• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# Copyright (c) 2022 Huawei Device Co., Ltd.
2# Licensed under the Apache License, Version 2.0 (the "License");
3# you may not use this file except in compliance with the License.
4# You may obtain a copy of the License at
5#
6#     http://www.apache.org/licenses/LICENSE-2.0
7#
8# Unless required by applicable law or agreed to in writing, software
9# distributed under the License is distributed on an "AS IS" BASIS,
10# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11# See the License for the specific language governing permissions and
12# limitations under the License.
13
14type dcamera, sadomain, domain;
15type sa_dcamera_source_service, sa_service_attr;
16type sa_dcamera_sink_service, sa_service_attr;
17
18
19#avc:  denied  { call } for  pid=2061 comm="ohos.dhardware." scontext=u:r:dcamera:s0 tcontext=u:r:camera_service:s0 tclass=binder permissive=1
20#avc:  denied  { transfer } for  pid=2061 comm="ohos.dhardware." scontext=u:r:dcamera:s0 tcontext=u:r:camera_service:s0 tclass=binder permissive=1
21allow dcamera camera_service:binder { call transfer };
22
23#avc:  denied  { search } for  pid=2040 comm="dcamera" name="/" dev="mmcblk0p11" ino=2 scontext=u:r:dcamera:s0 tcontext=u:object_r:data_file:s0 tclass=dir permissive=1
24allow dcamera data_file:dir { search };
25
26#avc:  denied  { bind } for  pid=3250 comm="Fillp_core_0" scontext=u:r:dcamera:s0 tcontext=u:r:dcamera:s0 tclass=udp_socket permissive=1
27#avc:  denied  { connect } for  pid=2344 comm="Fillp_core_0" scontext=u:r:dcamera:s0 tcontext=u:r:dcamera:s0 tclass=udp_socket permissive=1
28#avc:  denied  { create } for  pid=3250 comm="Fillp_core_0" scontext=u:r:dcamera:s0 tcontext=u:r:dcamera:s0 tclass=udp_socket permissive=1
29#avc:  denied  { getattr } for  pid=2344 comm="dcamera" scontext=u:r:dcamera:s0 tcontext=u:r:dcamera:s0 tclass=udp_socket permissive=1
30#avc:  denied  { read } for  pid=2040 comm="Fillp_core_94" scontext=u:r:dcamera:s0 tcontext=u:r:dcamera:s0 tclass=udp_socket permissive=1
31#avc:  denied  { setopt } for  pid=3250 comm="Fillp_core_0" scontext=u:r:dcamera:s0 tcontext=u:r:dcamera:s0 tclass=udp_socket permissive=1
32#avc:  denied  { write } for  pid=2040 comm="Fillp_core_94" scontext=u:r:dcamera:s0 tcontext=u:r:dcamera:s0 tclass=udp_socket permissive=1
33allow dcamera dcamera:udp_socket { bind connect create getattr read setopt write };
34
35#avc:  denied  { getopt } for  pid=2051 comm="DHEventbusHandl" scontext=u:r:dcamera:s0 tcontext=u:r:dcamera:s0 tclass=unix_dgram_socket permissive=1
36#avc:  denied  { setopt } for  pid=2051 comm="DHEventbusHandl" scontext=u:r:dcamera:s0 tcontext=u:r:dcamera:s0 tclass=unix_dgram_socket permissive=1
37allow dcamera dcamera:unix_dgram_socket { getopt setopt };
38
39#avc:  denied  { call } for  pid=2178 comm="DHEventbusHandl" scontext=u:r:dcamera:s0 tcontext=u:r:dcamera_host:s0 tclass=binder permissive=1
40#avc:  denied  { transfer } for  pid=2429 comm="DHEventbusHandl" scontext=u:r:dcamera:s0 tcontext=u:r:dcamera_host:s0 tclass=binder permissive=1
41allow dcamera dcamera_host:binder { call transfer };
42
43#avc:  denied  { create } for  pid=2166 comm="dcamera" scontext=u:r:dcamera:s0 tcontext=u:r:dcamera:s0 tclass=netlink_route_socket permissive=1
44#avc:  denied  { write } for  pid=2166 comm="dcamera" scontext=u:r:dcamera:s0 tcontext=u:r:dcamera:s0 tclass=netlink_route_socket permissive=1
45#avc:  denied  { nlmsg_read } for  pid=2166 comm="dcamera" scontext=u:r:dcamera:s0 tcontext=u:r:dcamera:s0 tclass=netlink_route_socket permissive=1
46#avc:  denied  { read } for  pid=2166 comm="dcamera" scontext=u:r:dcamera:s0 tcontext=u:r:dcamera:s0 tclass=netlink_route_socket permissive=1
47allow dcamera dcamera:netlink_route_socket { create nlmsg_read read write };
48
49#avc:  denied  { search } for  pid=2047 comm="dcamera" name="socket" dev="tmpfs" ino=38 scontext=u:r:dcamera:s0 tcontext=u:object_r:dev_unix_socket:s0 tclass=dir permissive=1
50allow dcamera dev_unix_socket:dir { search };
51
52#avc:  denied  { read write } for  pid=2520 comm="sa_main" path="/dev/console" dev="tmpfs" ino=19 scontext=u:r:dcamera:s0 tcontext=u:object_r:dev_console_file:s0 tclass=chr_file permissive=0
53allow dcamera dev_console_file:chr_file { read write };
54
55#avc:  denied  { getattr } for  pid=2396 comm="dcamera" path="/dev/dri/renderD128" dev="tmpfs" ino=94 scontext=u:r:dcamera:s0 tcontext=u:object_r:dev_dri_file:s0 tclass=chr_file permissive=1
56#avc:  denied  { read write } for  pid=2396 comm="dcamera" name="renderD128" dev="tmpfs" ino=94 scontext=u:r:dcamera:s0 tcontext=u:object_r:dev_dri_file:s0 tclass=chr_file permissive=1
57#avc:  denied  { open } for  pid=2396 comm="dcamera" path="/dev/dri/renderD128" dev="tmpfs" ino=94 scontext=u:r:dcamera:s0 tcontext=u:object_r:dev_dri_file:s0 tclass=chr_file permissive=1
58#avc:  denied  { ioctl } for  pid=2396 comm="dcamera" path="/dev/dri/renderD128" dev="tmpfs" ino=94 ioctlcmd=0x641f scontext=u:r:dcamera:s0 tcontext=u:object_r:dev_dri_file:s0 tclass=chr_file permissive=1
59allow dcamera dev_dri_file:chr_file { getattr ioctl open read write };
60
61#avc:  denied  { search } for  pid=2396 comm="dcamera" name="dri" dev="tmpfs" ino=93 scontext=u:r:dcamera:s0 tcontext=u:object_r:dev_dri_file:s0 tclass=dir permissive=1
62allow dcamera dev_dri_file:dir { search };
63
64#avc:  denied  { call } for  pid=2464 comm="dcamera" scontext=u:r:dcamera:s0 tcontext=u:r:dhardware:s0 tclass=binder permissive=1
65allow dcamera dhardware:binder { call };
66
67#avc:  denied  { call } for  pid=2061 comm="dcamera" scontext=u:r:dcamera:s0 tcontext=u:r:disp_gralloc_host:s0 tclass=binder permissive=1
68allow dcamera disp_gralloc_host:binder { call };
69
70#avc:  denied  { use } for  pid=2033 comm="dcamera" path="/dmabuf:" dev="dmabuf" ino=29931 ioctlcmd=0x6200 scontext=u:r:dcamera:s0 tcontext=u:r:disp_gralloc_host:s0 tclass=fd permissive=1
71allow dcamera disp_gralloc_host:fd { use };
72
73#avc:  denied  { call } for  pid=2483 comm="ohos.dhardware." scontext=u:r:dcamera:s0 tcontext=u:r:foundation:s0 tclass=binder permissive=1
74allow dcamera foundation:binder { call };
75
76#avc:  denied  { get } for service=hdf_device_manager pid=2053 scontext=u:r:dcamera:s0 tcontext=u:object_r:hdf_device_manager:s0 tclass=hdf_devmgr_class permissive=1
77allow dcamera hdf_device_manager:hdf_devmgr_class { get };
78
79#avc:  denied  { get } for service=distributed_camera_provider_service pid=2053 scontext=u:r:dcamera:s0 tcontext=u:object_r:hdf_distributed_camera_provider_service:s0 tclass=hdf_devmgr_class permissive=1
80allow dcamera hdf_distributed_camera_provider_service:hdf_devmgr_class { get };
81
82#avc:  denied  { get } for service=hdi_display_gralloc_service pid=2053 scontext=u:r:dcamera:s0 tcontext=u:object_r:hdf_hdi_display_gralloc_service:s0 tclass=hdf_devmgr_class permissive=1
83allow dcamera hdf_hdi_display_gralloc_service:hdf_devmgr_class { get };
84
85#avc:  denied  { call } for  pid=2040 comm="DHEventbusHandl" scontext=u:r:dcamera:s0 tcontext=u:r:hdf_devmgr:s0 tclass=binder permissive=1
86#avc:  denied  { transfer } for  pid=2464 comm="dcamera" scontext=u:r:dcamera:s0 tcontext=u:r:hdf_devmgr:s0 tclass=binder permissive=1
87allow dcamera hdf_devmgr:binder { call transfer };
88
89#avc:  denied  { call } for  pid=2061 comm="ohos.dhardware." scontext=u:r:dcamera:s0 tcontext=u:r:media_service:s0 tclass=binder permissive=1
90#avc:  denied  { transfer } for  pid=2061 comm="ohos.dhardware." scontext=u:r:dcamera:s0 tcontext=u:r:media_service:s0 tclass=binder permissive=1
91allow dcamera media_service:binder { call transfer };
92
93#avc:  denied  { read } for  pid=3521 comm="sa_main" name="u:object_r:accessibility_param:s0" dev="tmpfs" ino=53 scontext=u:r:dcamera:s0 tcontext=u:object_r:accessibility_param:s0 tclass=file permissive=0
94allow dcamera accessibility_param:file { read open map };
95
96#avc:  denied  { use } for  pid=514 comm="media_service" path="/dev/ashmem" dev="tmpfs" ino=181 scontext=u:r:dcamera:s0 tcontext=u:r:media_service:s0 tclass=fd permissive=1
97allow dcamera media_service:fd { use };
98
99#avc:  denied  { get } for service=3002 pid=2053 scontext=u:r:dcamera:s0 tcontext=u:object_r:sa_media_service:s0 tclass=samgr_class permissive=1
100allow dcamera sa_media_service:samgr_class { get };
101
102#avc:  denied  { get } for service=3901 pid=2042 scontext=u:r:dcamera:s0 tcontext=u:object_r:sa_param_watcher:s0 tclass=samgr_class permissive=1
103allow dcamera sa_param_watcher:samgr_class { get };
104
105#avc: denied  { get } for service=4700 pid=2053 scontext=u:r:dcamera:s0 tcontext=u:object_r:sa_softbus_service:s0 tclass=samgr_class permissive=1
106allow dcamera sa_softbus_service:samgr_class { get };
107
108#avc:  denied  { add } for service=4803 pid=2068 scontext=u:r:dcamera:s0 tcontext=u:object_r:sa_dcamera_source_service:s0 tclass=samgr_class permissive=1
109allow dcamera sa_dcamera_source_service:samgr_class { add get_remote };
110
111#avc:  denied  { get_remote } for service=4804 pid=2068 scontext=u:r:dcamera:s0 tcontext=u:object_r:sa_dcamera_sink_service:s0 tclass=samgr_class permissive=1
112#avc:  denied  { add } for service=4804 pid=2068 scontext=u:r:dcamera:s0 tcontext=u:object_r:sa_dcamera_sink_service:s0 tclass=samgr_class permissive=1
113allow dcamera sa_dcamera_sink_service:samgr_class { add get_remote };
114
115#avc:  denied  { get } for service=5100 pid=2068 scontext=u:r:dcamera:s0 tcontext=u:object_r:sa_device_service_manager:s0 tclass=samgr_class permissive=1
116allow dcamera sa_device_service_manager:samgr_class { get };
117
118#avc:  denied  { get } for service=3008 pid=2475 scontext=u:r:dcamera:s0 tcontext=u:object_r:sa_camera_service:s0 tclass=samgr_class permissive=1
119allow dcamera sa_camera_service:samgr_class { get };
120
121#avc:  denied  { get } for service=401 pid=2490 scontext=u:r:dcamera:s0 tcontext=u:object_r:sa_foundation_bms:s0 tclass=samgr_class permissive=1
122allow dcamera sa_foundation_bms:samgr_class { get };
123
124#avc:  denied  { read } for  pid=2433 comm="THREAD_POOL" scontext=u:r:dcamera:s0 tcontext=u:r:softbus_server:s0 tclass=tcp_socket permissive=1
125#avc:  denied  { setopt } for  pid=2047 comm="DHEventbusHandl" scontext=u:r:dcamera:s0 tcontext=u:r:softbus_server:s0 tclass=tcp_socket permissive=1
126#avc:  denied  { shutdown } for  pid=2061 comm="THREAD_POOL" scontext=u:r:dcamera:s0 tcontext=u:r:softbus_server:s0 tclass=tcp_socket permissive=1
127#avc:  denied  { write } for  pid=2047 comm="DHEventbusHandl" scontext=u:r:dcamera:s0 tcontext=u:r:softbus_server:s0 tclass=tcp_socket permissive=1
128allow dcamera softbus_server:tcp_socket { read setopt write shutdown };
129
130#avc:  denied  { call } for  pid=2047 comm="DHEventbusHandl" scontext=u:r:dcamera:s0 tcontext=u:r:softbus_server:s0 tclass=binder permissive=1
131#avc:  denied  { transfer } for  pid=2061 comm="dcamera" scontext=u:r:dcamera:s0 tcontext=u:r:softbus_server:s0 tclass=binder permissive=1
132allow dcamera softbus_server:binder { call transfer };
133
134#avc:  denied  { use } for  pid=586 comm="THREAD_POOL"  scontext=u:r:dcamera:s0 tcontext=u:r:softbus_server:s0 tclass=fd permissive=1
135allow dcamera softbus_server:fd { use };
136
137#avc:  denied  { read } for  pid=2020 comm="sa_main" name="u:object_r:ohos_dev_param:s0" dev="tmpfs" ino=30 scontext=u:r:dcamera:s0 tcontext=u:object_r:ohos_dev_param:s0 tclass=file permissive=0
138allow dcamera ohos_dev_param:file { read };
139
140#avc:  denied  { get } for service=3503 pid=2648 scontext=u:r:dcamera:s0 tcontext=u:object_r:sa_accesstoken_manager_service:s0 tclass=samgr_class permissive=1
141allow dcamera sa_accesstoken_manager_service:samgr_class { get };
142
143#avc:  denied  { node_bind } for  pid=2166 comm="Fillp_core_210" scontext=u:r:dcamera:s0 tcontext=u:object_r:node:s0 tclass=udp_socket permissive=1
144allow dcamera node:udp_socket { node_bind };
145allow dcamera init:binder { call transfer };
146allow dcamera sh:binder { call transfer };
147
148#avc:  denied  { get } for service=4803 pid=560 scontext=u:r:hidumper_service:s0 tcontext=u:object_r:sa_dcamera_source_service:s0 tclass=samgr_class permissive=0
149# avc:  denied  { get } for service=4804 pid=560 scontext=u:r:hidumper_service:s0 tcontext=u:object_r:sa_dcamera_sink_service:s0 tclass=samgr_class permissive=0
150allow hidumper_service sa_dcamera_source_service:samgr_class { get };
151allow hidumper_service sa_dcamera_sink_service:samgr_class { get };
152