• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# Copyright (c) 2022-2022 Huawei Device Co., Ltd.
2# Licensed under the Apache License, Version 2.0 (the "License");
3# you may not use this file except in compliance with the License.
4# You may obtain a copy of the License at
5#
6#     http://www.apache.org/licenses/LICENSE-2.0
7#
8# Unless required by applicable law or agreed to in writing, software
9# distributed under the License is distributed on an "AS IS" BASIS,
10# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11# See the License for the specific language governing permissions and
12# limitations under the License.
13
14#avc:  denied  { add } for service=3302 pid=608 scontext=u:r:bluetooth_service:s0 tcontext=u:object_r:sa_bluetooth_server:s0 tclass=samgr_class permissive=1
15allow bluetooth_service sa_bluetooth_server:samgr_class { add };
16
17#avc:  denied  { call } for pid=293 comm="bluetooth_servi" scontext=u:r:bluetooth_service:s0 tcontext=u:r:audio_policy:s0 tclass=binder permissive=1
18#avc:  denied  { transfer } for pid=310 comm="bluetooth_servi" scontext=u:r:bluetooth_service:s0 tcontext=u:r:audio_policy:s0 tclass=binder permissive=1
19allow bluetooth_service audio_policy:binder { call transfer };
20
21#avc:  denied  {search} for pid=371 comm="threaded-ml" name="data" dev="mmcblk0p7" ino=1436162 scontext=u:r:bluetooth_service:s0 tcontext=u:object_r:data_bluetooth:s0 tclass=dir permissive=1
22allow bluetooth_service data_bluetooth:dir { search };
23
24#avc:  denied  { getattr } for pid=371 comm="threaded-ml" path="/data/data/.pulse_dir/state" dev="mmcblk0p7" ino=1436167 scontext=u:r:bluetooth_service:s0 tcontext=u:object_r:data_data_pudata_bluetoothlse_dir:s0 tclass=file permissive=1
25#avc:  denied  { open } for pid=371 comm="threaded-ml" path="/data/data/.pulse_dir/state/cookie" dev="mmcblk0p7" ino=1436170 scontext=u:r:bluetooth_service:s0 tcontext=u:object_r:data_bluetooth:s0 tclass=file permissive=1
26#avc:  denied  { read } for pid=371 comm="threaded-ml" name="state" dev="mmcblk0p7" ino=1436167 scontext=u:r:bluetooth_service:s0 tcontext=u:object_r:data_bluetooth:s0 tclass=file permissive=1
27allow bluetooth_service data_bluetooth:file { getattr open read };
28
29#avc:  denied  { search } for pid=371 comm="threaded-ml" name="/" dev="mmcblk0p7" ino=2 scontext=u:r:bluetooth_service:s0 tcontext=u:object_r:data_file:s0 tclass=dir permissive=1
30allow bluetooth_service data_file:dir { search};
31
32allow bluetooth_service samain_exec:file { entrypoint execute map read };
33
34#avc:  denied  { call } for pid=293 comm="bluetooth_servi" scontext=u:r:bluetooth_service:s0 tcontext=u:r:samgr:s0 tclass=binder permissive=1
35#avc:  denied  {transfer} for pid=310 comm="bluetooth_servi" scontext=u:r:bluetooth_service:s0 tcontext=u:r:samgr:s0 tclass=binder permissive=1
36allow bluetooth_service samgr:binder { call transfer };
37
38#avc:  denied  { call } for pid=293 comm="bluetooth_servi" scontext=u:r:bluetooth_service:s0 tcontext=u:r:softbus_server:s0 tclass=binder permissive=1
39#avc:  denied  {transfer} for pid=310 comm="bluetooth_servi" scontext=u:r:bluetooth_service:s0 tcontext=u:r:softbus_server:s0 tclass=binder permissive=1
40allow bluetooth_service softbus_server:binder { call transfer };
41
42allow bluetooth_service tmpfs:lnk_file { read };
43
44allow bluetooth_service vendor_file:file { execute getattr map open read };
45
46#avc:  denied  { get } for service=5100 pid=278 scontext=u:r:bluetooth_service:s0 tcontext=u:r:sa_device_service_manager:s0 tclass=samgr_class permissive=1
47allow bluetooth_service sa_device_service_manager:samgr_class { get };
48
49#avc:  denied  { get } for service=hci_interface_service pid=278 scontext=u:r:bluetooth_service:s0 tcontext=u:r:hdf_hci_interface_service:s0 tclass=hdf_devmgr_class permissive=1
50allow bluetooth_service hdf_hci_interface_service:hdf_devmgr_class { get };
51
52#avc:  denied  { get } for service=4010 pid=278 scontext=u:r:bluetooth_service:s0 tcontext=u:r:sa_telephony_tel_core_service:s0 tclass=samgr_class permissive=1
53allow bluetooth_service sa_telephony_tel_core_service:samgr_class { get };
54
55#avc:  denied  { get } for service=4005 pid=278 scontext=u:r:bluetooth_service:s0 tcontext=u:r:sa_foundation_tel_call_manager:s0 tclass=samgr_class permissive=1
56allow bluetooth_service sa_foundation_tel_call_manager:samgr_class { get };
57
58#avc:  denied  { get } for pid=279 scontext=u:r:bluetooth_service:s0 tcontext=u:r:hdf_device_manager:s0 tclass=hdf_devmgr_class permissive=1
59allow bluetooth_service hdf_device_manager:hdf_devmgr_class { get };
60
61#avc:  denied  { get } for service=1130 pid=8861 scontext=u:r:system_core_hap:s0 tcontext=u:object_r:sa_bluetooth_server:s0 tclass=samgr_class permissive=1
62allow system_core_hap sa_bluetooth_server:samgr_class { get };
63
64#avc:  denied  { get } for service=1130 pid=1983 scontext=u:r:sh:s0 tcontext=u:object_r:sa_bluetooth_server:s0 tclass=samgr_class permissive=1
65allow sh sa_bluetooth_server:samgr_class { get };
66
67#avc:  denied  { get } for service=1130 pid=2180 scontext=u:r:a2dp_host:s0 tcontext=u:object_r:sa_bluetooth_server:s0 tclass=samgr_class permissive=1
68allow a2dp_host sa_bluetooth_server:samgr_class { get };
69
70allow bluetooth_service dev_tun_file:chr_file { open read write ioctl };
71allow bluetooth_service bluetooth_service:udp_socket { create ioctl read write shutdown };
72allowxperm bluetooth_service bluetooth_service:udp_socket ioctl { 0x8927 0x8914 0x8924 0x891c 0x8916 0x8915 };
73allow bluetooth_service bluetooth_service:tun_socket { create ioctl read write shutdown };
74allowxperm bluetooth_service dev_tun_file:chr_file ioctl { 0x800454d2 0x400454ca };
75allow bluetooth_service bluetooth_service:capability { net_admin };
76allow bluetooth_service netmanager:binder { call transfer };
77allow bluetooth_service kernel:system { module_request };
78
79allow bluetooth_service dev_uhid_file:chr_file { read write };
80allow softbus_server bluetooth_service:fd { use };
81allow softbus_server bluetooth_service:unix_stream_socket { read write };
82allow softbus_server bluetooth_service:unix_stream_socket { setopt };
83allow softbus_server bluetooth_service:unix_stream_socket { shutdown };
84allow bluetooth_service data_bluetooth:dir { remove_name };
85allow bluetooth_service data_bluetooth:file { rename };
86allow bluetooth_service data_bluetooth:file { unlink };
87allow bluetooth_service sh:binder { transfer };
88allow bluetooth_service sh:binder { call };
89allow bluetooth_service dev_uhid_file:chr_file { open };
90allow sh bluetooth_service:fd { use };
91allow sh bluetooth_service:unix_stream_socket { read write };
92allow sh bluetooth_service:unix_stream_socket { setopt };
93allow sh bluetooth_service:unix_stream_socket { shutdown };
94allow sh bluetooth_service:binder { call };
95allow sh bluetooth_service:binder { transfer };
96allow bluetooth_service normal_hap:binder { call transfer };
97allow normal_hap bluetooth_service:fd { use };
98
99#avc:  denied  { call } for  pid=1934 comm="jsThread-1" scontext=u:r:system_core_hap:s0 tcontext=u:r:bluetooth_service:s0 tclass=binder permissive=0
100allow system_core_hap bluetooth_service:binder { call transfer };
101
102#avc:  denied  { call } for  pid=380 comm="1IPC_450" scontext=u:r:bluetooth_service:s0 tcontext=u:r:system_core_hap:s0 tclass=binder permissive=1
103allow bluetooth_service system_core_hap:binder { call transfer };
104
105allow bluetooth_service dev_console_file:chr_file { read write };
106allow bluetooth_service data_service_file:dir { search };
107allow bluetooth_service data_service_el1_file:dir { search write add_name remove_name };
108allow bluetooth_service data_service_el1_file:file { getattr open read write rename unlink ioctl create};
109
110