• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# Copyright (c) 2022 Huawei Device Co., Ltd.
2# Licensed under the Apache License, Version 2.0 (the "License");
3# you may not use this file except in compliance with the License.
4# You may obtain a copy of the License at
5#
6#     http://www.apache.org/licenses/LICENSE-2.0
7#
8# Unless required by applicable law or agreed to in writing, software
9# distributed under the License is distributed on an "AS IS" BASIS,
10# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11# See the License for the specific language governing permissions and
12# limitations under the License.
13
14type sa_usb_service, sa_service_attr;
15
16allow usb_service accessibility_param:file { map open read };
17allow usb_service console:binder { call };
18allow usb_service console:fd { use };
19allow usb_service data_file:dir { search };
20allow usb_service dev_unix_socket:dir { search };
21allow usb_service dev_unix_socket:sock_file { write };
22allow usb_service foundation:binder { call };
23allow usb_service hdf_devmgr:binder { call };
24allow usb_service hdf_usbd:hdf_devmgr_class { get };
25allow usb_service hdf_usb_interface_service:hdf_devmgr_class { get };
26allow usb_service init:binder { call transfer };
27allow usb_service param_watcher:binder { call transfer };
28allow usb_service sa_device_service_manager:samgr_class { get };
29allow usb_service sa_foundation_bms:samgr_class { get };
30allow usb_service sa_foundation_cesfwk_service:samgr_class { get };
31allow usb_service sa_param_watcher:samgr_class { get };
32allow usb_service sa_usb_service:samgr_class { get add };
33allow usb_service samain_exec:file { entrypoint execute };
34allow usb_service samgr:binder { call transfer };
35allow usb_service system_bin_file:dir { search };
36allow usb_service system_etc_file:dir { getattr open read };
37allow usb_service system_lib_file:lnk_file { read };
38allow usb_service system_profile_file:dir { search };
39allow usb_service tracefs:dir { search };
40allow usb_service tracefs_trace_marker_file:file { open write };
41allow usb_service usb_host:binder { call transfer };
42allow usb_service usb_service:dir { search };
43allow usb_service usb_service:lnk_file { read };
44allow usb_service vendor_file:file { execute getattr map open read };
45allow usb_service vendor_lib_file:dir { search };
46allow usb_service vendor_lib_file:file { execute map getattr open read };
47
48# avc:  denied  { call } for  pid=1914 comm="jsThread-1" scontext=u:r:normal_hap:s0 tcontext=u:r:usb_service:s0 tclass=binder permissive=0
49# avc:  denied  { get } for service=4201 pid=1759 scontext=u:r:normal_hap:s0 tcontext=u:object_r:sa_usb_service:s0 tclass=samgr_class permissive=0
50# avc:  denied  { transfer } for  pid=1842 comm="usb_service" scontext=u:r:usb_service:s0 tcontext=u:r:ui_service:s0 tclass=binder permissive=1
51# avc:  denied  { call } for  pid=659 comm="ui_service" scontext=u:r:ui_service:s0 tcontext=u:r:usb_service:s0 tclass=binder permissive=1
52# avc:  denied  { call } for  pid=1810 comm="IPC_1_1817" scontext=u:r:usb_service:s0 tcontext=u:r:ui_service:s0 tclass=binder permissive=1
53# avc:  denied  { get } for service=7001 pid=1830 scontext=u:r:usb_service:s0 tcontext=u:object_r:sa_subsys_ace_service:s0 tclass=samgr_class permissive=0
54# avc:  denied  { get } for service=4607 pid=1830 scontext=u:r:usb_service:s0 tcontext=u:object_r:sa_foundation_dms:s0 tclass=samgr_class permissive=0
55allow normal_hap sa_usb_service:samgr_class { get };
56allow normal_hap usb_service:binder { call };
57allow system_basic_hap sa_usb_service:samgr_class { get };
58allow system_basic_hap usb_service:binder { call };
59allow system_core_hap sa_usb_service:samgr_class { get };
60allow system_core_hap usb_service:binder { call };
61allow ui_service usb_service:binder { call };
62allow foundation usb_service:binder { call transfer };
63allow foundation usb_service:dir { search };
64allow foundation usb_service:file { open read };
65allow usb_service dev_console_file:chr_file { read write };
66allow usb_service sa_foundation_dms:samgr_class { get };
67allow usb_service sa_subsys_ace_service:samgr_class { get };
68allow usb_service ui_service:binder { transfer call };
69allow usb_service sa_foundation_abilityms:samgr_class { get };
70allow usb_service foundation:binder { transfer };
71allow usb_service musl_param:file { read };
72allow usb_service system_core_hap:binder { call };
73