1# Copyright (c) 2022 Huawei Device Co., Ltd. 2# Licensed under the Apache License, Version 2.0 (the "License"); 3# you may not use this file except in compliance with the License. 4# You may obtain a copy of the License at 5# 6# http://www.apache.org/licenses/LICENSE-2.0 7# 8# Unless required by applicable law or agreed to in writing, software 9# distributed under the License is distributed on an "AS IS" BASIS, 10# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11# See the License for the specific language governing permissions and 12# limitations under the License. 13 14type sdc, sadomain, domain; 15type sdc_exec, exec_attr, file_attr, system_file_attr; 16 17allow sdc hmdfs:dir { read search setattr getattr mounton }; 18allow sdc vfat:dir { read search setattr getattr mounton }; 19allow sdc exfat:dir { read search setattr getattr mounton }; 20allow sdc ntfs:dir { read search setattr getattr mounton }; 21 22#avc: denied { call } for pid=292 comm="sdc" scontext=u:r:init:s0 tcontext=u:r:samgr:s0 tclass=binder permissive=1 23allow sdc samgr:binder { call }; 24allow sdc storage_daemon:binder { call }; 25 26#avc: denied { read } for pid=260 comm="sdc" path="/system/bin/sdc" dev="mmcblk0p6" ino=354 scontext=u:r:init:s0 tcontext=u:object_r:sdc_exec:s0 tclass=file permissive=1 27allow sdc system_bin_file:file { read }; 28 29allow sdc sdc:process { setexec }; 30allow sdc hilog_param:file { map open read }; 31allow sdc sa_foundation_abilityms:samgr_class { get }; 32allow sdc sa_storage_manager_daemon:samgr_class { get }; 33