under the License is distributed on an "AS IS" BASIS, 10# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11# See the License for the specific language governing permissions and 12# limitations under the License. 13 14allow sh accessibility:dir { getattr search }; 15allow sh accessibility:file { read }; 16allow sh accountmgr:dir { getattr search }; 17allow sh accountmgr:file { open read }; 18allow sh appspawn:file { read }; 19allow sh audio_hdi_server_host:file { read }; 20allow sh audio_policy:file { read }; 21allow sh bluetooth_service:dir { getattr search }; 22allow sh bluetooth_service:file { read }; 23allow sh camera_host:file { read }; 24allow sh codec_host:file { read }; 25allow sh console:file { read }; 26allow sh data_data_file:dir { add_name create read search setattr write }; 27allow sh data_file:dir { write }; 28allow sh dev_kmsg_file:chr_file { open read }; 29allow sh dev_unix_socket:sock_file { write }; 30allow sh deviceauth_service:dir { getattr search }; 31allow sh deviceauth_service:file { read }; 32allow sh download_server:file { read }; 33allow sh edm_sa:dir { getattr search }; 34allow sh edm_sa:file { open read }; 35allow sh face_auth_host:file { read }; 36allow sh faultloggerd:file { read }; 37allow sh fingerprint_auth_host:file { read }; 38allow sh hdf_devmgr:dir { getattr search }; 39allow sh hdf_devmgr:file { open read }; 40allow sh hilog_control_socket:sock_file { write }; 41allow sh hilog_exec:file { execute execute_no_trans getattr map read open }; 42allow sh hilogd:dir { getattr search }; 43allow sh hilogd:file { open read }; 44allow sh hiview:file { read }; 45allow sh huks_service:dir { getattr search }; 46allow sh huks_service:file { read }; 47allow sh init:dir { getattr search }; 48allow sh init:file { open read }; 49allow sh init:unix_stream_socket { connectto }; 50allow sh input_user_host:file { read }; 51allow sh ispserver:dir { getattr search }; 52allow sh ispserver:file { open read }; 53allow sh kernel:dir { getattr search }; 54allow sh kernel:file { open read }; 55allow sh kernel:system { syslog_read }; 56allow sh kernel:unix_stream_socket { connectto }; 57allow sh light_host:file { read }; 58allow sh location_host:file { read }; 59allow sh locationhub:dir { getattr search }; 60allow sh locationhub:file { read }; 61allow sh mmi_uinput_service:dir { getattr search }; 62allow sh mmi_uinput_service:file { open read }; 63allow sh msdp_sa:file { read }; 64allow sh multimodalinput:dir { getattr search }; 65allow sh multimodalinput:file { open }; 66allow sh param_watcher:file { read }; 67allow sh paramservice_socket:sock_file { write }; 68allow sh pasteboard_service:file { read }; 69allow sh pin_auth_host:file { read }; 70allow sh pinauth:file { read }; 71allow sh pulseaudio:dir { getattr search }; 72allow sh pulseaudio:file { open read }; 73allow sh rootfs:dir { open read }; 74allow sh samgr:dir { getattr search }; 75allow sh samgr:file { open read }; 76allow sh screenlock_server:file { read }; 77allow sh security:security { setenforce }; 78allow sh selinuxfs:dir { search }; 79allow sh selinuxfs:file { open read write }; 80allow sh sensor_host:file { read }; 81allow sh sh_exec:file { execute_no_trans }; 82allow sh storage_daemon:dir { getattr search }; 83allow sh storage_daemon:file { open read }; 84allow sh storage_manager:dir { getattr search }; 85allow sh storage_manager:file { open read }; 86allow sh system_file:dir { remove_name write }; 87allow sh system_file:file { unlink }; 88allow sh time_service:dir { getattr search }; 89allow sh time_service:file { read }; 90allow sh tmpfs:dir { add_name create open read write }; 91allow sh tmpfs:file { create create getattr open write }; 92allow sh udevd:dir { getattr search }; 93allow sh udevd:file { open read }; 94allow sh ueventd:file { read }; 95allow sh user_auth_host:file { read }; 96allow sh vibrator_host:file { read }; 97allow sh wallpaper_service:file { read }; 98allow sh watchdog_service:dir { getattr search }; 99allow sh watchdog_service:file { open read }; 100allow sh sa_quick_fix_mgr_service:samgr_class { get }; 101allow sh quick_fix:dir { getattr search }; 102allow sh quick_fix:file { open read}; 103allow sh quick_fix:binder { call }; 104 105debug_only(` 106 allow sh time_service:binder { call }; 107 allow sh time_service:binder { transfer }; 108') 109