1# Copyright (c) 2022 Huawei Device Co., Ltd. 2# Licensed under the Apache License, Version 2.0 (the "License"); 3# you may not use this file except in compliance with the License. 4# You may obtain a copy of the License at 5# 6# http://www.apache.org/licenses/LICENSE-2.0 7# 8# Unless required by applicable law or agreed to in writing, software 9# distributed under the License is distributed on an "AS IS" BASIS, 10# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11# See the License for the specific language governing permissions and 12# limitations under the License 13 14allow hdcd data_local:file { read open getattr create write }; 15allow hdcd data_local:dir { search getattr read write add_name open create }; 16allow hdcd data_local_tmp:file { write create setattr read append open getattr unlink }; 17allow hdcd data_local_tmp:dir { add_name remove_name write create setattr search getattr read open }; 18allow hdcd data_local_traces:dir { read open getattr }; 19 20allow hdcd vendor_lib_file:file { read getattr }; 21allow hdcd vendor_lib_file:dir { read getattr search }; 22 23allow hdcd self:tcp_socket { accept ioctl setopt read write create bind listen getattr connect name_connect getopt }; 24allow hdcd port:tcp_socket { name_bind name_connect }; 25allow hdcd node:tcp_socket { node_bind }; 26allow hdcd self:udp_socket { create setopt bind }; 27allow hdcd port:udp_socket { name_bind }; 28allow hdcd node:udp_socket { node_bind }; 29allow hdcd sh:process { signal sigkill }; 30allow hdcd hdcd_exec:file { open execute_no_trans entrypoint execute map read }; 31 32allow hdcd kernel:system { syslog_read }; 33allow hdcd kernel:unix_stream_socket { connectto }; 34allow hdcd kernel:process { setsched }; 35 36allow hdcd dev_rtc_file:chr_file { write open ioctl }; 37 38allow hdcd vendor_file:dir { getattr }; 39allow hdcd tmpfs:dir { open read }; 40allow hdcd tmpfs:file { getattr open read }; 41allow hdcd data_file:dir { read write open create getattr search rmdir add_name }; 42allow hdcd data_file:file { read getattr open }; 43allow hdcd system_file:dir { getattr }; 44allow hdcd system_file:file { open }; 45 46allow hdcd tty_device:chr_file { ioctl read write open }; 47allow hdcd system_bin_file:lnk_file { read }; 48allow hdcd system_bin_file:dir { search getattr }; 49allow hdcd system_bin_file:file { open }; 50 51allow hdcd lib_file:lnk_file { read }; 52allow hdcd dev_kmsg_file:chr_file { read open }; 53allow hdcd vendor_lib_file:file { open map execute }; 54 55allow hdcd dev_unix_socket:dir { search }; 56allow hdcd dev_unix_socket:sock_file { write }; 57 58allow hdcd data_init_agent:dir { search write add_name }; 59allow hdcd data_init_agent:file { create }; 60 61allow hdcd dev_ptmx:chr_file { read write open ioctl }; 62allow hdcd dev_pts_file:dir { search }; 63allow hdcd devpts:chr_file { read write open }; 64allow hdcd paramservice_socket:sock_file { write }; 65 66allow hdcd dev_block_file:dir { search }; 67allow hdcd dev_block_file:lnk_file { read }; 68allow hdcd dev_block_file:blk_file { ioctl }; 69allow hdcd dev_block_volfile:dir { search }; 70 71allow hdcd bootevent_param:file { map open read }; 72allow hdcd bootevent_samgr_param:file { map open read }; 73allow hdcd build_version_param:file { map open read }; 74allow hdcd const_allow_mock_param:file { map open read }; 75allow hdcd const_allow_param:file { map open read }; 76allow hdcd const_build_param:file { map open read }; 77allow hdcd const_display_brightness_param:file { map open read }; 78allow hdcd const_param:file { map open read }; 79allow hdcd const_postinstall_fstab_param:file { map open read }; 80allow hdcd const_postinstall_param:file { map open read }; 81allow hdcd const_product_param:file { map open read }; 82allow hdcd data_app_el1_file:dir { add_name getattr search write }; 83allow hdcd data_app_el1_file:file { create write open }; 84allow hdcd data_app_file:dir { search }; 85allow hdcd data_log:dir { search }; 86allow hdcd debug_param:file { map open read }; 87allow hdcd default_param:file { map open read }; 88allow hdcd dev_usb_ffs:dir { open read search }; 89allow hdcd distributedsche_param:file { map open read }; 90allow hdcd faultloggerd_temp_file:dir { search }; 91allow hdcd faultloggerd_temp_file:file { getattr open read }; 92allow hdcd functionfs:dir { search }; 93allow hdcd functionfs:file { open read write }; 94allow hdcd hilog_param:file { map open read }; 95allow hdcd hw_sc_build_os_param:file { map open read }; 96allow hdcd hw_sc_build_param:file { map open read }; 97allow hdcd hw_sc_param:file { map open read }; 98allow hdcd init_param:file { map open read }; 99allow hdcd init_svc_param:file { map open read }; 100allow hdcd input_pointer_device_param:file { map open read }; 101allow hdcd net_param:file { map read open }; 102allow hdcd net_tcp_param:file { map open read }; 103allow hdcd ohos_boot_param:file { map open read }; 104allow hdcd ohos_param:file { map open read }; 105allow hdcd persist_param:file { map open read }; 106allow hdcd persist_sys_param:file { map open read }; 107allow hdcd security_param:file { map open read }; 108allow hdcd startup_param:file { map open read }; 109allow hdcd sys_file:file { open read }; 110allow hdcd sys_param:file { map open read }; 111allow hdcd sys_usb_param:file { map open read }; 112 113allow hdcd hmdfs:dir create_dir_perms; 114allow hdcd hmdfs:file create_file_perms; 115 116allow hdcd audio_policy:binder { call transfer }; 117allow hdcd pulseaudio:binder { call }; 118allow hdcd sa_audio_policy_service:samgr_class { get }; 119allow hdcd sa_pulseaudio_audio_service:samgr_class { get }; 120 121allow hdcd memmgrservice:dir { getattr search }; 122allow hdcd memmgrservice:file { open read }; 123 124allow hdcd sys_param:parameter_service { set }; 125allow hdcd persist_param:parameter_service { set }; 126allow hdcd servicectrl_reboot_param:parameter_service { set }; 127 128allow hdcd { normal_hap system_basic_hap system_core_hap sh }:unix_stream_socket { connectto }; 129 130allow hdcd hiprofiler_plugins:process { signal }; 131allow hdcd hiprofilerd:process { signal }; 132allow hdcd bytrace:process { signal }; 133allow hdcd hitrace:process { signal }; 134allow hdcd hidumper:process { signal }; 135allow hdcd hidumper_file:dir { search }; 136allow hdcd hiperf:process { signal }; 137allow hdcd hidumper_file:file { getattr open read }; 138allow hdcd hilogd_exec:file { execute read open getattr execute_no_trans map }; 139allow hdcd hiview_exec:file { execute read open getattr execute_no_trans map }; 140allow hdcd hisysevent_exec:file { execute read open getattr execute_no_trans map }; 141 142debug_only(` 143 allow hdcd self:capability { setuid setgid dac_override dac_read_search sys_admin }; 144 145 allow hdcd data_file:file { unlink write create setattr }; 146 allow hdcd dev_block_file:blk_file { open read }; 147 148 allow hdcd system_file:dir { add_name write }; 149 allow hdcd system_file:file { create write }; 150 allow hdcd system_bin_file:dir { add_name create write }; 151 allow hdcd system_bin_file:file { create write }; 152 allow hdcd system_etc_file:dir { add_name write }; 153 allow hdcd system_etc_file:file { create write }; 154 155 allow hdcd vendor_lib_file:dir { write }; 156 allow hdcd vendor_lib_file:file { write }; 157 158 allow hdcd labeledfs:filesystem { remount }; 159 160 allow hdcd { file_attr -data_hilogd_file -data_parameters }:dir create_dir_perms; 161 allow hdcd { file_attr -data_hilogd_file -dev_parameters_file -data_parameters }:file create_file_perms; 162 163 allow hdcd system_core_hap_data_file:file { create write open }; 164 allow hdcd system_core_hap_data_file:dir { add_name search write getattr open }; 165 allow hdcd system_basic_hap_data_file:dir { read open getattr }; 166 allow hdcd normal_hap_data_file:dir { read open search}; 167') 168 169domain_auto_transition_pattern(hdcd, sh_exec, sh); 170