1# Copyright (c) 2021 Huawei Device Co., Ltd. 2# Licensed under the Apache License, Version 2.0 (the "License"); 3# you may not use this file except in compliance with the License. 4# You may obtain a copy of the License at 5# 6# http://www.apache.org/licenses/LICENSE-2.0 7# 8# Unless required by applicable law or agreed to in writing, software 9# distributed under the License is distributed on an "AS IS" BASIS, 10# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11# See the License for the specific language governing permissions and 12# limitations under the License. 13 14type udevd, domain, nativedomain; 15 16type udevd_exec, exec_attr, file_attr, system_file_attr; 17type udevd_socket, file_attr, data_file_attr; 18type udevd_file, file_attr, data_file_attr; 19 20init_daemon_domain(udevd); 21 22allow udevd data_file:dir { open search getattr rmdir }; 23allow udevd data_file:file { open }; 24allow udevd data_service_el1_file:dir { search write add_name create getattr remove_name read open watch rmdir }; 25allow udevd data_service_el1_file:file { create unlink write open ioctl read rename }; 26allow udevd data_service_el1_file:sock_file { create unlink }; 27allow udevd data_service_file:dir { search }; 28allow udevd data_udev:dir { rmdir }; 29allow udevd dev_bus_usb_file:chr_file { setattr }; 30allow udevd dev_char_file:dir { search write remove_name }; 31allow udevd dev_char_file:lnk_file { unlink }; 32allow udevd dev_dri_file:chr_file { getattr write }; 33allow udevd dev_dri_file:dir { add_name search write }; 34allow udevd dev_file:dir { add_name create write }; 35allow udevd dev_file:lnk_file { create getattr }; 36allow udevd dev_input_file:dir { remove_name rmdir }; 37allow udevd dev_input_file:lnk_file { getattr read write unlink rename }; 38allow udevd dev_ptmx:chr_file { write getattr }; 39#allow udevd sh_exec:file { read open execute execute_no_trans map }; 40allow udevd system_bin_file:dir { search }; 41allow udevd sys_file:file { getattr open read }; 42allow udevd tty_device:chr_file { open read write }; 43allow udevd udevd:capability { net_admin }; 44allow udevd udevd:netlink_kobject_uevent_socket { read create bind }; 45allow udevd udevd:netlink_kobject_uevent_socket { getattr setopt write }; 46allow udevd udevd:unix_dgram_socket { sendto read }; 47allow udevd vendor_lib_file:dir { search }; 48allowxperm udevd data_service_el1_file:file ioctl { 0x5413 }; 49