• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# Copyright (c) 2022 Huawei Device Co., Ltd.
2# Licensed under the Apache License, Version 2.0 (the "License");
3# you may not use this file except in compliance with the License.
4# You may obtain a copy of the License at
5#
6#     http://www.apache.org/licenses/LICENSE-2.0
7#
8# Unless required by applicable law or agreed to in writing, software
9# distributed under the License is distributed on an "AS IS" BASIS,
10# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11# See the License for the specific language governing permissions and
12# limitations under the License.
13
14type debugfs_usb, fs_attr, debugfs_attr;
15
16#avc:  denied  { get } for service=hdf_device_manager pid=343 scontext=u:r:codec_host:s0 tcontext=u:object_r:hdf_device_manager:s0 tclass=hdf_devmgr_class
17#avc:  denied  { add } for service=codec_hdi_omx_service pid=343 scontext=u:r:codec_host:s0 tcontext=u:object_r:hdf_codec_hdi_omx_service:s0 tclass=hdf_devmgr_class
18#avc:  denied  { add } for service=codec_hdi_service pid=354 scontext=u:r:codec_host:s0 tcontext=u:object_r:hdf_codec_hdi_service:s0 tclass=hdf_devmgr_class
19allow codec_host hdf_device_manager:hdf_devmgr_class { get };
20allow codec_host hdf_codec_hdi_omx_service:hdf_devmgr_class { add get };
21allow codec_host hdf_codec_component_manager_service:hdf_devmgr_class { add get };
22allow codec_host hdf_codec_hdi_service:hdf_devmgr_class { add get };
23allow codec_host sa_device_service_manager:samgr_class { get };
24allow codec_host dev_dri_file:dir { search read write };
25allow codec_host sh:binder { transfer call };
26allow codec_host sh:fd { use };
27allow codec_host disp_gralloc_host:fd { use };
28allow codec_host dev_dri_file:chr_file { read write open ioctl };
29allow codec_host dev_mpp:chr_file { read write open ioctl };
30allow codec_host proc_version_file:file { read open };
31allow codec_host sys_file:file { read open };
32allow codec_host dev_rga:chr_file { read write open ioctl };
33allowxperm codec_host dev_mpp:chr_file ioctl 0x7601;
34allowxperm codec_host dev_rga:chr_file ioctl { 0x64b2 0x642d 0x641f 0x642e 0x64b4 0x601b 0x5017 };
35allowxperm codec_host dev_dri_file:chr_file ioctl { 0x64b2 0x642d 0x641f 0x642e 0x64b4 };
36allow codec_host hdcd:fd { use };
37allow codec_host devpts:chr_file { read write };
38
39#avc:  denied  { get } for service=hdf_device_manager pid=344 scontext=u:r:light_host:s0 tcontext=u:object_r:hdf_device_manager:s0 tclass=hdf_devmgr_class
40#avc:  denied  { add } for service=light_interface_service pid=344 scontext=u:r:light_host:s0 tcontext=u:object_r:hdf_light_interface_service:s0 tclass=hdf_devmgr_class
41allow light_host hdf_device_manager:hdf_devmgr_class { get };
42allow light_host hdf_light_interface_service:hdf_devmgr_class { add };
43
44#avc:  denied  { get } for service=hdf_device_manager pid=346 scontext=u:r:sensor_host:s0 tcontext=u:object_r:hdf_device_manager:s0 tclass=hdf_devmgr_class
45#avc:  denied  { add } for service=sensor_interface_service pid=346 scontext=u:r:sensor_host:s0 tcontext=u:object_r:hdf_sensor_interface_service:s0 tclass=hdf_devmgr_class
46allow sensor_host hdf_device_manager:hdf_devmgr_class { get };
47allow sensor_host hdf_sensor_interface_service:hdf_devmgr_class { add };
48
49#avc:  denied  { get } for service=hdf_device_manager pid=359 scontext=u:r:power_host:s0 tcontext=u:object_r:hdf_device_manager:s0 tclass=hdf_devmgr_class
50#avc:  denied  { add } for service=thermal_interface_service pid=359 scontext=u:r:power_host:s0 tcontext=u:object_r:hdf_thermal_interface_service:s0 tclass=hdf_devmgr_class
51#avc:  denied  { add } for service=battery_interface_service pid=359 scontext=u:r:power_host:s0 tcontext=u:object_r:hdf_battery_interface_service:s0 tclass=hdf_devmgr_class
52#avc:  denied  { add } for service=power_interface_service pid=359 scontext=u:r:power_host:s0 tcontext=u:object_r:hdf_power_interface_service:s0 tclass=hdf_devmgr_class
53#avc:  denied  { get } for service=5100 pid=555 scontext=u:r:power_host:s0 tcontext=u:object_r:sa_device_service_manager:s0 tclass=samgr_class permissive=1
54allow power_host hdf_device_manager:hdf_devmgr_class { get };
55allow power_host hdf_thermal_interface_service:hdf_devmgr_class { add };
56allow power_host hdf_battery_interface_service:hdf_devmgr_class { add };
57allow power_host hdf_power_interface_service:hdf_devmgr_class { add };
58allow power_host sa_device_service_manager:samgr_class { get };
59
60#avc:  denied  { call } for  pid=3275 comm="dcamera_host" scontext=u:r:dcamera_host:s0 tcontext=u:r:camera_service:s0 tclass=binder permissive=1
61#avc:  denied  { transfer } for  pid=2073 comm="dcamera_host" scontext=u:r:dcamera_host:s0 tcontext=u:r:camera_service:s0 tclass=binder permissive=1
62#avc:  denied  { call } for  pid=2057 comm="dcamera_host" scontext=u:r:dcamera_host:s0 tcontext=u:r:dcamera:s0 tclass=binder permissive=1
63#avc:  denied  { getattr } for  pid=2059 comm="dcamera_host" path="/dev/dri/renderD128" dev="tmpfs" ino=92 scontext=u:r:dcamera_host:s0 tcontext=u:object_r:dev_dri_file:s0 tclass=chr_file permissive=1
64#avc:  denied  { read write } for  pid=2059 comm="dcamera_host" name="renderD128" dev="tmpfs" ino=92 scontext=u:r:dcamera_host:s0 tcontext=u:object_r:dev_dri_file:s0 tclass=chr_file permissive=1
65#avc:  denied  { open } for  pid=2059 comm="dcamera_host" path="/dev/dri/renderD128" dev="tmpfs" ino=92 scontext=u:r:dcamera_host:s0 tcontext=u:object_r:dev_dri_file:s0 tclass=chr_file permissive=1
66#avc:  denied  { ioctl } for  pid=2059 comm="dcamera_host" path="/dev/dri/renderD128" dev="tmpfs" ino=92 ioctlcmd=0x641f scontext=u:r:dcamera_host:s0 tcontext=u:object_r:dev_dri_file:s0 tclass=chr_file permissive=1
67#avc:  denied  { read write } for  pid=2541 comm="hdf_devhost" path="/dev/console" dev="tmpfs" ino=19 scontext=u:r:dcamera_host:s0 tcontext=u:object_r:dev_console_file:s0 tclass=chr_file permissive=0
68#avc:  denied  { search } for  pid=2059 comm="dcamera_host" name="dri" dev="tmpfs" ino=91 scontext=u:r:dcamera_host:s0 tcontext=u:object_r:dev_dri_file:s0 tclass=dir permissive=1
69#avc:  denied  { search } for  pid=2057 comm="dcamera_host" name="socket" dev="tmpfs" ino=40 scontext=u:r:dcamera_host:s0 tcontext=u:object_r:dev_unix_socket:s0 tclass=dir permissive=1
70#avc:  denied  { get } for service=hdf_device_manager pid=342 scontext=u:r:dcamera_host:s0 tcontext=u:object_r:hdf_device_manager:s0 tclass=hdf_devmgr_class permissive=1
71#avc:  denied  { add } for service=distributed_camera_provider_service pid=342 scontext=u:r:dcamera_host:s0 tcontext=u:object_r:hdf_distributed_camera_provider_service:s0 tclass=hdf_devmgr_class permissive=1
72#avc:  denied  { add } for service=distributed_camera_service pid=351 scontext=u:r:dcamera_host:s0 tcontext=u:object_r:hdf_distributed_camera_service:s0 tclass=hdf_devmgr_class permissive=1
73#avc:  denied  { get } for service=hdi_display_gralloc_service pid=2038 scontext=u:r:dcamera_host:s0 tcontext=u:object_r:hdf_hdi_display_gralloc_service:s0 tclass=hdf_devmgr_class permissive=1
74#avc:  denied  { call } for  pid=1991 comm="dcamera_host" scontext=u:r:dcamera_host:s0 tcontext=u:r:hdf_devmgr:s0 tclass=binder permissive=1
75#avc:  denied  { get } for service=5100 pid=2074 scontext=u:r:dcamera_host:s0 tcontext=u:object_r:sa_device_service_manager:s0 tclass=samgr_class permissive=1
76#avc:  denied  { use } for  pid=2059 comm="dcamera_host" path="/dmabuf:" dev="dmabuf" ino=30969 ioctlcmd=0x6200 scontext=u:r:dcamera_host:s0 tcontext=u:r:disp_gralloc_host:s0 tclass=fd permissive=1
77#avc:  denied  { call } for  pid=2059 comm="dcamera_host" scontext=u:r:dcamera_host:s0 tcontext=u:r:samgr:s0 tclass=binder permissive=1
78#avc:  denied  { call } for  pid=2059 comm="dcamera_host" scontext=u:r:dcamera_host:s0 tcontext=u:r:sh:s0 tclass=binder permissive=1
79#avc:  denied  { open } for  pid=2666 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:const_param:s0" dev="tmpfs" ino=57 scontext=u:r:dcamera_host:s0 tcontext=u:object_r:const_param:s0 tclass=file permissive=1
80#avc:  denied  { map } for  pid=2666 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:const_param:s0" dev="tmpfs" ino=57 scontext=u:r:dcamera_host:s0 tcontext=u:object_r:const_param:s0 tclass=file permissive=1
81#avc:  denied  { read } for  pid=2666 comm="hdf_devhost" name="u:object_r:const_postinstall_param:s0" dev="tmpfs" ino=58 scontext=u:r:dcamera_host:s0 tcontext=u:object_r:const_postinstall_param:s0 tclass=file permissive=1
82#avc:  denied  { open } for  pid=2666 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:const_postinstall_param:s0" dev="tmpfs" ino=58 scontext=u:r:dcamera_host:s0 tcontext=u:object_r:const_postinstall_param:s0 tclass=file permissive=1
83#avc:  denied  { call } for  pid=2582 comm="dcamera_host" scontext=u:r:dcamera_host:s0 tcontext=u:r:disp_gralloc_host:s0 tclass=binder permissive=0
84#avc:  denied  { read } for  pid=3798 comm="hdf_devhost" name="u:object_r:accessibility_param:s0" dev="tmpfs" ino=53 scontext=u:r:dcamera_host:s0 tcontext=u:object_r:accessibility_param:s0 tclass=file permissive=0
85#avc:  denied  { call } for  pid=2850 comm="dcamera_host" scontext=u:r:dcamera_host:s0 tcontext=u:r:system_core_hap:s0 tclass=binder permissive=1
86#avc:  denied  { call } for  pid=2850 comm="dcamera_host" scontext=u:r:dcamera_host:s0 tcontext=u:r:render_service:s0 tclass=binder permissive=1
87#avc:  denied  { read } for  pid=2047 comm="hdf_devhost" name="u:object_r:ohos_dev_param:s0" dev="tmpfs" ino=30 scontext=u:r:dcamera_host:s0 tcontext=u:object_r:ohos_dev_param:s0 tclass=file permissive=0
88allow dcamera_host camera_service:binder { call transfer };
89allow dcamera_host dcamera:binder { call };
90allow dcamera_host dev_console_file:chr_file { read write };
91allow dcamera_host dev_dri_file:chr_file { getattr read write open ioctl };
92allow dcamera_host dev_dri_file:dir { search };
93allow dcamera_host dev_unix_socket:dir { search };
94allow dcamera_host hdf_device_manager:hdf_devmgr_class { get };
95allow dcamera_host hdf_distributed_camera_provider_service:hdf_devmgr_class { add };
96allow dcamera_host hdf_distributed_camera_service:hdf_devmgr_class { add };
97allow dcamera_host hdf_hdi_display_gralloc_service:hdf_devmgr_class { get };
98allow dcamera_host hdf_devmgr:binder { call };
99allow dcamera_host sa_device_service_manager:samgr_class { get };
100allow dcamera_host disp_gralloc_host:fd { use };
101allow dcamera_host samgr:binder { call };
102allow dcamera_host sh:binder { call transfer };
103allow dcamera_host const_param:file { open read };
104allow dcamera_host const_postinstall_param:file { open map };
105allow dcamera_host disp_gralloc_host:binder { call };
106allow dcamera_host accessibility_param:file { read open map };
107allow dcamera_host system_core_hap:binder { call };
108allow dcamera_host render_service:binder { call };
109allow dcamera_host ohos_dev_param:file { read };
110
111#avc:  denied  { get } for service=hdf_device_manager pid=345 scontext=u:r:vibrator_host:s0 tcontext=u:object_r:hdf_device_manager:s0 tclass=hdf_devmgr_class permissive=1
112#avc:  denied  { add } for service=vibrator_interface_service pid=345 scontext=u:r:vibrator_host:s0 tcontext=u:object_r:hdf_vibrator_interface_service:s0 tclass=hdf_devmgr_class permissive=1
113allow vibrator_host hdf_device_manager:hdf_devmgr_class { get };
114allow vibrator_host hdf_vibrator_interface_service:hdf_devmgr_class { add };
115
116#avc:  denied  { get } for service=hdf_device_manager pid=348 scontext=u:r:camera_host:s0 tcontext=u:object_r:hdf_device_manager:s0 tclass=hdf_devmgr_class permissive=1
117#avc:  denied  { add } for service=camera_service pid=348 scontext=u:r:camera_host:s0 tcontext=u:object_r:hdf_camera_service:s0 tclass=hdf_devmgr_class permissive=1
118#avc:  denied  { call } for  pid=439 comm="PREVIEW#2" scontext=u:r:camera_host:s0 tcontext=u:r:dcamera:s0 tclass=binder permissive=0
119allow camera_host camera_host:netlink_kobject_uevent_socket { bind bind create read create };
120allow camera_host camera_service:binder { call transfer };
121allow camera_host data_log:file { read write };
122allow camera_host dev_dri_file:chr_file { getattr ioctl open read write };
123allow camera_host dev_dri_file:dir { search };
124allow camera_host dev_hdf_kevent:chr_file { getattr getattr ioctl };
125allow camera_host dev_mpp:chr_file { ioctl open read write };
126allow camera_host dev_rga:chr_file { ioctl open read write };
127allow camera_host dev_unix_socket:dir { search };
128allow camera_host dev_unix_socket:sock_file { write };
129allow camera_host dev_video_file:chr_file { getattr ioctl open read write };
130allow camera_host disp_gralloc_host:fd { use };
131allow camera_host faultloggerd:fd { use };
132allow camera_host faultloggerd:unix_stream_socket { connectto };
133allow camera_host hdf_device_manager:hdf_devmgr_class { get };
134allow camera_host hdf_camera_service:hdf_devmgr_class { add };
135allow camera_host hdf_devmgr:binder { call transfer transfer };
136allow camera_host hdf_hdi_display_gralloc_service:hdf_devmgr_class { get };
137allow camera_host hiview:binder { call };
138allow camera_host media_service:binder { call };
139allow camera_host proc_version_file:file { open read };
140allow camera_host render_service:binder { call };
141allow camera_host samgr:binder { call };
142allow camera_host sys_file:file { open read };
143allow camera_host system_basic_hap:fd { use };
144allow camera_host system_bin_file:dir { search };
145allow camera_host system_bin_file:file { execute execute execute_no_trans map read open execute_no_trans map read open };
146allow camera_host system_core_hap:binder { call };
147allow camera_host system_core_hap:fd { use };
148allow camera_host vendor_bin_file:file { entrypoint entrypoint execute map read execute map read };
149allow camera_host vendor_etc_file:dir { search };
150allow camera_host vendor_etc_file:file { getattr open read };
151allow camera_host vendor_file:file { execute execute getattr map open read getattr map open read };
152allow camera_host disp_gralloc_host:binder { call };
153allow camera_host dcamera:binder { call transfer };
154allowxperm camera_host dev_dri_file:chr_file ioctl {  0x641f 0x642d 0x642e 0x64b2 0x64b4  };
155allowxperm camera_host dev_hdf_kevent:chr_file ioctl {  0x6201 0x6202  };
156allowxperm camera_host dev_mpp:chr_file ioctl {  0x7601  };
157allowxperm camera_host dev_rga:chr_file ioctl {  0x5017 0x5019 0x601b  };
158allowxperm camera_host dev_video_file:chr_file ioctl {  0x5600 0x5605 0x5608 0x5609 0x560f 0x5611 0x5612 0x5613  };
159
160#avc:  denied  { get } for service=hdf_device_manager pid=361 scontext=u:r:usb_host:s0 tcontext=u:object_r:hdf_device_manager:s0 tclass=hdf_devmgr_class permissive=1
161#avc:  denied  { add } for service=usbd pid=361 scontext=u:r:usb_host:s0 tcontext=u:object_r:hdf_usbd:s0 tclass=hdf_devmgr_class permissive=1
162allow usb_host accessibility_param:file { map open read open read };
163allow usb_host configfs:dir { add_name create open read search write remove_name rmdir };
164allow usb_host configfs:file { create ioctl open read write getattr };
165allow usb_host configfs:lnk_file { create unlink };
166allow usb_host console:binder { call };
167allow usb_host console:fd { use };
168allow usb_host data_file:dir { search };
169allow usb_host data_init_agent:dir { search };
170allow usb_host data_init_agent:file { ioctl open read append };
171allow usb_host data_log:file { read write };
172allow usb_host debugfs_usb:dir { search };
173allow usb_host debugfs_usb:file { open write };
174allow usb_host dev_bus:dir { search };
175allow usb_host dev_bus_usb_file:chr_file { ioctl map open read write getattr};
176allow usb_host dev_bus_usb_file:dir { search };
177allow usb_host dev_functionfs_file:chr_file { ioctl map open read write getattr };
178allow usb_host dev_functionfs_file:dir { search };
179allow usb_host dev_hdf_kevent:chr_file { getattr ioctl open read write };
180allow usb_host dev_hdf_usb_pnp:chr_file { getattr ioctl open read write };
181allow usb_host dev_usbfn_file:chr_file { getattr ioctl read write open map };
182allow usb_host dev_usbfn_file:dir { search };
183allow usb_host dev_unix_socket:dir { search };
184allow usb_host dev_unix_socket:sock_file { write };
185allow usb_host faultloggerd:fd { use };
186allow usb_host faultloggerd:unix_stream_socket { connectto };
187allow usb_host faultloggerd_socket:sock_file { write };
188allow usb_host hdf_device_manager:hdf_devmgr_class { get };
189allow usb_host hdf_devmgr:binder { call transfer };
190allow usb_host hdf_usb_interface_service:hdf_devmgr_class { add };
191allow usb_host hdf_usb_pnp_manager:hdf_devmgr_class { add };
192allow usb_host hdf_usbd:hdf_devmgr_class { add };
193allow usb_host hdf_usbfn_cdcacm:hdf_devmgr_class { add get };
194allow usb_host hdf_usbfn_cdcecm:hdf_devmgr_class { add get };
195allow usb_host hdf_usbfn_master:hdf_devmgr_class { add get };
196allow usb_host hiview:binder { call };
197allow usb_host kernel:unix_stream_socket { connectto };
198allow usb_host paramservice_socket:sock_file { write };
199allow usb_host rootfs:chr_file { read write };
200allow usb_host sa_device_service_manager:samgr_class { get };
201allow usb_host samgr:binder { call };
202allow usb_host sys_param:parameter_service { set };
203allow usb_host system_bin_file:dir { search };
204allow usb_host system_bin_file:file { execute execute_no_trans map read open };
205allow usb_host tty_device:chr_file { open read write };
206allow usb_host usb_service:binder { call };
207allow usb_host vendor_bin_file:file { entrypoint execute map read };
208allow usb_host vendor_etc_file:dir { search };
209allow usb_host vendor_etc_file:file { getattr open read };
210allow usb_host vendor_lib_file:dir { search };
211allow usb_host vendor_lib_file:file { execute getattr map open read };
212allow usb_host samgr:binder { transfer };
213allow usb_host sa_usb_service:samgr_class { get };
214allowxperm usb_host configfs:file ioctl { 0x5413 };
215allowxperm usb_host data_init_agent:file ioctl { 0x5413 };
216allowxperm usb_host dev_bus_usb_file:chr_file ioctl { 0x5500 0x5504 0x5508 0x550b 0x550c 0x550f 0x5510 0x550a 0x5512 0x5516 0x551a 0x551b };
217allowxperm usb_host dev_file:chr_file ioctl { 0x6201 0x6202 0x6203 0x6731 0x6732 0x6734 0x673c 0x6782 0x6736 0x673d 0x6735 0x6738 };
218allowxperm usb_host dev_hdf_kevent:chr_file ioctl { 0x6202 0x6201 0x6203 };
219allowxperm usb_host dev_hdf_usb_pnp:chr_file ioctl { 0x6201 0x6202 0x6203 0x6206 };
220
221#avc:  denied  { get } for service=hdf_device_manager pid=347 scontext=u:r:input_user_host:s0 tcontext=u:object_r:hdf_device_manager:s0 tclass=hdf_devmgr_class permissive=1
222#avc:  denied  { add } for service=input_service pid=347 scontext=u:r:input_user_host:s0 tcontext=u:object_r:hdf_input_service:s0 tclass=hdf_devmgr_class permissive=1
223#avc:  denied  { getattr } for  pid=477 comm="input_user_host" path="/dev/hdf_input_event3" dev="tmpfs" ino=498 scontext=u:r:input_user_host:s0 tcontext=u:object_r:dev_file:s0 tclass=chr_file permissive=0
224#avc:  denied  { ioctl } for  pid=477 comm="input_user_host" path="/dev/hdf_input_event1" dev="tmpfs" ino=199 ioctlcmd=0x6202 scontext=u:r:input_user_host:s0 tcontext=u:object_r:dev_hdf_input:s0 tclass=chr_file permissive=0
225#avc:  denied  { ioctl } for  pid=420 comm="input_user_host" path="/dev/hdf_input_host" dev="tmpfs" ino=192 ioctlcmd=0x6201 scontext=u:r:input_user_host:s0 tcontext=u:object_r:dev_hdf_file:s0 tclass=chr_file permissive=0
226#avc:  denied  { getattr } for  pid=420 comm="input_user_host" path="/dev/dev_mgr" dev="tmpfs" ino=189 scontext=u:r:input_user_host:s0 tcontext=u:object_r:dev_mgr_file:s0 tclass=chr_file permissive=0
227#avc:  denied  { read write } for  pid=420 comm="input_user_host" name="hdf_input_event1" dev="tmpfs" ino=200 scontext=u:r:input_user_host:s0 tcontext=u:object_r:dev_hdf_input:s0 tclass=chr_file permissive=0
228allow input_user_host hdf_device_manager:hdf_devmgr_class { get };
229allow input_user_host hdf_input_service:hdf_devmgr_class { add };
230allow input_user_host hdf_input_interfaces_service:hdf_devmgr_class { add };
231allow input_user_host sa_device_service_manager:samgr_class { get };
232allow input_user_host dev_hdf_file:chr_file { ioctl };
233allow input_user_host dev_hdf_input:chr_file { ioctl open read write };
234allow input_user_host dev_mgr_file:chr_file { getattr ioctl open read write };
235allow input_user_host sh:binder { call };
236allowxperm input_user_host dev_hdf_file:chr_file ioctl 0x6201;
237allowxperm input_user_host dev_hdf_input:chr_file ioctl { 0x6201 0x6202 0x6203 0x6206 };
238allowxperm input_user_host dev_mgr_file:chr_file ioctl 0x6201;
239
240#avc:  denied  { get } for service=hdf_device_manager pid=358 scontext=u:r:wifi_host:s0 tcontext=u:object_r:hdf_device_manager:s0 tclass=hdf_devmgr_class permissive=1
241allow wifi_host hdf_device_manager:hdf_devmgr_class { get };
242
243#avc:  denied  { get } for service=hdf_device_manager pid=362 scontext=u:r:blue_host:s0 tcontext=u:object_r:hdf_device_manager:s0 tclass=hdf_devmgr_class permissive=1
244#avc:  denied  { add } for service=hci_interface_service pid=362 scontext=u:r:blue_host:s0 tcontext=u:object_r:hdf_hci_interface_service:s0 tclass=hdf_devmgr_class permissive=1
245allow blue_host hdf_device_manager:hdf_devmgr_class { get };
246allow blue_host hdf_hci_interface_service:hdf_devmgr_class { add };
247
248#avc:  denied  { get } for service=hdf_device_manager pid=363 scontext=u:r:disp_gralloc_host:s0 tcontext=u:object_r:hdf_device_manager:s0 tclass=hdf_devmgr_class permissive=1
249#avc:  denied  { add } for service=hdi_display_gralloc_service pid=363 scontext=u:r:disp_gralloc_host:s0 tcontext=u:object_r:hdf_hdi_display_gralloc_service:s0 tclass=hdf_devmgr_class permissive=1
250allow disp_gralloc_host hdf_device_manager:hdf_devmgr_class { get };
251allow disp_gralloc_host hdf_hdi_display_gralloc_service:hdf_devmgr_class { add };
252
253#avc:  denied  { get } for service=hdf_device_manager pid=349 scontext=u:r:audio_hdi_server_host:s0 tcontext=u:object_r:hdf_device_manager:s0 tclass=hdf_devmgr_class permissive=1
254#avc:  denied  { add } for service=audio_hdi_service pid=349 scontext=u:r:audio_hdi_server_host:s0 tcontext=u:object_r:hdf_audio_hdi_service:s0 tclass=hdf_devmgr_class permissive=1
255#avc:  denied  { add } for service=audio_hdi_pnp_service pid=341 scontext=u:r:audio_hdi_server_host:s0 tcontext=u:object_r:default_hdf_service:s0 tclass=hdf_devmgr_class permissive=1
256#neverallow allow audio_hdi_server_host default_hdf_service:hdf_devmgr_class { add };
257#avc:  denied  { get } for service=5100 pid=341 scontext=u:r:audio_hdi_server_host:s0 tcontext=u:object_r:default_service:s0 tclass=samgr_class permissive=1
258#neverallow allow audio_hdi_server_host default_service:samgr_class { get };
259#avc:  denied  { search } for  pid=351 comm="audio_hdi_serve" name="socket" dev="tmpfs" ino=38 scontext=u:r:audio_hdi_server_host:s0 tcontext=u:object_r:dev_unix_socket:s0 tclass=dir permissive=1
260#avc:  denied  { add } for service=audio_hdi_a2dp_service pid=341 scontext=u:r:audio_hdi_server_host:s0 tcontext=u:object_r:hdf_audio_hdi_a2dp_service:s0 tclass=hdf_devmgr_class permissive=1
261#avc:  denied  { call  transfer } for  pid=363 comm="audio_hdi_serve" scontext=u:r:audio_hdi_server_host:s0 tcontext=u:r:hdf_devmgr:s0 tclass=binder permissive=1
262#avc:  denied  { write } for  pid=363 comm="audio_hdi_serve" name="hilogInput" dev="tmpfs" ino=281 scontext=u:r:audio_hdi_server_host:s0 tcontext=u:object_r:hiloginput_socket:s0 tclass=sock_file permissive=1
263#neverallow allow audio_hdi_server_host hiloginput_socket:sock_file { write };
264#avc:  denied  { search } for  pid=547 comm="audio_hdi_serve" name="/" dev="mmcblk0p11" ino=2 scontext=u:r:audio_hdi_server_host:s0 tcontext=u:object_r:data_file:s0 tclass=dir permissive=1
265#avc:  denied  { read append  open write map} for  pid=577 comm="audio_hdi_serve" name="2017-08-13_audio_history.log" dev="mmcblk0p11" ino=13 scontext=u:r:audio_hdi_server_host:s0 tcontext=u:object_r:data_file:s0 tclass=file permissive=1
266#avc:  denied  { ioctl  getattr read write open} for  pid=547 comm="audio_hdi_serve" path="/dev/hdf_audio_render" dev="tmpfs" ino=190 ioctlcmd=0x6201 scontext=u:r:audio_hdi_server_host:s0 tcontext=u:object_r:dev_hdf_audio_render:s0 tclass=chr_file permissive=1
267#avc:  denied  { read write } for  pid=1936 comm="hdf_audio_hdi_c" path="/dev/pts/0" dev="devpts" ino=3 scontext=u:r:audio_hdi_server_host:s0 tcontext=u:object_r:devpts:s0 tclass=chr_file permissive=1
268#avc:  denied  { use } for  pid=1936 comm="hdf_audio_hdi_c" path="/dev/pts/0" dev="devpts" ino=3 scontext=u:r:audio_hdi_server_host:s0 tcontext=u:r:hdcd:s0 tclass=fd permissive=1
269#avc:  denied  { add get } for service=audio_hdi_usb_service pid=577 scontext=u:r:audio_hdi_server_host:s0 tcontext=u:object_r:hdf_audio_hdi_usb_service:s0 tclass=hdf_devmgr_class permissive=1
270#avc:  denied  { get } for service=5100 pid=547 scontext=u:r:audio_hdi_server_host:s0 tcontext=u:object_r:sa_device_service_manager:s0 tclass=samgr_class permissive=1
271#avc:  denied  { use } for  pid=1936 comm="hdf_audio_hdi_c" path="/data/lowlatencycapturetest.wav" dev="mmcblk0p11" ino=15 scontext=u:r:audio_hdi_server_host:s0 tcontext=u:r:sh:s0 tclass=fd permissive=1
272#avc:  denied  { dac_read_search } for  pid=1938 comm="processdump" capability=2  scontext=u:r:audio_hdi_server_host:s0 tcontext=u:r:audio_hdi_server_host:s0 tclass=capability permissive=1
273#neverallow allow audio_hdi_server_host audio_hdi_server_host:capability { dac_read_search };
274#avc:  denied  { read } for  pid=593 comm="audio_hdi_serve" scontext=u:r:audio_hdi_server_host:s0 tcontext=u:r:audio_hdi_server_host:s0 tclass=netlink_kobject_uevent_socket permissive=1
275#avc:  denied  { search } for  pid=1938 comm="processdump" name="init_agent" dev="mmcblk0p11" ino=522245 scontext=u:r:audio_hdi_server_host:s0 tcontext=u:object_r:data_init_agent:s0 tclass=dir permissive=1
276#avc:  denied  { read append  open} for  pid=1938 comm="processdump" name="begetctl.log" dev="mmcblk0p11" ino=522246 scontext=u:r:audio_hdi_server_host:s0 tcontext=u:object_r:data_init_agent:s0 tclass=file permissive=1
277#avc:  denied  { add } for service=audio_hdi_pnp_service pid=547 scontext=u:r:audio_hdi_server_host:s0 tcontext=u:object_r:default_hdf_service:s0 tclass=hdf_devmgr_class permissive=1
278#avc:  denied  { add } for service=audio_manager_service pid=1956 scontext=u:r:audio_hdi_server_host:s0 tcontext=u:object_r:hdf_audio_manager_service:s0 tclass=hdf_devmgr_class permissive=1
279#neverallow allow audio_hdi_server_host default_hdf_service:hdf_devmgr_class { add };
280#avc:  denied  { ioctl } for  pid=593 comm="audio_hdi_serve" path="/dev/hdf_kevent" dev="tmpfs" ino=200 ioctlcmd=0x6202 scontext=u:r:audio_hdi_server_host:s0 tcontext=u:object_r:dev_hdf_kevent:s0 tclass=chr_file permissive=1
281#avc:  denied  { search } for  pid=1938 comm="audio_hdi_serve" name="bin" dev="mmcblk0p6" ino=103 scontext=u:r:audio_hdi_server_host:s0 tcontext=u:object_r:system_bin_file:s0 tclass=dir permissive=1
282#avc:  denied  { execute  read open execute_no_trans  map} for  pid=1938 comm="audio_hdi_serve" name="processdump" dev="mmcblk0p6" ino=321 scontext=u:r:audio_hdi_server_host:s0 tcontext=u:object_r:system_bin_file:s0 tclass=file permissive=1
283#avc:  denied  { search } for  pid=586 comm="audio_hdi_serve" name="etc" dev="mmcblk0p7" ino=19 scontext=u:r:audio_hdi_server_host:s0 tcontext=u:object_r:vendor_etc_file:s0 tclass=dir permissive=1
284#avc:  denied  { getattr  read open} for  pid=586 comm="audio_hdi_serve" path="/vendor/etc/hdfconfig/audio_adapter_config.json" dev="mmcblk0p7" ino=32 scontext=u:r:audio_hdi_server_host:s0 tcontext=u:object_r:vendor_etc_file:s0 tclass=file permissive=1
285#avc:  denied  { search } for  pid=593 comm="audio_hdi_serve" name="lib" dev="mmcblk0p7" ino=48 scontext=u:r:audio_hdi_server_host:s0 tcontext=u:object_r:vendor_lib_file:s0 tclass=dir permissive=1
286#avc:  denied  { getattr  read open} for  pid=586 comm="audio_hdi_serve" path="/vendor/lib/libhdi_audio_interface_lib_capture.z.so" dev="mmcblk0p7" ino=105 scontext=u:r:audio_hdi_server_host:s0 tcontext=u:object_r:vendor_lib_file:s0 tclass=file permissive=1
287#avc:  denied  { ioctl } for  pid=573 comm="audio_hdi_serve" path="/data/2017-08-13_audio_history.log" dev="mmcblk0p11" ino=13 ioctlcmd=0x5413 scontext=u:r:audio_hdi_server_host:s0 tcontext=u:object_r:data_file:s0 tclass=file permissive=1
288#avc:  denied  { getattr  read write  open ioctl } for  pid=1945 comm="audio_sample_ca" path="/dev/hdf_audio_capture" dev="tmpfs" ino=197 scontext=u:r:sh:s0 tcontext=u:object_r:dev_hdf_audio_capture:s0 tclass=chr_file permissive=1
289#avc:  denied  { getattr  read write open ioctl} for  pid=573 comm="audio_hdi_serve" path="/dev/hdf_audio_control" dev="tmpfs" ino=196 scontext=u:r:audio_hdi_server_host:s0 tcontext=u:object_r:dev_hdf_audio_control:s0 tclass=chr_file permissive=1
290#avc:  denied  { ioctl } for  pid=548 comm="audio_hdi_serve" path="/dev/snd/pcmC0D0p" dev="tmpfs" ino=141 ioctlcmd=0x4143 scontext=u:r:audio_hdi_server_host:s0 tcontext=u:object_r:dev_snd_file:s0 tclass=chr_file permissive=1
291#avc:  denied  { search } for  pid=548 comm="audio_hdi_serve" name="snd" dev="tmpfs" ino=90 scontext=u:r:audio_hdi_server_host:s0 tcontext=u:object_r:dev_snd_file:s0 tclass=dir permissive=1
292allow audio_hdi_server_host hdf_device_manager:hdf_devmgr_class { get };
293allow audio_hdi_server_host hdf_audio_hdi_service:hdf_devmgr_class { add };
294allow audio_hdi_server_host dev_unix_socket:dir { search };
295allow audio_hdi_server_host hdf_audio_hdi_a2dp_service:hdf_devmgr_class { add };
296allow audio_hdi_server_host hdf_devmgr:binder { call transfer };
297allow audio_hdi_server_host data_file:dir { search };
298allow audio_hdi_server_host data_file:file { map open read append write };
299allow audio_hdi_server_host dev_hdf_audio_render:chr_file { getattr ioctl open read write };
300allow audio_hdi_server_host devpts:chr_file { read write };
301allow audio_hdi_server_host hdcd:fd { use };
302allow audio_hdi_server_host hdf_audio_hdi_usb_service:hdf_devmgr_class { add get };
303allow audio_hdi_server_host hdf_audio_manager_service:hdf_devmgr_class { add };
304allow audio_hdi_server_host sa_device_service_manager:samgr_class { get };
305allow audio_hdi_server_host sh:fd { use };
306allow audio_hdi_server_host sh:binder { transfer };
307allow audio_hdi_server_host audio_hdi_server_host:netlink_kobject_uevent_socket { read };
308allow audio_hdi_server_host data_init_agent:dir { search };
309allow audio_hdi_server_host data_init_agent:file { open read append };
310allow audio_hdi_server_host dev_hdf_kevent:chr_file { ioctl };
311allow audio_hdi_server_host system_bin_file:dir { search };
312allow audio_hdi_server_host system_bin_file:file { execute execute_no_trans map read open };
313allow audio_hdi_server_host vendor_etc_file:dir { search };
314allow audio_hdi_server_host vendor_etc_file:file { getattr open read };
315allow audio_hdi_server_host vendor_lib_file:dir { search };
316allow audio_hdi_server_host vendor_lib_file:file { getattr open read };
317allow audio_hdi_server_host data_file:file { ioctl };
318allow audio_hdi_server_host dev_hdf_audio_capture:chr_file { getattr ioctl open read write };
319allow audio_hdi_server_host dev_hdf_audio_control:chr_file { getattr ioctl open read write };
320allow audio_hdi_server_host dev_snd_file:chr_file { ioctl };
321allow audio_hdi_server_host dev_snd_file:dir { search };
322allowxperm audio_hdi_server_host dev_snd_file:chr_file ioctl { 0x4143 };
323allowxperm audio_hdi_server_host dev_hdf_audio_render:chr_file ioctl { 0x6201 };
324allowxperm audio_hdi_server_host dev_hdf_kevent:chr_file ioctl { 0x6201 0x6202 };
325allowxperm audio_hdi_server_host data_file:file ioctl { 0x5413 };
326allowxperm audio_hdi_server_host dev_hdf_audio_capture:chr_file ioctl { 0x6201 };
327allowxperm audio_hdi_server_host dev_hdf_audio_control:chr_file ioctl { 0x6201 };
328allow audio_hdi_server_host dev_bus:dir { search };
329
330#avc:  denied  { get } for service=5100 pid=403 scontext=u:r:face_auth_host:s0 tcontext=u:object_r:default_service:s0 tclass=hdf_devmgr_class permissive=1
331#avc:  denied  { add } for service=face_auth_interface_service pid=403 scontext=u:r:face_auth_host:s0 tcontext=u:object_r:hdf_face_auth_interface_service:s0 tclass=hdf_devmgr_class permissive=1
332#avc:  denied  { get } for service=5100 pid=403 scontext=u:r:face_auth_host:s0 tcontext=u:object_r:sa_device_service_manager:s0 tclass=samgr_class permissive=1
333allow face_auth_host hdf_device_manager:hdf_devmgr_class { get };
334allow face_auth_host hdf_face_auth_interface_service:hdf_devmgr_class { add };
335allow face_auth_host sa_device_service_manager:samgr_class { get };
336
337#avc:  denied  { get } for service=5100 pid=402 scontext=u:r:pin_auth_host:s0 tcontext=u:object_r:default_service:s0 tclass=hdf_devmgr_class permissive=1
338#avc:  denied  { add } for service=pin_auth_interface_service pid=402 scontext=u:r:pin_auth_host:s0 tcontext=u:object_r:hdf_pin_auth_interface_service:s0 tclass=hdf_devmgr_class permissive=1
339#avc:  denied  { get } for service=5100 pid=402 scontext=u:r:pin_auth_host:s0 tcontext=u:object_r:sa_device_service_manager:s0 tclass=samgr_class permissive=1
340allow pin_auth_host hdf_device_manager:hdf_devmgr_class { get };
341allow pin_auth_host hdf_pin_auth_interface_service:hdf_devmgr_class { add };
342allow pin_auth_host sa_device_service_manager:samgr_class { get };
343allow pin_auth_host data_service_el1_file:file { setattr };
344
345#avc:  denied  { get } for service=hdf_device_manager pid=364 scontext=u:r:user_auth_host:s0 tcontext=u:object_r:hdf_device_manager:s0 tclass=hdf_devmgr_class permissive=1
346#avc:  denied  { add } for service=user_auth_interface_service pid=364 scontext=u:r:user_auth_host:s0 tcontext=u:object_r:hdf_user_auth_interface_service:s0 tclass=hdf_devmgr_class permissive=1
347#avc:  denied  { get } for service=5100 pid=364 scontext=u:r:user_auth_host:s0 tcontext=u:object_r:sa_device_service_manager:s0 tclass=samgr_class permissive=1
348allow user_auth_host hdf_device_manager:hdf_devmgr_class { get };
349allow user_auth_host hdf_user_auth_interface_service:hdf_devmgr_class { add };
350allow user_auth_host sa_device_service_manager:samgr_class { get };
351allow user_auth_host data_service_el1_file:file { setattr };
352
353allow location_host hdf_device_manager:hdf_devmgr_class { get };
354allow location_host hdf_gnss_interface_service:hdf_devmgr_class { add };
355allow location_host hdf_geofence_interface_service:hdf_devmgr_class { add };
356allow location_host hdf_agnss_interface_service:hdf_devmgr_class { add };
357
358#avc:  denied  { get } for service=5100 pid=369 scontext=u:r:fingerprint_auth_host:s0 tcontext=u:object_r:default_service:s0 tclass=hdf_devmgr_class permissive=1
359#avc:  denied  { add } for service=fingerprint_auth_interface_service pid=369 scontext=u:r:fingerprint_auth_host:s0 tcontext=u:object_r:hdf_fingerprint_auth_interface_service:s0 tclass=hdf_devmgr_class permissive=1
360#avc:  denied  { get } for service=5100 pid=369 scontext=u:r:fingerprint_auth_host:s0 tcontext=u:object_r:sa_device_service_manager:s0 tclass=samgr_class permissive=1
361allow fingerprint_auth_host hdf_device_manager:hdf_devmgr_class { get };
362allow fingerprint_auth_host hdf_fingerprint_auth_interface_service:hdf_devmgr_class { add };
363allow fingerprint_auth_host sa_device_service_manager:samgr_class { get };
364
365#avc:  denied  { get } for service=hdf_device_manager pid=346 scontext=u:r:motion_host:s0 tcontext=u:object_r:hdf_device_manager:s0 tclass=hdf_devmgr_class
366#avc:  denied  { add } for service=motion_interface_service pid=346 scontext=u:r:motion_host:s0 tcontext=u:object_r:hdf_motion_interface_service:s0 tclass=hdf_devmgr_class
367allow motion_host hdf_device_manager:hdf_devmgr_class { get };
368allow motion_host hdf_motion_interface_service:hdf_devmgr_class { add };
369
370allow sh hdf_sensor_interface_service:hdf_devmgr_class { get };
371allow sh sa_device_service_manager:samgr_class { get };
372
373allow sensor_host sa_device_service_manager:samgr_class { get };
374
375allow sensors sa_miscdevice_service:samgr_class { add };
376allow sensors sa_param_watcher:samgr_class { get };
377
378allow light_host sa_device_service_manager:samgr_class { get };
379
380allow vibrator_host sa_device_service_manager:samgr_class { get };
381
382allow motion_host sa_device_service_manager:samgr_class { get };
383
384allow sh hdf_light_interface_service:hdf_devmgr_class { get };
385allow sh hdf_vibrator_interface_service:hdf_devmgr_class { get };
386
387allow sensor_host dev_unix_socket:dir { search };
388
389allow light_host dev_unix_socket:dir { search };
390allow light_host vendor_bin_file:file { entrypoint };
391dontaudit init light_host:process noatsecure;
392dontaudit init light_host:process rlimitinh;
393dontaudit init light_host:process siginh;
394dontaudit init light_host:process transition;
395
396allow vibrator_host dev_unix_socket:dir { search };
397
398allow rootfs labeledfs:filesystem { associate };
399
400allow init dev_hdf_misc_vibrator:chr_file { setattr };
401allow init dev_hdf_sensor_mgr:chr_file { setattr };
402allow init dev_hdfwifi:chr_file { setattr };
403
404allow light_host dev_hdf_light:chr_file { getattr };
405allow light_host dev_hdf_light:chr_file { ioctl };
406allow light_host dev_hdf_light:chr_file { open };
407allow light_host dev_hdf_light:chr_file { read write };
408allowxperm light_host dev_hdf_light:chr_file ioctl 0x6201;
409
410allow vibrator_host dev_hdf_misc_vibrator:chr_file { getattr };
411allow vibrator_host dev_hdf_misc_vibrator:chr_file { ioctl };
412allow vibrator_host dev_hdf_misc_vibrator:chr_file { open };
413allow vibrator_host dev_hdf_misc_vibrator:chr_file { read write };
414allowxperm vibrator_host dev_hdf_misc_vibrator:chr_file ioctl 0x6201;
415
416# for testcase start
417#avc:  denied  { remove_name } for  pid=2085 comm="ueventd" name="sample_service1" dev="tmpfs" ino=491 scontext=u:r:ueventd:s0 tcontext=u:object_r:dev_file:s0 tclass=dir permissive=1
418#avc:  denied  { unlink } for  pid=2085 comm="ueventd" name="sample_service1" dev="tmpfs" ino=491 scontext=u:r:ueventd:s0 tcontext=u:object_r:dev_file:s0 tclass=chr_file permissive=1
419#avc:  denied  { setattr } for  pid=2098 comm="ueventd" name="khdf_ut" dev="tmpfs" ino=212 scontext=u:r:ueventd:s0 tcontext=u:object_r:dev_hdf_test:s0 tclass=chr_file permissive=1
420#avc:  denied  { getattr } for  pid=2098 comm="ueventd" path="/dev/khdf_ut" dev="tmpfs" ino=212 scontext=u:r:ueventd:s0 tcontext=u:object_r:dev_hdf_test:s0 tclass=chr_file permissive=1
421#avc:  denied  { unlink } for  pid=2060 comm="ueventd" name="khdf_ut" dev="tmpfs" ino=212 scontext=u:r:ueventd:s0 tcontext=u:object_r:dev_hdf_test:s0 tclass=chr_file permissive=1
422#avc:  denied  { create } for  pid=227 comm="ueventd" name="=9" scontext=u:r:ueventd:s0 tcontext=u:object_r:dev_block_file:s0 tclass=dir permissive=1
423allow ueventd dev_file:dir { remove_name };
424allow ueventd dev_file:chr_file { unlink };
425allow ueventd dev_hdf_test:chr_file { getattr setattr unlink };
426allow ueventd dev_block_file:dir { create };
427
428#avc:  denied  { relabelto } for  pid=222 comm="ueventd" name="hdfwifi" dev="tmpfs" ino=192 scontext=u:r:ueventd:s0 tcontext=u:object_r:dev_hdfwifi:s0 tclass=chr_file permissive=0
429allow ueventd dev_hdfwifi:chr_file { relabelto };
430
431#avc:  denied  { transition } for  pid=1970 comm="init" path="/vendor/bin/hdf_devhost" dev="mmcblk0p7" ino=14 scontext=u:r:init:s0 tcontext=u:r:sample_host:s0 tclass=process permissive=1
432#avc:  denied  { rlimitinh } for  pid=1970 comm="hdf_devhost" scontext=u:r:init:s0 tcontext=u:r:sample_host:s0 tclass=process permissive=1
433#avc:  denied  { siginh } for  pid=1970 comm="hdf_devhost" scontext=u:r:init:s0 tcontext=u:r:sample_host:s0 tclass=process permissive=1
434#avc:  denied  { sigkill } for  pid=1 comm="init" scontext=u:r:init:s0 tcontext=u:r:sample_host:s0 tclass=process permissive=1
435allow init sample_host:process { rlimitinh siginh transition sigkill };
436
437#avc:  denied  { call } for  pid=1967 comm="HdiServiceManag" scontext=u:r:sh:s0 tcontext=u:r:hdf_devmgr:s0 tclass=binder permissive=1
438#avc:  denied  { transfer } for  pid=2007 comm="HdiServiceManag" scontext=u:r:sh:s0 tcontext=u:r:hdf_devmgr:s0 tclass=binder permissive=1
439#avc:  denied  { open } for  pid=2103 comm="sh" path="/sys/devices/virtual/hdf/khdf_ut/uevent" dev="sysfs" ino=32554 scontext=u:r:sh:s0 tcontext=u:object_r:sys_file:s0 tclass=file permissive=1
440#avc:  denied  { write } for  pid=2103 comm="sh" name="uevent" dev="sysfs" ino=32554 scontext=u:r:sh:s0 tcontext=u:object_r:sys_file:s0 tclass=file permissive=1
441#avc:  denied  { get } for service=sample_driver_service2 pid=1998 scontext=u:r:sh:s0 tcontext=u:object_r:default_hdf_service:s0 tclass=hdf_devmgr_class permissive=1
442#avc:  denied  { get } for service=hdf_device_manager pid=1998 scontext=u:r:sh:s0 tcontext=u:object_r:hdf_device_manager:s0 tclass=hdf_devmgr_class permissive=1
443#avc:  denied  { get } for service=sample_driver_service pid=1998 scontext=u:r:sh:s0 tcontext=u:object_r:hdf_sample_driver_service:s0 tclass=hdf_devmgr_class permissive=1
444allow sh hdf_devmgr:binder { call transfer };
445allow sh sys_file:file { open write };
446allow sh hdf_sample_service:hdf_devmgr_class { get };
447allow sh hdf_device_manager:hdf_devmgr_class { get };
448allow sh hdf_sample_driver_service:hdf_devmgr_class { get };
449
450#avc:  denied  { read } for  pid=1992 comm="hdf_devhost" name="u:object_r:security_param:s0" dev="tmpfs" ino=64 scontext=u:r:sample_host:s0 tcontext=u:object_r:security_param:s0 tclass=file permissive=1
451#avc:  denied  { map } for  pid=1992 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:security_param:s0" dev="tmpfs" ino=64 scontext=u:r:sample_host:s0 tcontext=u:object_r:security_param:s0 tclass=file permissive=1
452#avc:  denied  { read } for  pid=1992 comm="hdf_devhost" name="u:object_r:hilog_param:s0" dev="tmpfs" ino=65 scontext=u:r:sample_host:s0 tcontext=u:object_r:hilog_param:s0 tclass=file permissive=1
453#avc:  denied  { open } for  pid=1992 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:hilog_param:s0" dev="tmpfs" ino=65 scontext=u:r:sample_host:s0 tcontext=u:object_r:hilog_param:s0 tclass=file permissive=1
454#avc:  denied  { map } for  pid=1992 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:hilog_param:s0" dev="tmpfs" ino=65 scontext=u:r:sample_host:s0 tcontext=u:object_r:hilog_param:s0 tclass=file permissive=1
455#avc:  denied  { read } for  pid=1992 comm="hdf_devhost" name="u:object_r:persist_param:s0" dev="tmpfs" ino=66 scontext=u:r:sample_host:s0 tcontext=u:object_r:persist_param:s0 tclass=file permissive=1
456#avc:  denied  { open } for  pid=1992 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:persist_param:s0" dev="tmpfs" ino=66 scontext=u:r:sample_host:s0 tcontext=u:object_r:persist_param:s0 tclass=file permissive=1
457#avc:  denied  { map } for  pid=1992 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:persist_param:s0" dev="tmpfs" ino=66 scontext=u:r:sample_host:s0 tcontext=u:object_r:persist_param:s0 tclass=file permissive=1
458#avc:  denied  { read } for  pid=1992 comm="hdf_devhost" name="u:object_r:persist_sys_param:s0" dev="tmpfs" ino=67 scontext=u:r:sample_host:s0 tcontext=u:object_r:persist_sys_param:s0 tclass=file permissive=1
459#avc:  denied  { use } for  pid=1997 comm="HdiServiceManag" path="/dev/ashmem" dev="tmpfs" ino=185 scontext=u:r:sample_host:s0 tcontext=u:r:sh:s0 tclass=fd permissive=1
460#avc:  denied  { read } for  pid=2106 comm="hdf_devhost" name="u:object_r:ohos_param:s0" dev="tmpfs" ino=46 scontext=u:r:sample_host:s0 tcontext=u:object_r:ohos_param:s0 tclass=file permissive=1
461#avc:  denied  { open } for  pid=2106 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:ohos_param:s0" dev="tmpfs" ino=46 scontext=u:r:sample_host:s0 tcontext=u:object_r:ohos_param:s0 tclass=file permissive=1
462#avc:  denied  { map } for  pid=2106 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:ohos_param:s0" dev="tmpfs" ino=46 scontext=u:r:sample_host:s0 tcontext=u:object_r:ohos_param:s0 tclass=file permissive=1
463#avc:  denied  { read } for  pid=2106 comm="hdf_devhost" name="u:object_r:ohos_boot_param:s0" dev="tmpfs" ino=47 scontext=u:r:sample_host:s0 tcontext=u:object_r:ohos_boot_param:s0 tclass=file permissive=1
464#avc:  denied  { open } for  pid=2106 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:ohos_boot_param:s0" dev="tmpfs" ino=47 scontext=u:r:sample_host:s0 tcontext=u:object_r:ohos_boot_param:s0 tclass=file permissive=1
465#avc:  denied  { map } for  pid=2119 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:ohos_boot_param:s0" dev="tmpfs" ino=47 scontext=u:r:sample_host:s0 tcontext=u:object_r:ohos_boot_param:s0 tclass=file permissive=1
466#avc:  denied  { read } for  pid=2010 comm="hdf_devhost" name="u:object_r:net_param:s0" dev="tmpfs" ino=50 scontext=u:r:sample_host:s0 tcontext=u:object_r:net_param:s0 tclass=file permissive=1
467#avc:  denied  { read } for  pid=2010 comm="hdf_devhost" name="u:object_r:sys_param:s0" dev="tmpfs" ino=48 scontext=u:r:sample_host:s0 tcontext=u:object_r:sys_param:s0 tclass=file permissive=1
468#avc:  denied  { open } for  pid=2010 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:sys_param:s0" dev="tmpfs" ino=48 scontext=u:r:sample_host:s0 tcontext=u:object_r:sys_param:s0 tclass=file permissive=1
469#avc:  denied  { map } for  pid=2010 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:sys_param:s0" dev="tmpfs" ino=48 scontext=u:r:sample_host:s0 tcontext=u:object_r:sys_param:s0 tclass=file permissive=1
470#avc:  denied  { read } for  pid=2119 comm="hdf_devhost" name="u:object_r:sys_usb_param:s0" dev="tmpfs" ino=49 scontext=u:r:sample_host:s0 tcontext=u:object_r:sys_usb_param:s0 tclass=file permissive=1
471#avc:  denied  { open } for  pid=2119 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:sys_usb_param:s0" dev="tmpfs" ino=49 scontext=u:r:sample_host:s0 tcontext=u:object_r:sys_usb_param:s0 tclass=file permissive=1
472#avc:  denied  { map } for  pid=2119 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:sys_usb_param:s0" dev="tmpfs" ino=49 scontext=u:r:sample_host:s0 tcontext=u:object_r:sys_usb_param:s0 tclass=file permissive=1
473#avc:  denied  { search } for  pid=2038 comm="sample_host" name="etc" dev="mmcblk0p7" ino=19 scontext=u:r:sample_host:s0 tcontext=u:object_r:vendor_etc_file:s0 tclass=dir permissive=1
474#avc:  denied  { getattr } for  pid=2063 comm="sample_host" path="/vendor/etc/hdfconfig/hdf_default.hcb" dev="mmcblk0p7" ino=36 scontext=u:r:sample_host:s0 tcontext=u:object_r:vendor_etc_file:s0 tclass=file permissive=1
475#avc:  denied  { read } for  pid=2063 comm="sample_host" name="hdf_default.hcb" dev="mmcblk0p7" ino=36 scontext=u:r:sample_host:s0 tcontext=u:object_r:vendor_etc_file:s0 tclass=file permissive=1
476#avc:  denied  { open } for  pid=2063 comm="sample_host" path="/vendor/etc/hdfconfig/hdf_default.hcb" dev="mmcblk0p7" ino=36 scontext=u:r:sample_host:s0 tcontext=u:object_r:vendor_etc_file:s0 tclass=file permissive=1
477#avc:  denied  { open } for  pid=2221 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:net_param:s0" dev="tmpfs" ino=50 scontext=u:r:sample_host:s0 tcontext=u:object_r:net_param:s0 tclass=file permissive=0
478#avc:  denied  { map } for  pid=2056 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:net_param:s0" dev="tmpfs" ino=50 scontext=u:r:sample_host:s0 tcontext=u:object_r:net_param:s0 tclass=file permissive=1
479#avc:  denied  { read } for  pid=2005 comm="hdf_devhost" name="u:object_r:bootevent_samgr_param:s0" dev="tmpfs" ino=72 scontext=u:r:sample_host:s0 tcontext=u:object_r:bootevent_samgr_param:s0 tclass=file permissive=1
480#avc:  denied  { open } for  pid=2005 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:bootevent_samgr_param:s0" dev="tmpfs" ino=72 scontext=u:r:sample_host:s0 tcontext=u:object_r:bootevent_samgr_param:s0 tclass=file permissive=1
481#avc:  denied  { map } for  pid=2005 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:bootevent_samgr_param:s0" dev="tmpfs" ino=72 scontext=u:r:sample_host:s0 tcontext=u:object_r:bootevent_samgr_param:s0 tclass=file permissive=1
482#avc:  denied  { read } for  pid=2221 comm="hdf_devhost" name="u:object_r:const_param:s0" dev="tmpfs" ino=57 scontext=u:r:sample_host:s0 tcontext=u:object_r:const_param:s0 tclass=file permissive=0
483#avc:  denied  { read } for  pid=2221 comm="hdf_devhost" name="u:object_r:const_postinstall_fstab_param:s0" dev="tmpfs" ino=59 scontext=u:r:sample_host:s0 tcontext=u:object_r:const_postinstall_fstab_param:s0 tclass=file permissive=0
484#avc:  denied  { read } for  pid=2221 comm="hdf_devhost" name="u:object_r:const_postinstall_param:s0" dev="tmpfs" ino=58 scontext=u:r:sample_host:s0 tcontext=u:object_r:const_postinstall_param:s0 tclass=file permissive=0
485#avc:  denied  { read } for  pid=2005 comm="hdf_devhost" name="u:object_r:default_param:s0" dev="tmpfs" ino=75 scontext=u:r:sample_host:s0 tcontext=u:object_r:default_param:s0 tclass=file permissive=1
486#avc:  denied  { open } for  pid=2005 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:default_param:s0" dev="tmpfs" ino=75 scontext=u:r:sample_host:s0 tcontext=u:object_r:default_param:s0 tclass=file permissive=1
487#avc:  denied  { map } for  pid=2005 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:default_param:s0" dev="tmpfs" ino=75 scontext=u:r:sample_host:s0 tcontext=u:object_r:default_param:s0 tclass=file permissive=1
488#avc:  denied  { read } for  pid=2221 comm="hdf_devhost" name="u:object_r:hw_sc_build_os_param:s0" dev="tmpfs" ino=54 scontext=u:r:sample_host:s0 tcontext=u:object_r:hw_sc_build_os_param:s0 tclass=file permissive=0
489#avc:  denied  { read } for  pid=2056 comm="hdf_devhost" name="u:object_r:hw_sc_build_param:s0" dev="tmpfs" ino=53 scontext=u:r:sample_host:s0 tcontext=u:object_r:hw_sc_build_param:s0 tclass=file permissive=1
490#avc:  denied  { read } for  pid=2056 comm="hdf_devhost" name="u:object_r:hw_sc_param:s0" dev="tmpfs" ino=52 scontext=u:r:sample_host:s0 tcontext=u:object_r:hw_sc_param:s0 tclass=file permissive=1
491#avc:  denied  { open } for  pid=2056 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:hw_sc_param:s0" dev="tmpfs" ino=52 scontext=u:r:sample_host:s0 tcontext=u:object_r:hw_sc_param:s0 tclass=file permissive=1
492#avc:  denied  { map } for  pid=2056 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:hw_sc_param:s0" dev="tmpfs" ino=52 scontext=u:r:sample_host:s0 tcontext=u:object_r:hw_sc_param:s0 tclass=file permissive=1
493#avc:  denied  { read } for  pid=2221 comm="hdf_devhost" name="u:object_r:init_param:s0" dev="tmpfs" ino=55 scontext=u:r:sample_host:s0 tcontext=u:object_r:init_param:s0 tclass=file permissive=0
494#avc:  denied  { read } for  pid=2221 comm="hdf_devhost" name="u:object_r:init_svc_param:s0" dev="tmpfs" ino=56 scontext=u:r:sample_host:s0 tcontext=u:object_r:init_svc_param:s0 tclass=file permissive=0
495#avc:  denied  { read } for  pid=2005 comm="hdf_devhost" name="u:object_r:input_pointer_device_param:s0" dev="tmpfs" ino=73 scontext=u:r:sample_host:s0 tcontext=u:object_r:input_pointer_device_param:s0 tclass=file permissive=1
496#avc:  denied  { open } for  pid=2005 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:input_pointer_device_param:s0" dev="tmpfs" ino=73 scontext=u:r:sample_host:s0 tcontext=u:object_r:input_pointer_device_param:s0 tclass=file permissive=1
497#avc:  denied  { map } for  pid=2005 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:input_pointer_device_param:s0" dev="tmpfs" ino=73 scontext=u:r:sample_host:s0 tcontext=u:object_r:input_pointer_device_param:s0 tclass=file permissive=1
498#avc:  denied  { read } for  pid=2056 comm="hdf_devhost" name="u:object_r:net_tcp_param:s0" dev="tmpfs" ino=51 scontext=u:r:sample_host:s0 tcontext=u:object_r:net_tcp_param:s0 tclass=file permissive=1
499#avc:  denied  { open } for  pid=2056 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:net_tcp_param:s0" dev="tmpfs" ino=51 scontext=u:r:sample_host:s0 tcontext=u:object_r:net_tcp_param:s0 tclass=file permissive=1
500#avc:  denied  { map } for  pid=2056 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:net_tcp_param:s0" dev="tmpfs" ino=51 scontext=u:r:sample_host:s0 tcontext=u:object_r:net_tcp_param:s0 tclass=file permissive=1
501#avc:  denied  { read } for  pid=2031 comm="hdf_devhost" name="u:object_r:bootevent_param:s0" dev="tmpfs" ino=70 scontext=u:r:sample_host:s0 tcontext=u:object_r:bootevent_param:s0 tclass=file permissive=1
502#avc:  denied  { open } for  pid=2031 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:bootevent_param:s0" dev="tmpfs" ino=70 scontext=u:r:sample_host:s0 tcontext=u:object_r:bootevent_param:s0 tclass=file permissive=1
503#avc:  denied  { map } for  pid=2031 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:bootevent_param:s0" dev="tmpfs" ino=70 scontext=u:r:sample_host:s0 tcontext=u:object_r:bootevent_param:s0 tclass=file permissive=1
504#avc:  denied  { read } for  pid=2204 comm="hdf_devhost" name="u:object_r:const_allow_mock_param:s0" dev="tmpfs" ino=61 scontext=u:r:sample_host:s0 tcontext=u:object_r:const_allow_mock_param:s0 tclass=file permissive=0
505#avc:  denied  { read } for  pid=2204 comm="hdf_devhost" name="u:object_r:const_allow_param:s0" dev="tmpfs" ino=60 scontext=u:r:sample_host:s0 tcontext=u:object_r:const_allow_param:s0 tclass=file permissive=0
506#avc:  denied  { read } for  pid=2058 comm="hdf_devhost" name="u:object_r:const_display_brightness_param:s0" dev="tmpfs" ino=74 scontext=u:r:sample_host:s0 tcontext=u:object_r:const_display_brightness_param:s0 tclass=file permissive=1
507#avc:  denied  { open } for  pid=2058 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:const_display_brightness_param:s0" dev="tmpfs" ino=74 scontext=u:r:sample_host:s0 tcontext=u:object_r:const_display_brightness_param:s0 tclass=file permissive=1
508#avc:  denied  { map } for  pid=2058 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:const_display_brightness_param:s0" dev="tmpfs" ino=74 scontext=u:r:sample_host:s0 tcontext=u:object_r:const_display_brightness_param:s0 tclass=file permissive=1
509#avc:  denied  { open } for  pid=2195 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:const_param:s0" dev="tmpfs" ino=57 scontext=u:r:sample_host:s0 tcontext=u:object_r:const_param:s0 tclass=file permissive=0
510#avc:  denied  { open } for  pid=2195 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:const_postinstall_fstab_param:s0" dev="tmpfs" ino=59 scontext=u:r:sample_host:s0 tcontext=u:object_r:const_postinstall_fstab_param:s0 tclass=file permissive=0
511#avc:  denied  { open } for  pid=2195 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:const_postinstall_param:s0" dev="tmpfs" ino=58 scontext=u:r:sample_host:s0 tcontext=u:object_r:const_postinstall_param:s0 tclass=file permissive=0
512#avc:  denied  { open } for  pid=2069 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:hw_sc_build_os_param:s0" dev="tmpfs" ino=54 scontext=u:r:sample_host:s0 tcontext=u:object_r:hw_sc_build_os_param:s0 tclass=file permissive=1
513#avc:  denied  { map } for  pid=2069 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:hw_sc_build_os_param:s0" dev="tmpfs" ino=54 scontext=u:r:sample_host:s0 tcontext=u:object_r:hw_sc_build_os_param:s0 tclass=file permissive=1
514#avc:  denied  { open } for  pid=2069 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:hw_sc_build_param:s0" dev="tmpfs" ino=53 scontext=u:r:sample_host:s0 tcontext=u:object_r:hw_sc_build_param:s0 tclass=file permissive=1
515#avc:  denied  { map } for  pid=2069 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:hw_sc_build_param:s0" dev="tmpfs" ino=53 scontext=u:r:sample_host:s0 tcontext=u:object_r:hw_sc_build_param:s0 tclass=file permissive=1
516#avc:  denied  { open } for  pid=2155 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:init_param:s0" dev="tmpfs" ino=55 scontext=u:r:sample_host:s0 tcontext=u:object_r:init_param:s0 tclass=file permissive=0
517#avc:  denied  { open } for  pid=2173 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:init_svc_param:s0" dev="tmpfs" ino=56 scontext=u:r:sample_host:s0 tcontext=u:object_r:init_svc_param:s0 tclass=file permissive=0
518#avc:  denied  { open } for  pid=2031 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:persist_sys_param:s0" dev="tmpfs" ino=67 scontext=u:r:sample_host:s0 tcontext=u:object_r:persist_sys_param:s0 tclass=file permissive=1
519#avc:  denied  { map } for  pid=2031 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:persist_sys_param:s0" dev="tmpfs" ino=67 scontext=u:r:sample_host:s0 tcontext=u:object_r:persist_sys_param:s0 tclass=file permissive=1
520#avc:  denied  { open } for  pid=2043 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:const_allow_mock_param:s0" dev="tmpfs" ino=61 scontext=u:r:sample_host:s0 tcontext=u:object_r:const_allow_mock_param:s0 tclass=file permissive=1
521#avc:  denied  { map } for  pid=2043 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:const_allow_mock_param:s0" dev="tmpfs" ino=61 scontext=u:r:sample_host:s0 tcontext=u:object_r:const_allow_mock_param:s0 tclass=file permissive=1
522#avc:  denied  { open } for  pid=1972 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:const_allow_param:s0" dev="tmpfs" ino=60 scontext=u:r:sample_host:s0 tcontext=u:object_r:const_allow_param:s0 tclass=file permissive=1
523#avc:  denied  { map } for  pid=1972 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:const_allow_param:s0" dev="tmpfs" ino=60 scontext=u:r:sample_host:s0 tcontext=u:object_r:const_allow_param:s0 tclass=file permissive=1
524#avc:  denied  { read } for  pid=2043 comm="hdf_devhost" name="u:object_r:const_build_param:s0" dev="tmpfs" ino=62 scontext=u:r:sample_host:s0 tcontext=u:object_r:const_build_param:s0 tclass=file permissive=1
525#avc:  denied  { map } for  pid=1972 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:const_param:s0" dev="tmpfs" ino=57 scontext=u:r:sample_host:s0 tcontext=u:object_r:const_param:s0 tclass=file permissive=1
526#avc:  denied  { map } for  pid=1972 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:const_postinstall_fstab_param:s0" dev="tmpfs" ino=59 scontext=u:r:sample_host:s0 tcontext=u:object_r:const_postinstall_fstab_param:s0 tclass=file permissive=1
527#avc:  denied  { map } for  pid=1972 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:const_postinstall_param:s0" dev="tmpfs" ino=58 scontext=u:r:sample_host:s0 tcontext=u:object_r:const_postinstall_param:s0 tclass=file permissive=1
528#avc:  denied  { read } for  pid=2148 comm="hdf_devhost" name="u:object_r:const_product_param:s0" dev="tmpfs" ino=63 scontext=u:r:sample_host:s0 tcontext=u:object_r:const_product_param:s0 tclass=file permissive=0
529#avc:  denied  { read } for  pid=2148 comm="hdf_devhost" name="u:object_r:debug_param:s0" dev="tmpfs" ino=68 scontext=u:r:sample_host:s0 tcontext=u:object_r:debug_param:s0 tclass=file permissive=0
530#avc:  denied  { map } for  pid=2167 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:init_param:s0" dev="tmpfs" ino=55 scontext=u:r:sample_host:s0 tcontext=u:object_r:init_param:s0 tclass=file permissive=0
531#avc:  denied  { map } for  pid=2167 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:init_svc_param:s0" dev="tmpfs" ino=56 scontext=u:r:sample_host:s0 tcontext=u:object_r:init_svc_param:s0 tclass=file permissive=0
532#avc:  denied  { read } for  pid=2064 comm="hdf_devhost" name="u:object_r:build_version_param:s0" dev="tmpfs" ino=71 scontext=u:r:sample_host:s0 tcontext=u:object_r:build_version_param:s0 tclass=file permissive=0
533#avc:  denied  { open } for  pid=2064 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:const_build_param:s0" dev="tmpfs" ino=62 scontext=u:r:sample_host:s0 tcontext=u:object_r:const_build_param:s0 tclass=file permissive=0
534#avc:  denied  { open } for  pid=2064 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:const_product_param:s0" dev="tmpfs" ino=63 scontext=u:r:sample_host:s0 tcontext=u:object_r:const_product_param:s0 tclass=file permissive=0
535#avc:  denied  { open } for  pid=2064 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:debug_param:s0" dev="tmpfs" ino=68 scontext=u:r:sample_host:s0 tcontext=u:object_r:debug_param:s0 tclass=file permissive=0
536#avc:  denied  { call } for  pid=2064 comm="sample_host" scontext=u:r:sample_host:s0 tcontext=u:r:samgr:s0 tclass=binder permissive=0
537#avc:  denied  { read } for  pid=2064 comm="hdf_devhost" name="u:object_r:startup_param:s0" dev="tmpfs" ino=69 scontext=u:r:sample_host:s0 tcontext=u:object_r:startup_param:s0 tclass=file permissive=0
538#avc:  denied  { open } for  pid=2072 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:build_version_param:s0" dev="tmpfs" ino=71 scontext=u:r:sample_host:s0 tcontext=u:object_r:build_version_param:s0 tclass=file permissive=0
539#avc:  denied  { map } for  pid=2066 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:const_build_param:s0" dev="tmpfs" ino=62 scontext=u:r:sample_host:s0 tcontext=u:object_r:const_build_param:s0 tclass=file permissive=0
540#avc:  denied  { map } for  pid=2066 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:const_product_param:s0" dev="tmpfs" ino=63 scontext=u:r:sample_host:s0 tcontext=u:object_r:const_product_param:s0 tclass=file permissive=0
541#avc:  denied  { map } for  pid=2072 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:debug_param:s0" dev="tmpfs" ino=68 scontext=u:r:sample_host:s0 tcontext=u:object_r:debug_param:s0 tclass=file permissive=0
542#avc:  denied  { call } for  pid=2063 comm="sample_host" scontext=u:r:sample_host:s0 tcontext=u:r:hdf_devmgr:s0 tclass=binder permissive=0
543#avc:  denied  { open } for  pid=2072 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:startup_param:s0" dev="tmpfs" ino=69 scontext=u:r:sample_host:s0 tcontext=u:object_r:startup_param:s0 tclass=file permissive=0
544#avc:  denied  { map } for  pid=2030 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:build_version_param:s0" dev="tmpfs" ino=71 scontext=u:r:sample_host:s0 tcontext=u:object_r:build_version_param:s0 tclass=file permissive=0
545#avc:  denied  { map } for  pid=2033 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:startup_param:s0" dev="tmpfs" ino=69 scontext=u:r:sample_host:s0 tcontext=u:object_r:startup_param:s0 tclass=file permissive=0
546#avc:  denied  { transfer } for  pid=2007 comm="sample_host" scontext=u:r:sample_host:s0 tcontext=u:r:hdf_devmgr:s0 tclass=binder permissive=0
547#avc:  denied  { call } for  pid=2011 comm="sample_host" scontext=u:r:sample_host:s0 tcontext=u:r:sh:s0 tclass=binder permissive=0
548#avc:  denied  { getattr } for  pid=2029 comm="sample_host" path="/dev/hdf_kevent" dev="tmpfs" ino=204 scontext=u:r:sample_host:s0 tcontext=u:object_r:dev_hdf_kevent:s0 tclass=chr_file permissive=1
549#avc:  denied  { read write } for  pid=2029 comm="sample_host" name="hdf_kevent" dev="tmpfs" ino=204 scontext=u:r:sample_host:s0 tcontext=u:object_r:dev_hdf_kevent:s0 tclass=chr_file permissive=1
550#avc:  denied  { open } for  pid=2029 comm="sample_host" path="/dev/hdf_kevent" dev="tmpfs" ino=204 scontext=u:r:sample_host:s0 tcontext=u:object_r:dev_hdf_kevent:s0 tclass=chr_file permissive=1
551#avc:  denied  { search } for  pid=2001 comm="hdf_devhost" name="socket" dev="tmpfs" ino=40 scontext=u:r:sample_host:s0 tcontext=u:object_r:dev_unix_socket:s0 tclass=dir permissive=1
552#avc:  denied  { add } for service=sample_driver_service2 pid=2005 scontext=u:r:sample_host:s0 tcontext=u:object_r:default_hdf_service:s0 tclass=hdf_devmgr_class permissive=1
553#avc:  denied  { get } for service=hdf_device_manager pid=2001 scontext=u:r:sample_host:s0 tcontext=u:object_r:hdf_device_manager:s0 tclass=hdf_devmgr_class permissive=1
554#avc:  denied  { add } for service=sample_driver_service pid=2001 scontext=u:r:sample_host:s0 tcontext=u:object_r:hdf_sample_driver_service:s0 tclass=hdf_devmgr_class permissive=1
555#avc:  denied  { get } for service=5100 pid=2001 scontext=u:r:sample_host:s0 tcontext=u:object_r:sa_device_service_manager:s0 tclass=samgr_class permissive=1
556#avc:  denied  { ioctl } for  pid=2029 comm="sample_host" path="/dev/hdf_kevent" dev="tmpfs" ino=204 ioctlcmd=0x6203 scontext=u:r:sample_host:s0 tcontext=u:object_r:dev_hdf_kevent:s0 tclass=chr_file permissive=1
557allow sample_host hilog_param:file { map open read };
558allow sample_host ohos_boot_param:file { open read map };
559allow sample_host ohos_param:file { map open read };
560allow sample_host persist_param:file { map open read };
561allow sample_host persist_sys_param:file { read map open };
562allow sample_host security_param:file { map open read };
563allow sample_host sh:fd { use };
564allow sample_host system_bin_file:dir { search };
565allow sample_host net_param:file { read map open };
566allow sample_host sys_param:file { map open read };
567allow sample_host sys_usb_param:file { map open read };
568allow sample_host vendor_etc_file:dir { search };
569allow sample_host vendor_etc_file:file { getattr open read };
570allow sample_host bootevent_samgr_param:file { map open read };
571allow sample_host const_param:file { read open map };
572allow sample_host const_postinstall_fstab_param:file { read open map };
573allow sample_host const_postinstall_param:file { read open map };
574allow sample_host default_param:file { map open read };
575allow sample_host hw_sc_build_os_param:file { read map open };
576allow sample_host hw_sc_build_param:file { read map open };
577allow sample_host hw_sc_param:file { map open read };
578allow sample_host init_param:file { read open map };
579allow sample_host init_svc_param:file { read open map };
580allow sample_host input_pointer_device_param:file { map open read };
581allow sample_host net_tcp_param:file { map open read };
582allow sample_host bootevent_param:file { map open read };
583allow sample_host const_allow_mock_param:file { read map open };
584allow sample_host const_allow_param:file { read map open };
585allow sample_host const_display_brightness_param:file { map open read };
586allow sample_host const_build_param:file { read open map };
587allow sample_host const_product_param:file { read open map };
588allow sample_host debug_param:file { read open map };
589allow sample_host build_version_param:file { read open map };
590allow sample_host samgr:binder { call };
591allow sample_host startup_param:file { read open map };
592allow sample_host hdf_devmgr:binder { call transfer };
593allow sample_host sh:binder { call };
594allow sample_host dev_hdf_kevent:chr_file { getattr ioctl open read write };
595allow sample_host dev_unix_socket:dir { search };
596allow sample_host hdf_sample_service:hdf_devmgr_class { add };
597allow sample_host hdf_device_manager:hdf_devmgr_class { get };
598allow sample_host hdf_sample_driver_service:hdf_devmgr_class { add };
599allow sample_host sa_device_service_manager:samgr_class { get };
600allowxperm sample_host dev_hdf_kevent:chr_file ioctl { 0x6203 };
601# for testcase end
602
603allow sensor_host dev_hdf_sensor_mgr:chr_file { ioctl };
604allowxperm sensor_host dev_hdf_sensor_mgr:chr_file ioctl 0x6202;
605
606#avc:  denied  { ioctl } for  pid=468 comm="sensor_host" path="/dev/hdf_sensor_manager_ap" dev="tmpfs" ino=195 ioctlcmd=0x6206 scontext=u:r:sensor_host:s0 tcontext=u:object_r:dev_hdf_sensor_mgr:s0 tclass=chr_file permissive=0
607allow sensor_host dev_hdf_sensor_mgr:chr_file { ioctl };
608allowxperm sensor_host dev_hdf_sensor_mgr:chr_file ioctl 0x6206;
609
610#avc:  denied  { call } for  pid=502 comm="sensor_host" scontext=u:r:sensor_host:s0 tcontext=u:r:sh:s0 tclass=binder permissive=0
611allow sensor_host sh:binder { call };
612
613#avc: denied { get } for service=hdf_device_manager pid=379 scontext=u:r:partitionslot_host:s0 tcontext=u:object_r:hdf_device_manager:s0 tclass=hdf_devmgr_class permissive=1
614#avc: denied { add } for service=partition_slot_service pid=379 scontext=u:r:partitionslot_host:s0 tcontext=u:object_r:hdf_partition_slot_service:s0 tclass=hdf_devmgr_class permissive=1
615allow partitionslot_host hdf_device_manager:hdf_devmgr_class { get };
616allow partitionslot_host hdf_partition_slot_service:hdf_devmgr_class { add };
617allow partitionslot_host sa_device_service_manager:samgr_class { get };
618