• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# Copyright (c) 2022 Huawei Device Co., Ltd.
2# Licensed under the Apache License, Version 2.0 (the "License");
3# you may not use this file except in compliance with the License.
4# You may obtain a copy of the License at
5#
6#     http://www.apache.org/licenses/LICENSE-2.0
7#
8# Unless required by applicable law or agreed to in writing, software
9# distributed under the License is distributed on an "AS IS" BASIS,
10# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11# See the License for the specific language governing permissions and
12# limitations under the License.
13
14type dhardware, sadomain, domain;
15type sa_dhardware_service, sa_service_attr;
16
17#avc:  denied  { get_remote } for service=4801 pid=1966 scontext=u:r:dhardware:s0 tcontext=u:object_r:sa_dhardware_service:s0 tclass=samgr_class permissive=1
18allow dhardware sa_dhardware_service:samgr_class { get_remote };
19
20#avc:  denied  { get } for service=4607 pid=1966 scontext=u:r:dhardware:s0 tcontext=u:object_r:sa_foundation_dms:s0 tclass=samgr_class permissive=1
21allow dhardware sa_foundation_dms:samgr_class { get };
22
23#avc:  denied  { get } for service=4803 pid=1966 scontext=u:r:dhardware:s0 tcontext=u:object_r:sa_dcamera_source_service:s0 tclass=samgr_class permissive=1
24allow dhardware sa_dcamera_source_service:samgr_class { get };
25
26#avc:  denied  { get } for service=4804 pid=1966 scontext=u:r:dhardware:s0 tcontext=u:object_r:sa_dcamera_sink_service:s0 tclass=samgr_class permissive=1
27allow dhardware sa_dcamera_sink_service:samgr_class { get };
28
29#avc:  denied  { get } for service=3901 pid=1881 scontext=u:r:dhardware:s0 tcontext=u:object_r:sa_param_watcher:s0 tclass=samgr_class permissive=1
30allow dhardware sa_param_watcher:samgr_class { get };
31
32#avc:  denied  { get } for service=1301 pid=1881 scontext=u:r:dhardware:s0 tcontext=u:object_r:sa_distributeddata_service:s0 tclass=samgr_class permissive=1
33allow dhardware sa_distributeddata_service:samgr_class { get };
34
35#avc:  denied  { get } for service=4802 pid=1915 scontext=u:r:dhardware:s0 tcontext=u:object_r:sa_foundation_devicemanager_service:s0 tclass=samgr_class permissive=1
36allow dhardware sa_foundation_devicemanager_service:samgr_class { get };
37
38#avc:  denied  { get } for service=4700 pid=1915 scontext=u:r:dhardware:s0 tcontext=u:object_r:sa_softbus_service:s0 tclass=samgr_class permissive=1
39allow dhardware sa_softbus_service:samgr_class { get };
40
41#avc:  denied  { search } for  pid=1966 comm="dhardware" name="socket" dev="tmpfs" ino=40 scontext=u:r:dhardware:s0 tcontext=u:object_r:dev_unix_socket:s0 tclass=dir permissive=1
42allow dhardware dev_unix_socket:dir { search };
43
44#avc:  denied  { add } for service=4801 pid=2409 scontext=u:r:dhardware:s0 tcontext=u:object_r:sa_dhardware_service:s0 tclass=samgr_class permissive=1
45allow dhardware sa_dhardware_service:samgr_class { add };
46
47#avc:  denied  { get } for service=4808 pid=2498 scontext=u:r:dhardware:s0 tcontext=u:object_r:sa_dscreen_sink_service:s0 tclass=samgr_class permissive=1
48allow dhardware sa_dscreen_sink_service:samgr_class { get };
49
50#avc:  denied  { get } for service=4807 pid=2498 scontext=u:r:dhardware:s0 tcontext=u:object_r:sa_dscreen_source_service:s0 tclass=samgr_class permissive=1
51allow dhardware sa_dscreen_source_service:samgr_class { get };
52
53#avc:  denied  { call } for  pid=2315 comm="dhardware" scontext=u:r:dhardware:s0 tcontext=u:r:dcamera:s0 tclass=binder permissive=1
54allow dhardware dcamera:binder { call };
55
56#avc:  denied  { transfer } for  pid=2315 comm="dhardware" scontext=u:r:dhardware:s0 tcontext=u:r:dcamera:s0 tclass=binder permissive=1
57allow dhardware dcamera:binder { transfer };
58
59#avc:  denied  { get } for service=3002 pid=2447 scontext=u:r:dhardware:s0 tcontext=u:object_r:sa_media_service:s0 tclass=samgr_class permissive=1
60allow dhardware sa_media_service:samgr_class { get };
61
62#avc:  denied  { use } for  pid=535 comm="THREAD_POOL" scontext=u:r:dhardware:s0 tcontext=u:r:softbus_server:s0 tclass=fd permissive=1
63allow dhardware softbus_server:fd { use };
64
65#avc:  denied  { read write } for  pid=535 comm="THREAD_POOL" scontext=u:r:dhardware:s0 tcontext=u:r:softbus_server:s0 tclass=tcp_socket permissive=1
66#avc:  denied  { setopt } for  pid=2338 comm="dhardware"  scontext=u:r:dhardware:s0 tcontext=u:r:softbus_server:s0 tclass=tcp_socket permissive=1
67#avc:  denied  { shutdown } for  pid=2343 comm="THREAD_POOL" scontext=u:r:dhardware:s0 tcontext=u:r:softbus_server:s0 tclass=tcp_socket permissive=1
68allow dhardware softbus_server:tcp_socket { setopt read write shutdown };
69
70#avc:  denied  { get } for service=3008 pid=2324 scontext=u:r:dhardware:s0 tcontext=u:object_r:sa_camera_service:s0 tclass=samgr_class permissive=1
71allow dhardware sa_camera_service:samgr_class { get };
72
73#avc:  denied  { call } for  pid=2329 comm="dhardware" scontext=u:r:dhardware:s0 tcontext=u:r:camera_service:s0 tclass=binder permissive=1
74#avc:  denied  { transfer } for  pid=2329 comm="dhardware" scontext=u:r:dhardware:s0 tcontext=u:r:camera_service:s0 tclass=binder permissive=1
75allow dhardware camera_service:binder { transfer call };
76
77#avc:  denied  { getopt } for  pid=2302 comm="dhardware" scontext=u:r:dhardware:s0 tcontext=u:r:dhardware:s0 tclass=unix_dgram_socket permissive=1
78#avc:  denied  { setopt } for  pid=2302 comm="dhardware" scontext=u:r:dhardware:s0 tcontext=u:r:dhardware:s0 tclass=unix_dgram_socket permissive=1
79allow dhardware dhardware:unix_dgram_socket { setopt getopt };
80
81#avc:  denied  { call } for  pid=2343 comm="DHEventbusHandl" scontext=u:r:dhardware:s0 tcontext=u:r:distributeddata:s0 tclass=binder permissive=1
82#avc:  denied  { transfer } for  pid=2225 comm="dhardware" scontext=u:r:dhardware:s0 tcontext=u:r:distributeddata:s0 tclass=binder permissive=1
83allow dhardware distributeddata:binder { call transfer };
84
85#avc:  denied  { call } for  pid=2225 comm="dhardware" scontext=u:r:dhardware:s0 tcontext=u:r:foundation:s0 tclass=binder permissive=1
86#avc:  denied  { transfer } for  pid=2225 comm="dhardware" scontext=u:r:dhardware:s0 tcontext=u:r:foundation:s0 tclass=binder permissive=1
87allow dhardware foundation:binder { call transfer };
88
89#avc:  denied  { call } for  pid=2154 comm="dhardware" scontext=u:r:dhardware:s0 tcontext=u:r:media_service:s0 tclass=binder permissive=1
90#avc:  denied  { transfer } for  pid=2154 comm="dhardware" scontext=u:r:dhardware:s0 tcontext=u:r:media_service:s0 tclass=binder permissive=1
91allow dhardware media_service:binder { call transfer };
92
93#avc:  denied  { read } for  pid=2507 comm="sa_main" name="u:object_r:distributedsche_param:s0" dev="tmpfs" ino=57 scontext=u:r:dhardware:s0 tcontext=u:object_r:distributedsche_param:s0 tclass=file permissive=1
94#avc:  denied  { open } for  pid=2507 comm="sa_main" path="/dev/__parameters__/u:object_r:distributedsche_param:s0" dev="tmpfs" ino=57 scontext=u:r:dhardware:s0 tcontext=u:object_r:distributedsche_param:s0 tclass=file permissive=
95#avc:  denied  { map } for  pid=2507 comm="sa_main" path="/dev/__parameters__/u:object_r:distributedsche_param:s0" dev="tmpfs" ino=57 scontext=u:r:dhardware:s0 tcontext=u:object_r:distributedsche_param:s0 tclass=file permissive=1
96allow dhardware distributedsche_param:file { read open map };
97
98#avc:  denied  { get } for service=3503 pid=2451 scontext=u:r:dhardware:s0 tcontext=u:object_r:sa_accesstoken_manager_service:s0 tclass=samgr_class permissive=1
99allow dhardware sa_accesstoken_manager_service:samgr_class { get };
100
101#avc:  denied  { search } for  pid=2451 comm="dhardware" name="/" dev="mmcblk0p11" ino=2 scontext=u:r:dhardware:s0 tcontext=u:object_r:data_file:s0 tclass=dir permissive=1
102allow dhardware data_file:dir { search };
103
104#avc:  denied  { search } for  pid=2451 comm="dhardware" name="service" dev="mmcblk0p11" ino=1436161 scontext=u:r:dhardware:s0 tcontext=u:object_r:data_service_file:s0 tclass=dir permissive=1
105allow dhardware data_service_file:dir { search };
106
107#avc:  denied  { search } for  pid=2451 comm="dhardware" name="el1" dev="mmcblk0p11" ino=1436165 scontext=u:r:dhardware:s0 tcontext=u:object_r:data_service_el1_file:s0 tclass=dir permissive=1
108#avc:  denied  { write } for  pid=2451 comm="dhardware" name="dtbhardware_manager_service" dev="mmcblk0p11" ino=1436923 scontext=u:r:dhardware:s0 tcontext=u:object_r:data_service_el1_file:s0 tclass=dir permissive=1
109#avc:  denied  { add_name } for  pid=2451 comm="dhardware" name="kvdb" scontext=u:r:dhardware:s0 tcontext=u:object_r:data_service_el1_file:s0 tclass=dir permissive=1
110#avc:  denied  { create } for  pid=2451 comm="dhardware" name="kvdb" scontext=u:r:dhardware:s0 tcontext=u:object_r:data_service_el1_file:s0 tclass=dir permissive=1
111#avc:  denied  { getattr } for  pid=2451 comm="dhardware" path="/data/xxx/kvdb" dev="mmcblk0p11" ino=1436925 scontext=u:r:dhardware:s0 tcontext=u:object_r:data_service_el1_file:s0 tclass=dir permissive=1
112#avc:  denied  { read } for  pid=2812 comm="dhardware" name="single_ver" dev="mmcblk0p11" ino=131322 scontext=u:r:dhardware:s0 tcontext=u:object_r:data_service_el1_file:s0 tclass=dir permissive=0
113#avc:  denied  { open } for  pid=2593 comm="dhardware" path="/data/xxx/single_ver" dev="mmcblk0p11" ino=784131 scontext=u:r:dhardware:s0 tcontext=u:object_r:data_service_el1_file:s0 tclass=dir permissive=0
114#avc:  denied  { remove_name } for  pid=2403 comm="dhardware" name="gen_natural_store.db-journal" dev="mmcblk0p11" ino=784138 scontext=u:r:dhardware:s0 tcontext=u:object_r:data_service_el1_file:s0 tclass=dir permissive=1
115allow dhardware data_service_el1_file:dir { search write add_name create getattr read open remove_name };
116
117#avc:  denied  { create } for  pid=2451 comm="dhardware" name="single_ver_db_incomplete.lock" scontext=u:r:dhardware:s0 tcontext=u:object_r:data_service_el1_file:s0 tclass=file permissive=1
118#avc:  denied  { write open } for  pid=2451 comm="dhardware" path="/data/xxx/single_ver_db_incomplete.lock" dev="mmcblk0p11" ino=1436928 scontext=u:r:dhardware:s0 tcontext=u:object_r:data_service_el1_file:s0 tclass=file permissive=1
119#avc:  denied  { read } for  pid=2451 comm="dhardware" path="/data/xxx/gen_natural_store.db" dev="mmcblk0p11" ino=1436932 scontext=u:r:dhardware:s0 tcontext=u:object_r:data_service_el1_file:s0 tclass=file permissive=1
120#avc:  denied  { getattr } for  pid=2812 comm="dhardware" path="/data/xxx/gen_natural_store.db" dev="mmcblk0p11" ino=131327 scontext=u:r:dhardware:s0 tcontext=u:object_r:data_service_el1_file:s0 tclass=file permissive=0
121#avc:  denied  { ioctl } for  pid=2593 comm="dhardware" path="/data/xxx/gen_natural_store.db" dev="mmcblk0p11" ino=784137 ioctlcmd=0xf50c scontext=u:r:dhardware:s0 tcontext=u:object_r:data_service_el1_file:s0 tclass=file permissive=0
122#avc:  denied  { lock } for  pid=2593 comm="dhardware" path="/data/xxx/gen_natural_store.db" dev="mmcblk0p11" ino=784137 scontext=u:r:dhardware:s0 tcontext=u:object_r:data_service_el1_file:s0 tclass=file permissive=0
123#avc:  denied  { unlink } for  pid=2403 comm="dhardware" name="gen_natural_store.db-journal" dev="mmcblk0p11" ino=784138 scontext=u:r:dhardware:s0 tcontext=u:object_r:data_service_el1_file:s0 tclass=file permissive=1
124#avc:  denied  { map } for  pid=2403 comm="dhardware" path="/data/xxx//main/gen_natural_store.db-shm" dev="mmcblk0p11" ino=784139 scontext=u:r:dhardware:s0 tcontext=u:object_r:data_service_el1_file:s0 tclass=file permissive=1
125#avc:  denied  { setattr } for  pid=2455 comm="dhardware" name="gen_natural_store.db" dev="mmcblk0p11" ino=1175817 scontext=u:r:dhardware:s0 tcontext=u:object_r:data_service_el1_file:s0 tclass=file permissive=1
126allow dhardware data_service_el1_file:file { create write open read getattr ioctl lock unlink map setattr };
127
128#avc:  denied  { call } for  pid=2451 comm="dhardware" scontext=u:r:dhardware:s0 tcontext=u:r:accesstoken_service:s0 tclass=binder permissive=1
129allow dhardware accesstoken_service:binder { call };
130
131#avc:  denied  { call } for  pid=2000 comm="DistributedHard" scontext=u:r:sh:s0 tcontext=u:r:dhardware:s0 tclass=binder permissive=1
132#avc:  denied  { transfer } for  pid=2000 comm="DistributedHard" scontext=u:r:sh:s0 tcontext=u:r:dhardware:s0 tclass=binder permissive=1
133allow sh dhardware:binder { call transfer };
134
135#avc:  denied  { call } for  pid=2003 comm="dhardware" scontext=u:r:dhardware:s0 tcontext=u:r:sh:s0 tclass=binder permissive=0
136allow dhardware sh:binder { call };
137
138#avc:  denied  { sigkill } for  pid=2114 comm="sh" scontext=u:r:sh:s0 tcontext=u:r:dhardware:s0 tclass=process permissive=1
139allow sh dhardware:process { sigkill };
140
141#avc:  denied  { search } for  pid=2694 comm="dhardware" name="etc" dev="mmcblk0p7" ino=19 scontext=u:r:dhardware:s0 tcontext=u:object_r:vendor_etc_file:s0 tclass=dir permissive=1
142allow dhardware vendor_etc_file:dir { search };
143
144#avc:  denied  { read } for  pid=2490 comm="dhardware" name="distributed_hardware_components_cfg.json" dev="mmcblk0p7" ino=96 scontext=u:r:dhardware:s0 tcontext=u:object_r:vendor_etc_file:s0 tclass=file permissive=1
145#avc:  denied  { open } for  pid=2490 comm="dhardware" path="/vendor/etc/distributedhardware/distributed_hardware_components_cfg.json" dev="mmcblk0p7" ino=96 scontext=u:r:dhardware:s0 tcontext=u:object_r:vendor_etc_file:s0 tclass=file permissive=1
146allow dhardware vendor_etc_file:file { read open };
147
148#avc:  denied  { read } for  pid=2128 comm="sa_main" name="u:object_r:accessibility_param:s0" dev="tmpfs" ino=52 scontext=u:r:dhardware:s0 tcontext=u:object_r:accessibility_param:s0 tclass=file permissive=1
149#avc:  denied  { open } for  pid=2128 comm="sa_main" path="/dev/__parameters__/u:object_r:accessibility_param:s0" dev="tmpfs" ino=52 scontext=u:r:dhardware:s0 tcontext=u:object_r:accessibility_param:s0 tclass=file permissive=1
150#avc:  denied  { map } for  pid=2128 comm="sa_main" path="/dev/__parameters__/u:object_r:accessibility_param:s0" dev="tmpfs" ino=52 scontext=u:r:dhardware:s0 tcontext=u:object_r:accessibility_param:s0 tclass=file permissive=1
151allow dhardware accessibility_param:file { read open map };
152
153#avc:  denied  { get } for service=4801 pid=551 scontext=u:r:hidumper_service:s0 tcontext=u:object_r:sa_dhardware_service:s0 tclass=samgr_class permissive=1
154allow hidumper_service sa_dhardware_service:samgr_class { get };
155
156