1# Copyright (c) 2022-2023 Huawei Device Co., Ltd. 2# Licensed under the Apache License, Version 2.0 (the "License"); 3# you may not use this file except in compliance with the License. 4# You may obtain a copy of the License at 5# 6# http://www.apache.org/licenses/LICENSE-2.0 7# 8# Unless required by applicable law or agreed to in writing, software 9# distributed under the License is distributed on an "AS IS" BASIS, 10# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11# See the License for the specific language governing permissions and 12# limitations under the License 13 14allow hiprofiler_cmd devpts:chr_file { read write }; 15allow hiprofiler_cmd hdcd:fd use; 16allow hiprofiler_cmd hdcd:unix_stream_socket { read write }; 17allow hiprofiler_cmd proc_cpuinfo_file:file { open read }; 18allow hiprofiler_cmd sh:fd use; 19allow hiprofiler_cmd tty_device:chr_file { read write }; 20allow hiprofiler_cmd node:tcp_socket node_bind; 21allow hiprofiler_cmd self:netlink_route_socket { create nlmsg_read read write }; 22allow hiprofiler_cmd self:tcp_socket { bind create setopt }; 23allow hiprofiler_cmd port:tcp_socket name_connect; 24allow hiprofiler_cmd self:tcp_socket { connect getattr getopt read write }; 25allow hiprofiler_cmd self:tcp_socket shutdown; 26allow hiprofiler_cmd data_local:dir search; 27 28allow hiprofiler_cmd rootfs:file { read }; 29 30allow hiprofiler_cmd dev_unix_socket:dir search; 31allow hiprofiler_cmd hdcd:fifo_file write; 32allow hiprofiler_cmd ohos_boot_param:file { map open read }; 33allow hiprofiler_cmd ohos_param:file { map open read }; 34allow hiprofiler_cmd sh:fifo_file write; 35allow hiprofiler_cmd system_bin_file:dir search; 36 37allow hiprofiler_cmd const_param:file { map open read }; 38allow hiprofiler_cmd init_param:file { map open read }; 39allow hiprofiler_cmd net_tcp_param:file { open read }; 40allow hiprofiler_cmd sys_usb_param:file { map open }; 41 42allow hiprofiler_cmd hw_sc_param:file { open read }; 43allow hiprofiler_cmd net_param:file { map open read }; 44allow hiprofiler_cmd net_tcp_param:file map; 45allow hiprofiler_cmd persist_param:file read; 46allow hiprofiler_cmd security_param:file { map open read }; 47 48allow hiprofiler_cmd const_postinstall_param:file { map open read }; 49allow hiprofiler_cmd hw_sc_build_param:file { map open read }; 50allow hiprofiler_cmd hw_sc_param:file map; 51allow hiprofiler_cmd init_svc_param:file { map open read }; 52 53allow hiprofiler_cmd hw_sc_build_os_param:file { open read }; 54allow hiprofiler_cmd persist_param:file { map open }; 55allow hiprofiler_cmd persist_sys_param:file { open read }; 56 57allow hiprofiler_cmd const_postinstall_fstab_param:file { map open read }; 58allow hiprofiler_cmd debug_param:file { map open read }; 59allow hiprofiler_cmd hw_sc_build_os_param:file map; 60allow hiprofiler_cmd persist_sys_param:file map; 61allow hiprofiler_cmd startup_param:file { open read }; 62 63allow hiprofiler_cmd const_postinstall_fstab_param:file { map open read }; 64allow hiprofiler_cmd hw_sc_build_os_param:file map; 65allow hiprofiler_cmd persist_sys_param:file map; 66 67allow hiprofiler_cmd bootevent_param:file { map open read }; 68allow hiprofiler_cmd const_allow_mock_param:file { map open read }; 69allow hiprofiler_cmd const_allow_param:file { map open read }; 70allow hiprofiler_cmd startup_param:file map; 71 72allow hiprofiler_cmd build_version_param:file { open read }; 73allow hiprofiler_cmd data_file:dir search; 74allow hiprofiler_cmd dev_file:sock_file write; 75allow hiprofiler_cmd netsysnative:unix_stream_socket connectto; 76 77allow hiprofiler_cmd bootevent_samgr_param:file read; 78allow hiprofiler_cmd build_version_param:file map; 79allow hiprofiler_cmd const_display_brightness_param:file read; 80allow hiprofiler_cmd distributedsche_param:file { map open read }; 81 82allow hiprofiler_cmd bootevent_samgr_param:file { map open }; 83allow hiprofiler_cmd const_build_param:file { map open read }; 84allow hiprofiler_cmd const_display_brightness_param:file open; 85allow hiprofiler_cmd input_pointer_device_param:file { map open read }; 86 87allow hiprofiler_cmd const_display_brightness_param:file map; 88allow hiprofiler_cmd default_param:file { map open read }; 89 90allow hiprofiler_cmd sh:fifo_file ioctl; 91 92allow hiprofiler_cmd tty_device:chr_file { ioctl open }; 93 94allow hiprofiler_cmd rootfs:file getattr; 95allow hiprofiler_cmd system_bin_file:lnk_file read; 96 97allow hiprofiler_cmd init:file read; 98allow hiprofiler_cmd kernel:file read; 99allow hiprofiler_cmd system_bin_file:file { execute execute_no_trans getattr map open read }; 100 101allow hiprofiler_cmd dev_unix_socket:dir remove_name; 102allow hiprofiler_cmd dev_unix_socket:sock_file unlink; 103allow hiprofiler_cmd hdf_devmgr:file read; 104allow hiprofiler_cmd hiprofiler_plugins:process sigkill; 105allow hiprofiler_cmd hiprofilerd:fd use; 106allow hiprofiler_cmd hiprofilerd:process sigkill; 107 108allow hiprofiler_cmd const_product_param:file { map open read }; 109allow hiprofiler_cmd hilog_param:file { map open read }; 110allow hiprofiler_cmd sys_param:file { map open read }; 111allow hiprofiler_cmd sys_usb_param:file read; 112 113allow hiprofiler_cmd hilogd:file read; 114allow hiprofiler_cmd hiprofilerd:process signal; 115 116allow hiprofiler_cmd domain:dir { search open read }; 117allow hiprofiler_cmd domain:file { getattr map open read }; 118 119allow hiprofiler_cmd dev_unix_socket:dir write; 120allow hiprofiler_cmd dev_unix_socket:sock_file write; 121 122allow hiprofiler_cmd dev_unix_socket:dir add_name; 123allow hiprofiler_cmd hiprofilerd:unix_stream_socket connectto; 124allow hiprofiler_cmd tmpfs:file { map read write }; 125 126allow hiprofiler_cmd kernel:unix_stream_socket connectto; 127 128allow hiprofiler_cmd dev_unix_socket:sock_file { create getattr setattr }; 129allow hiprofiler_cmd hook_param:parameter_service set; 130 131allow hiprofiler_cmd data_local_tmp:file { lock read getattr }; 132 133debug_only(` 134 allow hiprofiler_cmd data_local_tmp:file { create read open write }; 135 allow hiprofiler_cmd data_local_tmp:dir { add_name write search getattr }; 136 allow hiprofiler_cmd sh_exec:file { execute execute_no_trans map open read }; 137 allow hiprofiler_cmd self:capability { setgid }; 138') 139allow hiprofiler_cmd self:capability sys_ptrace; 140 141allow hiprofiler_cmd domain:process signal; 142allow hiprofiler_cmd hiview_exec:file { getattr map open read }; 143 144allow domain hiprofiler_cmd:fd use; 145allow domain hiprofiler_cmd:unix_stream_socket connectto; 146allow { domain -limit_domain } tmpfs:file { map read write }; 147allow hiprofiler_cmd ohos_dev_param:file { map open read }; 148allow hiprofiler_cmd dev_unix_file:sock_file unlink; 149allow hiprofiler_cmd paramservice_socket:sock_file write; 150 151allow hiprofiler_cmd appspawn_exec:file { open read }; 152allow hiprofiler_cmd normal_hap:lnk_file read; 153allow hiprofiler_cmd data_app_el1_file:dir search; 154allow hiprofiler_cmd data_app_el1_file:file { getattr map open read }; 155 156neverallow hiprofiler_cmd *:process ptrace; 157allow hiprofiler_cmd musl_param:file read; 158allow hiprofiler_cmd native_daemon:process sigkill; 159allow hiprofiler_cmd musl_param:file { map open }; 160allow hiprofiler_cmd security_param:parameter_service set; 161allow hiprofiler_cmd dnsproxy_service:sock_file write; 162allow hiprofiler_cmd proc_file:file { getattr open read }; 163 164allow hiprofiler_cmd hiviewdfx_profiler_param:parameter_service { set }; 165allow hiprofiler_cmd dev_console_file:chr_file { read write }; 166allowxperm hiprofiler_cmd devpts:chr_file ioctl { 0x5413 }; 167allow hiprofiler_cmd devpts:chr_file { ioctl }; 168allow hiprofiler_cmd vendor_bin_file:dir search; 169allow hiprofiler_cmd sysfs_devices_system_cpu:dir { read open }; 170