1# Copyright (c) 2022 Huawei Device Co., Ltd. 2# Licensed under the Apache License, Version 2.0 (the "License"); 3# you may not use this file except in compliance with the License. 4# You may obtain a copy of the License at 5# 6# http://www.apache.org/licenses/LICENSE-2.0 7# 8# Unless required by applicable law or agreed to in writing, software 9# distributed under the License is distributed on an "AS IS" BASIS, 10# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11# See the License for the specific language governing permissions and 12# limitations under the License 13 14allow audio_policy pulseaudio:binder transfer; 15allow pulseaudio audio_policy:binder call; 16allow deviceauth_service paramservice_socket:sock_file write; 17allow deviceauth_service kernel:unix_stream_socket connectto; 18allow foundation data_service_el1_file:file ioctl; 19allow telephony_sa vendor_etc_file:dir search; 20allow time_service data_file:dir getattr; 21allow time_service data_service_el1_file:dir getattr; 22allow udevd dev_port:chr_file getattr; 23allow hiperf hdcd:fifo_file { ioctl write }; 24allow usb_service self:unix_dgram_socket { getopt setopt }; 25 26allow init dev_block_file:blk_file ioctl; 27allow init hook_param:file relabelto; 28allow { sadomain hdfdomain hap_domain nativedomain } hook_param:file { map open read }; 29allow normal_hap normal_hap_data_file:file ioctl; 30 31allow { sadomain -hilogd } system_core_hap_data_file:file { read write }; 32allow appspawn accesstoken_service:binder call; 33allow appspawn accountmgr:binder call; 34allow appspawn dev_console_file:chr_file { read write }; 35allow appspawn foundation:binder { call transfer }; 36allow appspawn hdcd:unix_stream_socket connectto; 37allow appspawn multimodalinput:binder call; 38allow appspawn multimodalinput:fd use; 39allow appspawn multimodalinput:unix_stream_socket { read write }; 40allow appspawn musl_param:file { map open read }; 41allow appspawn normal_hap:binder { call transfer }; 42allow appspawn normal_hap:fd use; 43allow appspawn normal_hap_data_file:dir search; 44allow appspawn render_service:binder { call transfer }; 45allow appspawn render_service:fd use; 46allow appspawn resource_schedule_service:binder call; 47allow appspawn samgr:binder call; 48allow appspawn system_file:file { getattr open read }; 49allow appspawn system_lib_file:dir { open read }; 50allow appspawn tracefs:dir search; 51allow appspawn tracefs_trace_marker_file:file { open write }; 52allow appspawn accessibility:binder { call transfer }; 53allow appspawn dev_mali:chr_file { getattr ioctl open read write }; 54allow appspawn param_watcher:binder { call transfer }; 55 56allow init dev_dri_file:dir search; 57allow init data_updater_file:dir add_name; 58allow init data_service_el0_file:dir relabelfrom; 59allow init data_startup:file getattr; 60allow init musl_param:file read; 61allow init chip_prod_file:dir search; 62allow init sys_prod_file:dir search; 63allow init data_local_tmp:dir search; 64allow init dev_unix_socket:sock_file unlink; 65 66allow samgr appspawn:binder transfer; 67allow samgr appspawn:dir search; 68allow samgr appspawn:file { open read }; 69allow samgr dev_console_file:chr_file { read write }; 70allow samgr hiprofiler_plugins:dir search; 71allow samgr hiprofiler_plugins:file { open read }; 72allow samgr hiprofiler_plugins:binder transfer; 73allow samgr hiprofiler_plugins:process getattr; 74 75allow hiview hiprofiler_plugins:binder call; 76allow deviceauth_service dev_console_file:chr_file { read write }; 77