1# Copyright (c) 2022 Huawei Device Co., Ltd. 2# Licensed under the Apache License, Version 2.0 (the "License"); 3# you may not use this file except in compliance with the License. 4# You may obtain a copy of the License at 5# 6# http://www.apache.org/licenses/LICENSE-2.0 7# 8# Unless required by applicable law or agreed to in writing, software 9# distributed under the License is distributed on an "AS IS" BASIS, 10# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11# See the License for the specific language governing permissions and 12# limitations under the License. 13 14allow netsysnative dev_unix_socket:dir { search }; 15allow netsysnative netsysnative:capability { net_admin net_raw net_bind_service }; 16allow netsysnative netsysnative:netlink_route_socket { create listen nlmsg_write write }; 17allow netsysnative netsysnative:unix_dgram_socket { ioctl }; 18allow netsysnative sh_exec:file { execute execute_no_trans map open read }; 19allow netsysnative netsysnative:netlink_nflog_socket { bind getopt setopt }; 20allow netsysnative netsysnative:rawip_socket { create getopt setopt }; 21allow netsysnative proc_file:file { write open read }; 22allow netsysnative proc_net:file { getattr }; 23allow netsysnative system_bin_file:file { execute execute_no_trans getattr map open read }; 24allow netsysnative system_etc_file:file { lock }; 25allow netsysnative tty_device:chr_file { open read write }; 26allow netsysnative netsysnative:udp_socket { bind read getopt setopt connect write }; 27allow netsysnative port:udp_socket { name_bind }; 28allow netsysnative node:udp_socket { node_bind }; 29allow netsysnative dev_file:sock_file { write unlink }; 30allow netsysnative dev_console_file:chr_file { read write }; 31allow netsysnative dev_file:dir { remove_name }; 32allow netsysnative netsysnative:netlink_netfilter_socket { listen }; 33allow netsysnative netsysnative:netlink_kobject_uevent_socket { listen }; 34allow netsysnative system_bin_file:lnk_file { read }; 35allow netsysnative accessibility_param:file { read open map }; 36allow netsysnative data_service_file:dir { search }; 37allow netsysnative data_service_el1_file:dir { search write add_name }; 38allow netsysnative data_service_el1_file:file { create write open ioctl read }; 39allow netsysnative fwmark_service:sock_file { create unlink setattr write }; 40allow netsysnative dnsproxy_service:sock_file { create unlink setattr }; 41allow netsysnative netsysnative:process { setfscreate }; 42allow netsysnative normal_hap:fd { use }; 43allow netsysnative normal_hap:tcp_socket { read write getopt setopt }; 44allow netsysnative normal_hap:unix_dgram_socket { read write getopt setopt }; 45allow netsysnative normal_hap:udp_socket { read write getopt setopt }; 46allow netsysnative normal_hap:unix_stream_socket { read write getopt setopt }; 47allowxperm netsysnative netsysnative:unix_dgram_socket ioctl { 0x8933 }; 48allow init dev_unix_file:sock_file { unlink }; 49