1# Copyright (c) 2022 Huawei Device Co., Ltd. 2# Licensed under the Apache License, Version 2.0 (the "License"); 3# you may not use this file except in compliance with the License. 4# You may obtain a copy of the License at 5# 6# http://www.apache.org/licenses/LICENSE-2.0 7# 8# Unless required by applicable law or agreed to in writing, software 9# distributed under the License is distributed on an "AS IS" BASIS, 10# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11# See the License for the specific language governing permissions and 12# limitations under the License. 13 14type av_session, sadomain, domain; 15allow av_session accesstoken_service:binder { call }; 16allow av_session sa_avsession_service:samgr_class { add get_remote }; 17allow av_session sa_multimodalinput_service:samgr_class { get }; 18allow av_session av_session:unix_dgram_socket { getopt setopt }; 19allow av_session data_file:dir { search add_name write }; 20allow av_session data_service_el1_file:dir { add_name search write }; 21allow av_session data_service_el1_file:file { create ioctl open read write }; 22allow av_session data_service_file:dir { search }; 23allow av_session default_param:file { read map open }; 24allow av_session dev_console_file:chr_file { read write }; 25allow av_session dev_unix_socket:dir { search }; 26allow av_session foundation:binder { call transfer }; 27allow av_session hilog_param:file { map open read }; 28allow av_session multimodalinput:binder { call }; 29allow av_session multimodalinput:fd { use }; 30allow av_session multimodalinput:unix_stream_socket { read write }; 31allow av_session sh:binder { call transfer }; 32allow av_session system_core_hap:binder { call transfer }; 33allow av_session tracefs:dir { search }; 34allow av_session tracefs_trace_marker_file:file { write open }; 35allow av_session data_file:file { open }; 36allow av_session av_session_data_file:file { append open create write ioctl read unlink getattr }; 37allow av_session debug_param:file { map open read }; 38allow av_session audio_policy:binder { call transfer }; 39allow av_session device_manager:binder { call transfer }; 40allow av_session param_watcher:binder { call transfer }; 41allow av_session sa_accesstoken_manager_service:samgr_class { get }; 42allow av_session sa_foundation_appms:samgr_class { get }; 43allow av_session av_session_data_file:dir { search write add_name read getattr remove_name}; 44allow av_session sa_foundation_abilityms:samgr_class { get }; 45allow av_session sa_audio_policy_service:samgr_class { get }; 46allow av_session sa_foundation_devicemanager_service:samgr_class { get }; 47allow av_session sa_param_watcher:samgr_class { get }; 48allow av_session system_bin_file:dir { search }; 49allowxperm av_session av_session_data_file:file ioctl 0x5413; 50allowxperm av_session data_service_el1_file:file ioctl { 0x5413 }; 51allow av_session normal_hap:binder { transfer call }; 52allow av_session sa_softbus_service:samgr_class { get }; 53allow av_session distributeddata:binder { call transfer }; 54allow av_session softbus_server:binder { call transfer }; 55allow av_session softbus_server:fd { use }; 56allow av_session softbus_server:tcp_socket { read write setopt shutdown }; 57allow av_session data_log:dir { getattr }; 58allow av_session system_basic_hap:binder { transfer call }; 59allow av_session sa_foundation_bms:samgr_class { get }; 60allow av_session vendor_bin_file:dir { search }; 61allow av_session sa_distributeddata_service:samgr_class { get }; 62