1# Copyright (c) 2022-2023 Huawei Device Co., Ltd. 2# Licensed under the Apache License, Version 2.0 (the "License"); 3# you may not use this file except in compliance with the License. 4# You may obtain a copy of the License at 5# 6# http://www.apache.org/licenses/LICENSE-2.0 7# 8# Unless required by applicable law or agreed to in writing, software 9# distributed under the License is distributed on an "AS IS" BASIS, 10# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11# See the License for the specific language governing permissions and 12# limitations under the License 13 14allow hiprofilerd dev_unix_socket:dir search; 15allow hiprofilerd devpts:chr_file { read write }; 16allow hiprofilerd hdcd:fd use; 17allow hiprofilerd hdcd:unix_stream_socket { read write }; 18allow hiprofilerd hdcd:fifo_file write; 19allow hiprofilerd node:tcp_socket node_bind; 20allow hiprofilerd proc_cpuinfo_file:file { open read }; 21allow hiprofilerd proc_file:file { getattr open read }; 22allow hiprofilerd sh:fd use; 23allow hiprofilerd tty_device:chr_file { read write }; 24allow hiprofilerd data_file:dir search; 25allow hiprofilerd data_init_agent:dir search; 26allow hiprofilerd data_init_agent:file { append ioctl open read }; 27allow hiprofilerd self:tcp_socket { accept read write }; 28allow hiprofilerd self:tcp_socket shutdown; 29allow hiprofilerd self:tcp_socket { bind create getattr getopt listen setopt }; 30allow hiprofilerd dev_unix_socket:dir { add_name remove_name write }; 31allow hiprofilerd dev_unix_socket:sock_file { create unlink }; 32allow hiprofilerd system_bin_file:dir search; 33allow hiprofilerd data_local:dir search; 34allow hiprofilerd tmpfs:file { map read write }; 35 36allow hiprofilerd bootevent_samgr_param:file { map open read }; 37allow hiprofilerd build_version_param:file { map open read }; 38allow hiprofilerd const_product_param:file { map open read }; 39 40allow hiprofilerd dev_file:sock_file write; 41allow hiprofilerd distributedsche_param:file { open read }; 42allow hiprofilerd hilog_param:file { map open read }; 43allow hiprofilerd hw_sc_build_os_param:file read; 44allow hiprofilerd hw_sc_build_param:file read; 45allow hiprofilerd hw_sc_param:file { open read }; 46allow hiprofilerd init_param:file read; 47allow hiprofilerd net_param:file { open read }; 48allow hiprofilerd net_tcp_param:file { map open read }; 49allow hiprofilerd netsysnative:unix_stream_socket connectto; 50allow hiprofilerd ohos_boot_param:file { map open read }; 51allow hiprofilerd ohos_param:file { map open read }; 52allow hiprofilerd persist_param:file read; 53allow hiprofilerd security_param:file { map open read }; 54allow hiprofilerd sys_param:file { map open read }; 55allow hiprofilerd sys_usb_param:file { map open read }; 56 57allow hiprofilerd const_allow_param:file read; 58allow hiprofilerd const_param:file read; 59allow hiprofilerd const_postinstall_fstab_param:file read; 60allow hiprofilerd const_postinstall_param:file read; 61allow hiprofilerd hw_sc_build_os_param:file open; 62allow hiprofilerd hw_sc_build_param:file open; 63allow hiprofilerd hw_sc_param:file map; 64allow hiprofilerd init_param:file open; 65allow hiprofilerd init_svc_param:file read; 66allow hiprofilerd net_param:file map; 67 68allow hiprofilerd bootevent_param:file { open read }; 69allow hiprofilerd const_allow_mock_param:file read; 70allow hiprofilerd const_allow_param:file { map open }; 71allow hiprofilerd const_param:file { map open }; 72allow hiprofilerd const_postinstall_fstab_param:file { map open }; 73allow hiprofilerd const_postinstall_param:file { map open }; 74 75allow hiprofilerd debug_param:file { map open read }; 76allow hiprofilerd distributedsche_param:file map; 77allow hiprofilerd hw_sc_build_os_param:file map; 78allow hiprofilerd hw_sc_build_param:file map; 79allow hiprofilerd init_param:file map; 80allow hiprofilerd init_svc_param:file { map open }; 81allow hiprofilerd input_pointer_device_param:file { map open read }; 82allow hiprofilerd persist_param:file { map open }; 83allow hiprofilerd persist_sys_param:file { map open read }; 84allow hiprofilerd startup_param:file { map open read }; 85 86allow hiprofilerd bootevent_param:file map; 87allow hiprofilerd const_allow_mock_param:file { map open }; 88allow hiprofilerd const_build_param:file { map open read }; 89allow hiprofilerd const_display_brightness_param:file { map open read }; 90 91allow hiprofilerd default_param:file { map open read }; 92allow hiprofilerd system_bin_file:file { map open read execute execute_no_trans }; 93allow hiprofilerd dev_unix_socket:sock_file { getattr setattr }; 94 95allow hiprofilerd hiprofiler_cmd:fd use; 96allow hiprofilerd rootfs:file read; 97 98allow hiprofilerd data_local_tmp:file { getattr read ioctl lock create read open write }; 99allow hiprofilerd data_local_tmp:dir { search add_name write open getattr }; 100 101debug_only(` 102 allow hiprofilerd sh_exec:file { execute execute_no_trans map open read }; 103 allow hiprofilerd self:capability setgid; 104') 105 106allow hiprofilerd dev_unix_socket:sock_file write; 107allow hiprofilerd hiprofiler_cmd:unix_stream_socket connectto; 108allow hiprofilerd ohos_dev_param:file { open read map}; 109allow hiprofilerd system_bin_file:file getattr; 110allow hiprofilerd system_bin_file:lnk_file read; 111allow hiprofilerd tty_device:chr_file { ioctl open }; 112allow hiprofilerd musl_param:file { map open read }; 113allow hiprofilerd dev_unix_file:sock_file unlink; 114allow hiprofilerd dev_ashmem_file:chr_file { open }; 115allow hiprofilerd proc_file:file getattr; 116 117allow hiprofilerd sa_foundation_bms:samgr_class get; 118allow hiprofilerd sa_param_watcher:samgr_class get; 119allow hiprofilerd samgr:binder { call }; 120allow hiprofilerd foundation:binder call; 121allow hiprofilerd dev_console_file:chr_file { read write }; 122allow hiprofilerd param_watcher:binder { call }; 123allow hiprofilerd tracefs:dir search; 124allow hiprofilerd tracefs_trace_marker_file:file { open write }; 125allow hiprofilerd vendor_bin_file:dir search; 126allow hiprofilerd sysfs_devices_system_cpu:dir { read open }; 127 128allow hiprofilerd hap_domain:dir { read open getattr search }; 129allow hiprofilerd hap_domain:file { read open getattr map }; 130