• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# Copyright (c) 2022 Huawei Device Co., Ltd.
2# Licensed under the Apache License, Version 2.0 (the "License");
3# you may not use this file except in compliance with the License.
4# You may obtain a copy of the License at
5#
6#     http://www.apache.org/licenses/LICENSE-2.0
7#
8# Unless required by applicable law or agreed to in writing, software
9# distributed under the License is distributed on an "AS IS" BASIS,
10# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11# See the License for the specific language governing permissions and
12# limitations under the License.
13
14allow init sa_storage_manager_daemon:samgr_class { get };
15allow init sa_storage_manager_service:samgr_class { get };
16allow init storage_manager:binder { call };
17allow init storage_daemon:binder { call };
18
19#avc:  denied  { call } for  pid=262 comm="sdc" scontext=u:r:init:s0 tcontext=u:r:samgr:s0 tclass=binder permissive=0
20allow init samgr:binder { call };
21
22#avc:  denied  { execute } for  pid=260 comm="init" name="sdc" dev="mmcblk0p6" ino=354 scontext=u:r:init:s0 tcontext=u:object_r:sdc_exec:s0 tclass=file permissive=1
23#avc:  denied  { read open } for  pid=260 comm="init" path="/system/bin/sdc" dev="mmcblk0p6" ino=354 scontext=u:r:init:s0 tcontext=u:object_r:sdc_exec:s0 tclass=file permissive=1
24#avc:  denied  { execute_no_trans } for  pid=260 comm="init" path="/system/bin/sdc" dev="mmcblk0p6" ino=354 scontext=u:r:init:s0 tcontext=u:object_r:sdc_exec:s0 tclass=file permissive=1
25#avc:  denied  { map } for  pid=260 comm="sdc" path="/system/bin/sdc" dev="mmcblk0p6" ino=354 scontext=u:r:init:s0 tcontext=u:object_r:sdc_exec:s0 tclass=file permissive=1
26allow init system_bin_file:file { execute execute_no_trans map read open };
27
28#avc:  denied  { execute } for  pid=250 comm="init" name="sdc" dev="mmcblk0p6" ino=354 scontext=u:r:init:s0 tcontext=u:object_r:sdc_exec:s0 tclass=file permissive=0
29allow init sdc_exec:file { execute execute_no_trans map read open };
30
31#avc:  denied  { ioctl } for  pid=1 comm="init" path="/data/app/el1/bundle/public" dev="mmcblk0p11" ino=652804 ioctlcmd=0x6613 scontext=u:r:init:s0 tcontext=u:object_r:data_app_el1_file:s0 tclass=dir permissive=0
32#avc:  denied  { ioctl } for  pid=1 comm="init" path="/data/chipset/el1/public" dev="mmcblk0p11" ino=783363 ioctlcmd=0x6613 scontext=u:r:init:s0 tcontext=u:object_r:data_chipset_el1_file:s0 tclass=dir permissive=0
33#avc:  denied  { ioctl } for  pid=1 comm="init" path="/data/service/el1/public" dev="mmcblk0p11" ino=522256 ioctlcmd=0x6613 scontext=u:r:init:s0 tcontext=u:object_r:data_service_el1_file:s0 tclass=dir permissive=0
34allow init data_app_el1_file:dir { ioctl };
35allow init data_chipset_el1_file:dir { ioctl };
36allow init data_service_el1_file:dir { ioctl };
37
38allow init proc_version_file:file { open read };
39
40#avc:  denied  { module_request } for  pid=1 comm="init" kmod="crypto-cryptd(__cts-cbc-aes-ce)" scontext=u:r:init:s0 tcontext=u:r:kernel:s0 tclass=system permissive=0
41#avc:  denied  { module_request } for  pid=1 comm="init" kmod="crypto-cryptd(__cts-cbc-aes-ce)-all" scontext=u:r:init:s0 tcontext=u:r:kernel:s0 tclass=system permissive=0
42allow init kernel:system { module_request };
43