# Copyright (c) 2022 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. type debugfs_usb, fs_attr, debugfs_attr; #avc: denied { get } for service=hdf_device_manager pid=343 scontext=u:r:codec_host:s0 tcontext=u:object_r:hdf_device_manager:s0 tclass=hdf_devmgr_class #avc: denied { add } for service=codec_hdi_omx_service pid=343 scontext=u:r:codec_host:s0 tcontext=u:object_r:hdf_codec_hdi_omx_service:s0 tclass=hdf_devmgr_class #avc: denied { add } for service=codec_hdi_service pid=354 scontext=u:r:codec_host:s0 tcontext=u:object_r:hdf_codec_hdi_service:s0 tclass=hdf_devmgr_class #avc: denied { read } for pid=496 comm="IPC_1_599" name="u:object_r:musl_param:s0" dev="tmpfs" ino=56 scontext=u:r:codec_host:s0 tcontext=u:object_r:musl_param:s0 tclass=file permissive=0 #avc: denied { open } for pid=497 comm="IPC_2_1294" path="/dev/ashmem" dev="tmpfs" ino=190 scontext=u:r:codec_host:s0 tcontext=u:object_r:dev_ashmem_file:s0 tclass=chr_file permissive=0 #avc: denied { getattr } for pid=497 comm="omx_msg_hdl" path="/proc/version" dev="proc" ino=4026532114 scontext=u:r:codec_host:s0 tcontext=u:object_r:proc_version_file:s0 tclass=file permissive=0 allow codec_host musl_param:file { open map read }; allow codec_host dev_ashmem_file:chr_file { open }; allow codec_host hdf_device_manager:hdf_devmgr_class { get }; allow codec_host hdf_codec_hdi_omx_service:hdf_devmgr_class { add get }; allow codec_host hdf_codec_component_manager_service:hdf_devmgr_class { add get }; allow codec_host hdf_codec_hdi_service:hdf_devmgr_class { add get }; allow codec_host sa_device_service_manager:samgr_class { get }; allow codec_host dev_dri_file:dir { search read write }; allow codec_host sh:binder { transfer call }; allow codec_host sh:fd { use }; allow codec_host disp_gralloc_host:fd { use }; allow codec_host dev_dri_file:chr_file { read write open ioctl }; allow codec_host dev_mpp:chr_file { read write open ioctl }; allow codec_host proc_version_file:file { read open getattr }; allow codec_host sys_file:file { read open }; allow codec_host dev_rga:chr_file { read write open ioctl }; allowxperm codec_host dev_mpp:chr_file ioctl 0x7601; allowxperm codec_host dev_rga:chr_file ioctl { 0x64b2 0x642d 0x641f 0x642e 0x64b4 0x601b 0x5017 }; allowxperm codec_host dev_dri_file:chr_file ioctl { 0x64b2 0x642d 0x641f 0x642e 0x64b4 }; allow codec_host hdcd:fd { use }; allow codec_host devpts:chr_file { read write }; #avc: denied { get } for service=hdf_device_manager pid=344 scontext=u:r:light_host:s0 tcontext=u:object_r:hdf_device_manager:s0 tclass=hdf_devmgr_class #avc: denied { add } for service=light_interface_service pid=344 scontext=u:r:light_host:s0 tcontext=u:object_r:hdf_light_interface_service:s0 tclass=hdf_devmgr_class allow light_host hdf_device_manager:hdf_devmgr_class { get }; allow light_host hdf_light_interface_service:hdf_devmgr_class { add }; #avc: denied { get } for service=hdf_device_manager pid=346 scontext=u:r:sensor_host:s0 tcontext=u:object_r:hdf_device_manager:s0 tclass=hdf_devmgr_class #avc: denied { add } for service=sensor_interface_service pid=346 scontext=u:r:sensor_host:s0 tcontext=u:object_r:hdf_sensor_interface_service:s0 tclass=hdf_devmgr_class allow sensor_host hdf_device_manager:hdf_devmgr_class { get }; allow sensor_host hdf_sensor_interface_service:hdf_devmgr_class { add }; #avc: denied { get } for service=hdf_device_manager pid=359 scontext=u:r:power_host:s0 tcontext=u:object_r:hdf_device_manager:s0 tclass=hdf_devmgr_class #avc: denied { add } for service=thermal_interface_service pid=359 scontext=u:r:power_host:s0 tcontext=u:object_r:hdf_thermal_interface_service:s0 tclass=hdf_devmgr_class #avc: denied { add } for service=battery_interface_service pid=359 scontext=u:r:power_host:s0 tcontext=u:object_r:hdf_battery_interface_service:s0 tclass=hdf_devmgr_class #avc: denied { add } for service=power_interface_service pid=359 scontext=u:r:power_host:s0 tcontext=u:object_r:hdf_power_interface_service:s0 tclass=hdf_devmgr_class #avc: denied { get } for service=5100 pid=555 scontext=u:r:power_host:s0 tcontext=u:object_r:sa_device_service_manager:s0 tclass=samgr_class permissive=1 allow power_host hdf_device_manager:hdf_devmgr_class { get }; allow power_host hdf_thermal_interface_service:hdf_devmgr_class { add }; allow power_host hdf_battery_interface_service:hdf_devmgr_class { add }; allow power_host hdf_power_interface_service:hdf_devmgr_class { add }; allow power_host sa_device_service_manager:samgr_class { get }; #avc: denied { call } for pid=3275 comm="dcamera_host" scontext=u:r:dcamera_host:s0 tcontext=u:r:camera_service:s0 tclass=binder permissive=1 #avc: denied { transfer } for pid=2073 comm="dcamera_host" scontext=u:r:dcamera_host:s0 tcontext=u:r:camera_service:s0 tclass=binder permissive=1 #avc: denied { call } for pid=2057 comm="dcamera_host" scontext=u:r:dcamera_host:s0 tcontext=u:r:dcamera:s0 tclass=binder permissive=1 #avc: denied { getattr } for pid=2059 comm="dcamera_host" path="/dev/dri/renderD128" dev="tmpfs" ino=92 scontext=u:r:dcamera_host:s0 tcontext=u:object_r:dev_dri_file:s0 tclass=chr_file permissive=1 #avc: denied { read write } for pid=2059 comm="dcamera_host" name="renderD128" dev="tmpfs" ino=92 scontext=u:r:dcamera_host:s0 tcontext=u:object_r:dev_dri_file:s0 tclass=chr_file permissive=1 #avc: denied { open } for pid=2059 comm="dcamera_host" path="/dev/dri/renderD128" dev="tmpfs" ino=92 scontext=u:r:dcamera_host:s0 tcontext=u:object_r:dev_dri_file:s0 tclass=chr_file permissive=1 #avc: denied { ioctl } for pid=2059 comm="dcamera_host" path="/dev/dri/renderD128" dev="tmpfs" ino=92 ioctlcmd=0x641f scontext=u:r:dcamera_host:s0 tcontext=u:object_r:dev_dri_file:s0 tclass=chr_file permissive=1 #avc: denied { read write } for pid=2541 comm="hdf_devhost" path="/dev/console" dev="tmpfs" ino=19 scontext=u:r:dcamera_host:s0 tcontext=u:object_r:dev_console_file:s0 tclass=chr_file permissive=0 #avc: denied { search } for pid=2059 comm="dcamera_host" name="dri" dev="tmpfs" ino=91 scontext=u:r:dcamera_host:s0 tcontext=u:object_r:dev_dri_file:s0 tclass=dir permissive=1 #avc: denied { search } for pid=2057 comm="dcamera_host" name="socket" dev="tmpfs" ino=40 scontext=u:r:dcamera_host:s0 tcontext=u:object_r:dev_unix_socket:s0 tclass=dir permissive=1 #avc: denied { get } for service=hdf_device_manager pid=342 scontext=u:r:dcamera_host:s0 tcontext=u:object_r:hdf_device_manager:s0 tclass=hdf_devmgr_class permissive=1 #avc: denied { add } for service=distributed_camera_provider_service pid=342 scontext=u:r:dcamera_host:s0 tcontext=u:object_r:hdf_distributed_camera_provider_service:s0 tclass=hdf_devmgr_class permissive=1 #avc: denied { add } for service=distributed_camera_service pid=351 scontext=u:r:dcamera_host:s0 tcontext=u:object_r:hdf_distributed_camera_service:s0 tclass=hdf_devmgr_class permissive=1 #avc: denied { get } for service=hdi_display_gralloc_service pid=2038 scontext=u:r:dcamera_host:s0 tcontext=u:object_r:hdf_hdi_display_gralloc_service:s0 tclass=hdf_devmgr_class permissive=1 #avc: denied { call } for pid=1991 comm="dcamera_host" scontext=u:r:dcamera_host:s0 tcontext=u:r:hdf_devmgr:s0 tclass=binder permissive=1 #avc: denied { get } for service=5100 pid=2074 scontext=u:r:dcamera_host:s0 tcontext=u:object_r:sa_device_service_manager:s0 tclass=samgr_class permissive=1 #avc: denied { use } for pid=2059 comm="dcamera_host" path="/dmabuf:" dev="dmabuf" ino=30969 ioctlcmd=0x6200 scontext=u:r:dcamera_host:s0 tcontext=u:r:disp_gralloc_host:s0 tclass=fd permissive=1 #avc: denied { call } for pid=2059 comm="dcamera_host" scontext=u:r:dcamera_host:s0 tcontext=u:r:samgr:s0 tclass=binder permissive=1 #avc: denied { call } for pid=2059 comm="dcamera_host" scontext=u:r:dcamera_host:s0 tcontext=u:r:sh:s0 tclass=binder permissive=1 #avc: denied { open } for pid=2666 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:const_param:s0" dev="tmpfs" ino=57 scontext=u:r:dcamera_host:s0 tcontext=u:object_r:const_param:s0 tclass=file permissive=1 #avc: denied { map } for pid=2666 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:const_param:s0" dev="tmpfs" ino=57 scontext=u:r:dcamera_host:s0 tcontext=u:object_r:const_param:s0 tclass=file permissive=1 #avc: denied { read } for pid=2666 comm="hdf_devhost" name="u:object_r:const_postinstall_param:s0" dev="tmpfs" ino=58 scontext=u:r:dcamera_host:s0 tcontext=u:object_r:const_postinstall_param:s0 tclass=file permissive=1 #avc: denied { open } for pid=2666 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:const_postinstall_param:s0" dev="tmpfs" ino=58 scontext=u:r:dcamera_host:s0 tcontext=u:object_r:const_postinstall_param:s0 tclass=file permissive=1 #avc: denied { call } for pid=2582 comm="dcamera_host" scontext=u:r:dcamera_host:s0 tcontext=u:r:disp_gralloc_host:s0 tclass=binder permissive=0 #avc: denied { read } for pid=3798 comm="hdf_devhost" name="u:object_r:accessibility_param:s0" dev="tmpfs" ino=53 scontext=u:r:dcamera_host:s0 tcontext=u:object_r:accessibility_param:s0 tclass=file permissive=0 #avc: denied { call } for pid=2850 comm="dcamera_host" scontext=u:r:dcamera_host:s0 tcontext=u:r:system_core_hap:s0 tclass=binder permissive=1 #avc: denied { call } for pid=2850 comm="dcamera_host" scontext=u:r:dcamera_host:s0 tcontext=u:r:render_service:s0 tclass=binder permissive=1 #avc: denied { read } for pid=2047 comm="hdf_devhost" name="u:object_r:ohos_dev_param:s0" dev="tmpfs" ino=30 scontext=u:r:dcamera_host:s0 tcontext=u:object_r:ohos_dev_param:s0 tclass=file permissive=0 allow dcamera_host camera_service:binder { call transfer }; allow dcamera_host dcamera:binder { call }; allow dcamera_host dev_console_file:chr_file { read write }; allow dcamera_host dev_dri_file:chr_file { getattr read write open ioctl }; allow dcamera_host dev_dri_file:dir { search }; allow dcamera_host dev_unix_socket:dir { search }; allow dcamera_host hdf_device_manager:hdf_devmgr_class { get }; allow dcamera_host hdf_distributed_camera_provider_service:hdf_devmgr_class { add }; allow dcamera_host hdf_distributed_camera_service:hdf_devmgr_class { add }; allow dcamera_host hdf_hdi_display_gralloc_service:hdf_devmgr_class { get }; allow dcamera_host hdf_devmgr:binder { call }; allow dcamera_host sa_device_service_manager:samgr_class { get }; allow dcamera_host disp_gralloc_host:fd { use }; allow dcamera_host samgr:binder { call }; allow dcamera_host sh:binder { call transfer }; allow dcamera_host const_param:file { open read }; allow dcamera_host const_postinstall_param:file { open map }; allow dcamera_host disp_gralloc_host:binder { call }; allow dcamera_host accessibility_param:file { read open map }; allow dcamera_host system_core_hap:binder { call }; allow dcamera_host render_service:binder { call }; allow dcamera_host ohos_dev_param:file { read }; #avc: denied { get } for service=hdf_device_manager pid=345 scontext=u:r:vibrator_host:s0 tcontext=u:object_r:hdf_device_manager:s0 tclass=hdf_devmgr_class permissive=1 #avc: denied { add } for service=vibrator_interface_service pid=345 scontext=u:r:vibrator_host:s0 tcontext=u:object_r:hdf_vibrator_interface_service:s0 tclass=hdf_devmgr_class permissive=1 allow vibrator_host hdf_device_manager:hdf_devmgr_class { get }; allow vibrator_host hdf_vibrator_interface_service:hdf_devmgr_class { add }; #avc: denied { get } for service=hdf_device_manager pid=348 scontext=u:r:camera_host:s0 tcontext=u:object_r:hdf_device_manager:s0 tclass=hdf_devmgr_class permissive=1 #avc: denied { add } for service=camera_service pid=348 scontext=u:r:camera_host:s0 tcontext=u:object_r:hdf_camera_service:s0 tclass=hdf_devmgr_class permissive=1 #avc: denied { call } for pid=439 comm="PREVIEW#2" scontext=u:r:camera_host:s0 tcontext=u:r:dcamera:s0 tclass=binder permissive=0 allow camera_host camera_host:netlink_kobject_uevent_socket { bind bind create read create }; allow camera_host camera_service:binder { call transfer }; allow camera_host data_log:file { read write }; allow camera_host dev_dri_file:chr_file { getattr ioctl open read write }; allow camera_host dev_dri_file:dir { search }; allow camera_host dev_hdf_kevent:chr_file { getattr getattr ioctl }; allow camera_host dev_mpp:chr_file { ioctl open read write }; allow camera_host dev_rga:chr_file { ioctl open read write }; allow camera_host dev_unix_socket:dir { search }; allow camera_host dev_unix_socket:sock_file { write }; allow camera_host dev_video_file:chr_file { getattr ioctl open read write }; allow camera_host disp_gralloc_host:fd { use }; allow camera_host faultloggerd:fd { use }; allow camera_host faultloggerd:unix_stream_socket { connectto }; allow camera_host hdf_device_manager:hdf_devmgr_class { get }; allow camera_host hdf_camera_service:hdf_devmgr_class { add }; allow camera_host hdf_devmgr:binder { call transfer transfer }; allow camera_host hdf_hdi_display_gralloc_service:hdf_devmgr_class { get }; allow camera_host hiview:binder { call }; allow camera_host media_service:binder { call }; allow camera_host proc_version_file:file { open read }; allow camera_host render_service:binder { call }; allow camera_host samgr:binder { call }; allow camera_host sys_file:file { open read }; allow camera_host system_basic_hap:fd { use }; allow camera_host system_bin_file:dir { search }; allow camera_host system_bin_file:file { execute execute execute_no_trans map read open execute_no_trans map read open }; allow camera_host system_core_hap:binder { call }; allow camera_host system_core_hap:fd { use }; allow camera_host vendor_bin_file:file { entrypoint entrypoint execute map read execute map read }; allow camera_host vendor_etc_file:dir { search }; allow camera_host vendor_etc_file:file { getattr open read }; allow camera_host vendor_file:file { execute execute getattr map open read getattr map open read }; allow camera_host disp_gralloc_host:binder { call }; allow camera_host dcamera:binder { call transfer }; allowxperm camera_host dev_dri_file:chr_file ioctl { 0x641f 0x642d 0x642e 0x64b2 0x64b4 }; allowxperm camera_host dev_hdf_kevent:chr_file ioctl { 0x6201 0x6202 }; allowxperm camera_host dev_mpp:chr_file ioctl { 0x7601 }; allowxperm camera_host dev_rga:chr_file ioctl { 0x5017 0x5019 0x601b }; allowxperm camera_host dev_video_file:chr_file ioctl { 0x5600 0x5605 0x5608 0x5609 0x560f 0x5611 0x5612 0x5613 }; #avc: denied { get } for service=hdf_device_manager pid=361 scontext=u:r:usb_host:s0 tcontext=u:object_r:hdf_device_manager:s0 tclass=hdf_devmgr_class permissive=1 #avc: denied { add } for service=usbd pid=361 scontext=u:r:usb_host:s0 tcontext=u:object_r:hdf_usbd:s0 tclass=hdf_devmgr_class permissive=1 allow usb_host accessibility_param:file { map open read open read }; allow usb_host configfs:dir { add_name create open read search write remove_name rmdir }; allow usb_host configfs:file { create ioctl open read write getattr }; allow usb_host configfs:lnk_file { create unlink }; allow usb_host console:binder { call }; allow usb_host console:fd { use }; allow usb_host data_file:dir { search }; allow usb_host data_init_agent:dir { search }; allow usb_host data_init_agent:file { ioctl open read append }; allow usb_host data_log:file { read write }; allow usb_host debugfs_usb:dir { search }; allow usb_host debugfs_usb:file { open write }; allow usb_host dev_bus:dir { search }; allow usb_host dev_bus_usb_file:chr_file { ioctl map open read write getattr}; allow usb_host dev_bus_usb_file:dir { search }; allow usb_host dev_functionfs_file:chr_file { ioctl map open read write getattr }; allow usb_host dev_functionfs_file:dir { search }; allow usb_host dev_hdf_kevent:chr_file { getattr ioctl open read write }; allow usb_host dev_hdf_usb_pnp:chr_file { getattr ioctl open read write }; allow usb_host dev_usbfn_file:chr_file { getattr ioctl read write open map }; allow usb_host dev_usbfn_file:dir { search }; allow usb_host dev_unix_socket:dir { search }; allow usb_host dev_unix_socket:sock_file { write }; allow usb_host faultloggerd:fd { use }; allow usb_host faultloggerd:unix_stream_socket { connectto }; allow usb_host faultloggerd_socket:sock_file { write }; allow usb_host hdf_device_manager:hdf_devmgr_class { get }; allow usb_host hdf_devmgr:binder { call transfer }; allow usb_host hdf_usb_interface_service:hdf_devmgr_class { add }; allow usb_host hdf_usb_pnp_manager:hdf_devmgr_class { add }; allow usb_host hdf_usbd:hdf_devmgr_class { add }; allow usb_host hdf_usbfn_cdcacm:hdf_devmgr_class { add get }; allow usb_host hdf_usbfn_cdcecm:hdf_devmgr_class { add get }; allow usb_host hdf_usbfn_master:hdf_devmgr_class { add get }; allow usb_host hiview:binder { call }; allow usb_host kernel:unix_stream_socket { connectto }; allow usb_host paramservice_socket:sock_file { write }; allow usb_host rootfs:chr_file { read write }; allow usb_host sa_device_service_manager:samgr_class { get }; allow usb_host samgr:binder { call }; allow usb_host sys_param:parameter_service { set }; allow usb_host system_bin_file:dir { search }; allow usb_host system_bin_file:file { execute execute_no_trans map read open }; allow usb_host tty_device:chr_file { open read write }; allow usb_host usb_service:binder { call }; allow usb_host vendor_bin_file:file { entrypoint execute map read }; allow usb_host vendor_etc_file:dir { search }; allow usb_host vendor_etc_file:file { getattr open read }; allow usb_host vendor_lib_file:dir { search }; allow usb_host vendor_lib_file:file { execute getattr map open read }; allow usb_host samgr:binder { transfer }; allow usb_host sa_usb_service:samgr_class { get }; allowxperm usb_host configfs:file ioctl { 0x5413 }; allowxperm usb_host data_init_agent:file ioctl { 0x5413 }; allowxperm usb_host dev_bus_usb_file:chr_file ioctl { 0x5500 0x5504 0x5508 0x550b 0x550c 0x550f 0x5510 0x550a 0x5512 0x5516 0x551a 0x551b }; allowxperm usb_host dev_file:chr_file ioctl { 0x6201 0x6202 0x6203 0x6731 0x6732 0x6734 0x673c 0x6782 0x6736 0x673d 0x6735 0x6738 }; allowxperm usb_host dev_hdf_kevent:chr_file ioctl { 0x6202 0x6201 0x6203 }; allowxperm usb_host dev_hdf_usb_pnp:chr_file ioctl { 0x6201 0x6202 0x6203 0x6206 }; #avc: denied { get } for service=hdf_device_manager pid=347 scontext=u:r:input_user_host:s0 tcontext=u:object_r:hdf_device_manager:s0 tclass=hdf_devmgr_class permissive=1 #avc: denied { add } for service=input_service pid=347 scontext=u:r:input_user_host:s0 tcontext=u:object_r:hdf_input_service:s0 tclass=hdf_devmgr_class permissive=1 #avc: denied { getattr } for pid=477 comm="input_user_host" path="/dev/hdf_input_event3" dev="tmpfs" ino=498 scontext=u:r:input_user_host:s0 tcontext=u:object_r:dev_file:s0 tclass=chr_file permissive=0 #avc: denied { ioctl } for pid=477 comm="input_user_host" path="/dev/hdf_input_event1" dev="tmpfs" ino=199 ioctlcmd=0x6202 scontext=u:r:input_user_host:s0 tcontext=u:object_r:dev_hdf_input:s0 tclass=chr_file permissive=0 #avc: denied { ioctl } for pid=420 comm="input_user_host" path="/dev/hdf_input_host" dev="tmpfs" ino=192 ioctlcmd=0x6201 scontext=u:r:input_user_host:s0 tcontext=u:object_r:dev_hdf_file:s0 tclass=chr_file permissive=0 #avc: denied { getattr } for pid=420 comm="input_user_host" path="/dev/dev_mgr" dev="tmpfs" ino=189 scontext=u:r:input_user_host:s0 tcontext=u:object_r:dev_mgr_file:s0 tclass=chr_file permissive=0 #avc: denied { read write } for pid=420 comm="input_user_host" name="hdf_input_event1" dev="tmpfs" ino=200 scontext=u:r:input_user_host:s0 tcontext=u:object_r:dev_hdf_input:s0 tclass=chr_file permissive=0 allow input_user_host hdf_device_manager:hdf_devmgr_class { get }; allow input_user_host hdf_input_service:hdf_devmgr_class { add }; allow input_user_host hdf_input_interfaces_service:hdf_devmgr_class { add }; allow input_user_host sa_device_service_manager:samgr_class { get }; allow input_user_host dev_hdf_file:chr_file { ioctl }; allow input_user_host dev_hdf_input:chr_file { ioctl open read write }; allow input_user_host dev_mgr_file:chr_file { getattr ioctl open read write }; allow input_user_host sh:binder { call }; allowxperm input_user_host dev_hdf_file:chr_file ioctl 0x6201; allowxperm input_user_host dev_hdf_input:chr_file ioctl { 0x6201 0x6202 0x6203 0x6206 }; allowxperm input_user_host dev_mgr_file:chr_file ioctl 0x6201; #avc: denied { get } for service=hdf_device_manager pid=358 scontext=u:r:wifi_host:s0 tcontext=u:object_r:hdf_device_manager:s0 tclass=hdf_devmgr_class permissive=1 allow wifi_host hdf_device_manager:hdf_devmgr_class { get }; #avc: denied { get } for service=hdf_device_manager pid=362 scontext=u:r:blue_host:s0 tcontext=u:object_r:hdf_device_manager:s0 tclass=hdf_devmgr_class permissive=1 #avc: denied { add } for service=hci_interface_service pid=362 scontext=u:r:blue_host:s0 tcontext=u:object_r:hdf_hci_interface_service:s0 tclass=hdf_devmgr_class permissive=1 allow blue_host hdf_device_manager:hdf_devmgr_class { get }; allow blue_host hdf_hci_interface_service:hdf_devmgr_class { add }; #avc: denied { get } for service=hdf_device_manager pid=363 scontext=u:r:disp_gralloc_host:s0 tcontext=u:object_r:hdf_device_manager:s0 tclass=hdf_devmgr_class permissive=1 #avc: denied { add } for service=hdi_display_gralloc_service pid=363 scontext=u:r:disp_gralloc_host:s0 tcontext=u:object_r:hdf_hdi_display_gralloc_service:s0 tclass=hdf_devmgr_class permissive=1 allow disp_gralloc_host hdf_device_manager:hdf_devmgr_class { get }; allow disp_gralloc_host hdf_hdi_display_gralloc_service:hdf_devmgr_class { add }; #avc: denied { get } for service=hdf_device_manager pid=349 scontext=u:r:audio_hdi_server_host:s0 tcontext=u:object_r:hdf_device_manager:s0 tclass=hdf_devmgr_class permissive=1 #avc: denied { add } for service=audio_hdi_service pid=349 scontext=u:r:audio_hdi_server_host:s0 tcontext=u:object_r:hdf_audio_hdi_service:s0 tclass=hdf_devmgr_class permissive=1 #avc: denied { add } for service=audio_hdi_pnp_service pid=341 scontext=u:r:audio_hdi_server_host:s0 tcontext=u:object_r:default_hdf_service:s0 tclass=hdf_devmgr_class permissive=1 #neverallow allow audio_hdi_server_host default_hdf_service:hdf_devmgr_class { add }; #avc: denied { get } for service=5100 pid=341 scontext=u:r:audio_hdi_server_host:s0 tcontext=u:object_r:default_service:s0 tclass=samgr_class permissive=1 #neverallow allow audio_hdi_server_host default_service:samgr_class { get }; #avc: denied { search } for pid=351 comm="audio_hdi_serve" name="socket" dev="tmpfs" ino=38 scontext=u:r:audio_hdi_server_host:s0 tcontext=u:object_r:dev_unix_socket:s0 tclass=dir permissive=1 #avc: denied { add } for service=audio_hdi_a2dp_service pid=341 scontext=u:r:audio_hdi_server_host:s0 tcontext=u:object_r:hdf_audio_hdi_a2dp_service:s0 tclass=hdf_devmgr_class permissive=1 #avc: denied { call transfer } for pid=363 comm="audio_hdi_serve" scontext=u:r:audio_hdi_server_host:s0 tcontext=u:r:hdf_devmgr:s0 tclass=binder permissive=1 #avc: denied { write } for pid=363 comm="audio_hdi_serve" name="hilogInput" dev="tmpfs" ino=281 scontext=u:r:audio_hdi_server_host:s0 tcontext=u:object_r:hiloginput_socket:s0 tclass=sock_file permissive=1 #neverallow allow audio_hdi_server_host hiloginput_socket:sock_file { write }; #avc: denied { search } for pid=547 comm="audio_hdi_serve" name="/" dev="mmcblk0p11" ino=2 scontext=u:r:audio_hdi_server_host:s0 tcontext=u:object_r:data_file:s0 tclass=dir permissive=1 #avc: denied { read append open write map} for pid=577 comm="audio_hdi_serve" name="2017-08-13_audio_history.log" dev="mmcblk0p11" ino=13 scontext=u:r:audio_hdi_server_host:s0 tcontext=u:object_r:data_file:s0 tclass=file permissive=1 #avc: denied { ioctl getattr read write open} for pid=547 comm="audio_hdi_serve" path="/dev/hdf_audio_render" dev="tmpfs" ino=190 ioctlcmd=0x6201 scontext=u:r:audio_hdi_server_host:s0 tcontext=u:object_r:dev_hdf_audio_render:s0 tclass=chr_file permissive=1 #avc: denied { read write } for pid=1936 comm="hdf_audio_hdi_c" path="/dev/pts/0" dev="devpts" ino=3 scontext=u:r:audio_hdi_server_host:s0 tcontext=u:object_r:devpts:s0 tclass=chr_file permissive=1 #avc: denied { use } for pid=1936 comm="hdf_audio_hdi_c" path="/dev/pts/0" dev="devpts" ino=3 scontext=u:r:audio_hdi_server_host:s0 tcontext=u:r:hdcd:s0 tclass=fd permissive=1 #avc: denied { add get } for service=audio_hdi_usb_service pid=577 scontext=u:r:audio_hdi_server_host:s0 tcontext=u:object_r:hdf_audio_hdi_usb_service:s0 tclass=hdf_devmgr_class permissive=1 #avc: denied { get } for service=5100 pid=547 scontext=u:r:audio_hdi_server_host:s0 tcontext=u:object_r:sa_device_service_manager:s0 tclass=samgr_class permissive=1 #avc: denied { use } for pid=1936 comm="hdf_audio_hdi_c" path="/data/lowlatencycapturetest.wav" dev="mmcblk0p11" ino=15 scontext=u:r:audio_hdi_server_host:s0 tcontext=u:r:sh:s0 tclass=fd permissive=1 #avc: denied { dac_read_search } for pid=1938 comm="processdump" capability=2 scontext=u:r:audio_hdi_server_host:s0 tcontext=u:r:audio_hdi_server_host:s0 tclass=capability permissive=1 #neverallow allow audio_hdi_server_host audio_hdi_server_host:capability { dac_read_search }; #avc: denied { read } for pid=593 comm="audio_hdi_serve" scontext=u:r:audio_hdi_server_host:s0 tcontext=u:r:audio_hdi_server_host:s0 tclass=netlink_kobject_uevent_socket permissive=1 #avc: denied { search } for pid=1938 comm="processdump" name="init_agent" dev="mmcblk0p11" ino=522245 scontext=u:r:audio_hdi_server_host:s0 tcontext=u:object_r:data_init_agent:s0 tclass=dir permissive=1 #avc: denied { read append open} for pid=1938 comm="processdump" name="begetctl.log" dev="mmcblk0p11" ino=522246 scontext=u:r:audio_hdi_server_host:s0 tcontext=u:object_r:data_init_agent:s0 tclass=file permissive=1 #avc: denied { add } for service=audio_hdi_pnp_service pid=547 scontext=u:r:audio_hdi_server_host:s0 tcontext=u:object_r:default_hdf_service:s0 tclass=hdf_devmgr_class permissive=1 #avc: denied { add } for service=audio_manager_service pid=1956 scontext=u:r:audio_hdi_server_host:s0 tcontext=u:object_r:hdf_audio_manager_service:s0 tclass=hdf_devmgr_class permissive=1 #neverallow allow audio_hdi_server_host default_hdf_service:hdf_devmgr_class { add }; #avc: denied { ioctl } for pid=593 comm="audio_hdi_serve" path="/dev/hdf_kevent" dev="tmpfs" ino=200 ioctlcmd=0x6202 scontext=u:r:audio_hdi_server_host:s0 tcontext=u:object_r:dev_hdf_kevent:s0 tclass=chr_file permissive=1 #avc: denied { search } for pid=1938 comm="audio_hdi_serve" name="bin" dev="mmcblk0p6" ino=103 scontext=u:r:audio_hdi_server_host:s0 tcontext=u:object_r:system_bin_file:s0 tclass=dir permissive=1 #avc: denied { execute read open execute_no_trans map} for pid=1938 comm="audio_hdi_serve" name="processdump" dev="mmcblk0p6" ino=321 scontext=u:r:audio_hdi_server_host:s0 tcontext=u:object_r:system_bin_file:s0 tclass=file permissive=1 #avc: denied { search } for pid=586 comm="audio_hdi_serve" name="etc" dev="mmcblk0p7" ino=19 scontext=u:r:audio_hdi_server_host:s0 tcontext=u:object_r:vendor_etc_file:s0 tclass=dir permissive=1 #avc: denied { getattr read open} for pid=586 comm="audio_hdi_serve" path="/vendor/etc/hdfconfig/audio_adapter_config.json" dev="mmcblk0p7" ino=32 scontext=u:r:audio_hdi_server_host:s0 tcontext=u:object_r:vendor_etc_file:s0 tclass=file permissive=1 #avc: denied { search } for pid=593 comm="audio_hdi_serve" name="lib" dev="mmcblk0p7" ino=48 scontext=u:r:audio_hdi_server_host:s0 tcontext=u:object_r:vendor_lib_file:s0 tclass=dir permissive=1 #avc: denied { getattr read open} for pid=586 comm="audio_hdi_serve" path="/vendor/lib/libhdi_audio_interface_lib_capture.z.so" dev="mmcblk0p7" ino=105 scontext=u:r:audio_hdi_server_host:s0 tcontext=u:object_r:vendor_lib_file:s0 tclass=file permissive=1 #avc: denied { ioctl } for pid=573 comm="audio_hdi_serve" path="/data/2017-08-13_audio_history.log" dev="mmcblk0p11" ino=13 ioctlcmd=0x5413 scontext=u:r:audio_hdi_server_host:s0 tcontext=u:object_r:data_file:s0 tclass=file permissive=1 #avc: denied { getattr read write open ioctl } for pid=1945 comm="audio_sample_ca" path="/dev/hdf_audio_capture" dev="tmpfs" ino=197 scontext=u:r:sh:s0 tcontext=u:object_r:dev_hdf_audio_capture:s0 tclass=chr_file permissive=1 #avc: denied { getattr read write open ioctl} for pid=573 comm="audio_hdi_serve" path="/dev/hdf_audio_control" dev="tmpfs" ino=196 scontext=u:r:audio_hdi_server_host:s0 tcontext=u:object_r:dev_hdf_audio_control:s0 tclass=chr_file permissive=1 #avc: denied { ioctl } for pid=548 comm="audio_hdi_serve" path="/dev/snd/pcmC0D0p" dev="tmpfs" ino=141 ioctlcmd=0x4143 scontext=u:r:audio_hdi_server_host:s0 tcontext=u:object_r:dev_snd_file:s0 tclass=chr_file permissive=1 #avc: denied { search } for pid=548 comm="audio_hdi_serve" name="snd" dev="tmpfs" ino=90 scontext=u:r:audio_hdi_server_host:s0 tcontext=u:object_r:dev_snd_file:s0 tclass=dir permissive=1 allow audio_hdi_server_host hdf_device_manager:hdf_devmgr_class { get }; allow audio_hdi_server_host hdf_audio_hdi_service:hdf_devmgr_class { add }; allow audio_hdi_server_host dev_unix_socket:dir { search }; allow audio_hdi_server_host hdf_audio_hdi_a2dp_service:hdf_devmgr_class { add }; allow audio_hdi_server_host hdf_devmgr:binder { call transfer }; allow audio_hdi_server_host data_file:dir { search }; allow audio_hdi_server_host data_file:file { map open read append write }; allow audio_hdi_server_host dev_hdf_audio_render:chr_file { getattr ioctl open read write }; allow audio_hdi_server_host devpts:chr_file { read write }; allow audio_hdi_server_host hdcd:fd { use }; allow audio_hdi_server_host hdf_audio_hdi_usb_service:hdf_devmgr_class { add get }; allow audio_hdi_server_host hdf_audio_manager_service:hdf_devmgr_class { add }; allow audio_hdi_server_host sa_device_service_manager:samgr_class { get }; allow audio_hdi_server_host sh:fd { use }; allow audio_hdi_server_host sh:binder { transfer }; allow audio_hdi_server_host audio_hdi_server_host:netlink_kobject_uevent_socket { read }; allow audio_hdi_server_host data_init_agent:dir { search }; allow audio_hdi_server_host data_init_agent:file { open read append }; allow audio_hdi_server_host dev_hdf_kevent:chr_file { ioctl }; allow audio_hdi_server_host system_bin_file:dir { search }; allow audio_hdi_server_host system_bin_file:file { execute execute_no_trans map read open }; allow audio_hdi_server_host vendor_etc_file:dir { search }; allow audio_hdi_server_host vendor_etc_file:file { getattr open read }; allow audio_hdi_server_host vendor_lib_file:dir { search }; allow audio_hdi_server_host vendor_lib_file:file { getattr open read }; allow audio_hdi_server_host data_file:file { ioctl }; allow audio_hdi_server_host dev_hdf_audio_capture:chr_file { getattr ioctl open read write }; allow audio_hdi_server_host dev_hdf_audio_control:chr_file { getattr ioctl open read write }; allow audio_hdi_server_host dev_snd_file:chr_file { ioctl }; allow audio_hdi_server_host dev_snd_file:dir { search }; allowxperm audio_hdi_server_host dev_snd_file:chr_file ioctl { 0x4143 }; allowxperm audio_hdi_server_host dev_hdf_audio_render:chr_file ioctl { 0x6201 }; allowxperm audio_hdi_server_host dev_hdf_kevent:chr_file ioctl { 0x6201 0x6202 }; allowxperm audio_hdi_server_host data_file:file ioctl { 0x5413 }; allowxperm audio_hdi_server_host dev_hdf_audio_capture:chr_file ioctl { 0x6201 }; allowxperm audio_hdi_server_host dev_hdf_audio_control:chr_file ioctl { 0x6201 }; allow audio_hdi_server_host dev_bus:dir { search }; #avc: denied { get } for service=5100 pid=403 scontext=u:r:face_auth_host:s0 tcontext=u:object_r:default_service:s0 tclass=hdf_devmgr_class permissive=1 #avc: denied { add } for service=face_auth_interface_service pid=403 scontext=u:r:face_auth_host:s0 tcontext=u:object_r:hdf_face_auth_interface_service:s0 tclass=hdf_devmgr_class permissive=1 #avc: denied { get } for service=5100 pid=403 scontext=u:r:face_auth_host:s0 tcontext=u:object_r:sa_device_service_manager:s0 tclass=samgr_class permissive=1 allow face_auth_host hdf_device_manager:hdf_devmgr_class { get }; allow face_auth_host hdf_face_auth_interface_service:hdf_devmgr_class { add }; allow face_auth_host sa_device_service_manager:samgr_class { get }; #avc: denied { get } for service=5100 pid=402 scontext=u:r:pin_auth_host:s0 tcontext=u:object_r:default_service:s0 tclass=hdf_devmgr_class permissive=1 #avc: denied { add } for service=pin_auth_interface_service pid=402 scontext=u:r:pin_auth_host:s0 tcontext=u:object_r:hdf_pin_auth_interface_service:s0 tclass=hdf_devmgr_class permissive=1 #avc: denied { get } for service=5100 pid=402 scontext=u:r:pin_auth_host:s0 tcontext=u:object_r:sa_device_service_manager:s0 tclass=samgr_class permissive=1 allow pin_auth_host hdf_device_manager:hdf_devmgr_class { get }; allow pin_auth_host hdf_pin_auth_interface_service:hdf_devmgr_class { add }; allow pin_auth_host sa_device_service_manager:samgr_class { get }; allow pin_auth_host data_service_el1_file:file { setattr }; #avc: denied { get } for service=hdf_device_manager pid=364 scontext=u:r:user_auth_host:s0 tcontext=u:object_r:hdf_device_manager:s0 tclass=hdf_devmgr_class permissive=1 #avc: denied { add } for service=user_auth_interface_service pid=364 scontext=u:r:user_auth_host:s0 tcontext=u:object_r:hdf_user_auth_interface_service:s0 tclass=hdf_devmgr_class permissive=1 #avc: denied { get } for service=5100 pid=364 scontext=u:r:user_auth_host:s0 tcontext=u:object_r:sa_device_service_manager:s0 tclass=samgr_class permissive=1 allow user_auth_host hdf_device_manager:hdf_devmgr_class { get }; allow user_auth_host hdf_user_auth_interface_service:hdf_devmgr_class { add }; allow user_auth_host sa_device_service_manager:samgr_class { get }; allow user_auth_host data_service_el1_file:file { setattr }; allow location_host hdf_device_manager:hdf_devmgr_class { get }; allow location_host hdf_gnss_interface_service:hdf_devmgr_class { add }; allow location_host hdf_geofence_interface_service:hdf_devmgr_class { add }; allow location_host hdf_agnss_interface_service:hdf_devmgr_class { add }; #avc: denied { get } for service=5100 pid=369 scontext=u:r:fingerprint_auth_host:s0 tcontext=u:object_r:default_service:s0 tclass=hdf_devmgr_class permissive=1 #avc: denied { add } for service=fingerprint_auth_interface_service pid=369 scontext=u:r:fingerprint_auth_host:s0 tcontext=u:object_r:hdf_fingerprint_auth_interface_service:s0 tclass=hdf_devmgr_class permissive=1 #avc: denied { get } for service=5100 pid=369 scontext=u:r:fingerprint_auth_host:s0 tcontext=u:object_r:sa_device_service_manager:s0 tclass=samgr_class permissive=1 allow fingerprint_auth_host hdf_device_manager:hdf_devmgr_class { get }; allow fingerprint_auth_host hdf_fingerprint_auth_interface_service:hdf_devmgr_class { add }; allow fingerprint_auth_host sa_device_service_manager:samgr_class { get }; #avc: denied { get } for service=hdf_device_manager pid=346 scontext=u:r:motion_host:s0 tcontext=u:object_r:hdf_device_manager:s0 tclass=hdf_devmgr_class #avc: denied { add } for service=motion_interface_service pid=346 scontext=u:r:motion_host:s0 tcontext=u:object_r:hdf_motion_interface_service:s0 tclass=hdf_devmgr_class allow motion_host hdf_device_manager:hdf_devmgr_class { get }; allow motion_host hdf_motion_interface_service:hdf_devmgr_class { add }; allow sh hdf_sensor_interface_service:hdf_devmgr_class { get }; allow sh sa_device_service_manager:samgr_class { get }; allow sensor_host sa_device_service_manager:samgr_class { get }; allow sensors sa_miscdevice_service:samgr_class { add }; allow sensors sa_param_watcher:samgr_class { get }; allow light_host sa_device_service_manager:samgr_class { get }; allow vibrator_host sa_device_service_manager:samgr_class { get }; allow motion_host sa_device_service_manager:samgr_class { get }; allow sh hdf_light_interface_service:hdf_devmgr_class { get }; allow sh hdf_vibrator_interface_service:hdf_devmgr_class { get }; allow sensor_host dev_unix_socket:dir { search }; allow light_host dev_unix_socket:dir { search }; allow light_host vendor_bin_file:file { entrypoint }; dontaudit init light_host:process noatsecure; dontaudit init light_host:process rlimitinh; dontaudit init light_host:process siginh; dontaudit init light_host:process transition; allow vibrator_host dev_unix_socket:dir { search }; allow rootfs labeledfs:filesystem { associate }; allow init dev_hdf_misc_vibrator:chr_file { setattr }; allow init dev_hdf_sensor_mgr:chr_file { setattr }; allow init dev_hdfwifi:chr_file { setattr }; allow light_host dev_hdf_light:chr_file { getattr }; allow light_host dev_hdf_light:chr_file { ioctl }; allow light_host dev_hdf_light:chr_file { open }; allow light_host dev_hdf_light:chr_file { read write }; allowxperm light_host dev_hdf_light:chr_file ioctl 0x6201; allow vibrator_host dev_hdf_misc_vibrator:chr_file { getattr }; allow vibrator_host dev_hdf_misc_vibrator:chr_file { ioctl }; allow vibrator_host dev_hdf_misc_vibrator:chr_file { open }; allow vibrator_host dev_hdf_misc_vibrator:chr_file { read write }; allowxperm vibrator_host dev_hdf_misc_vibrator:chr_file ioctl 0x6201; # for testcase start #avc: denied { remove_name } for pid=2085 comm="ueventd" name="sample_service1" dev="tmpfs" ino=491 scontext=u:r:ueventd:s0 tcontext=u:object_r:dev_file:s0 tclass=dir permissive=1 #avc: denied { unlink } for pid=2085 comm="ueventd" name="sample_service1" dev="tmpfs" ino=491 scontext=u:r:ueventd:s0 tcontext=u:object_r:dev_file:s0 tclass=chr_file permissive=1 #avc: denied { setattr } for pid=2098 comm="ueventd" name="khdf_ut" dev="tmpfs" ino=212 scontext=u:r:ueventd:s0 tcontext=u:object_r:dev_hdf_test:s0 tclass=chr_file permissive=1 #avc: denied { getattr } for pid=2098 comm="ueventd" path="/dev/khdf_ut" dev="tmpfs" ino=212 scontext=u:r:ueventd:s0 tcontext=u:object_r:dev_hdf_test:s0 tclass=chr_file permissive=1 #avc: denied { unlink } for pid=2060 comm="ueventd" name="khdf_ut" dev="tmpfs" ino=212 scontext=u:r:ueventd:s0 tcontext=u:object_r:dev_hdf_test:s0 tclass=chr_file permissive=1 #avc: denied { create } for pid=227 comm="ueventd" name="=9" scontext=u:r:ueventd:s0 tcontext=u:object_r:dev_block_file:s0 tclass=dir permissive=1 allow ueventd dev_file:dir { remove_name }; allow ueventd dev_file:chr_file { unlink }; allow ueventd dev_hdf_test:chr_file { getattr setattr unlink }; allow ueventd dev_block_file:dir { create }; #avc: denied { relabelto } for pid=222 comm="ueventd" name="hdfwifi" dev="tmpfs" ino=192 scontext=u:r:ueventd:s0 tcontext=u:object_r:dev_hdfwifi:s0 tclass=chr_file permissive=0 allow ueventd dev_hdfwifi:chr_file { relabelto }; #avc: denied { transition } for pid=1970 comm="init" path="/vendor/bin/hdf_devhost" dev="mmcblk0p7" ino=14 scontext=u:r:init:s0 tcontext=u:r:sample_host:s0 tclass=process permissive=1 #avc: denied { rlimitinh } for pid=1970 comm="hdf_devhost" scontext=u:r:init:s0 tcontext=u:r:sample_host:s0 tclass=process permissive=1 #avc: denied { siginh } for pid=1970 comm="hdf_devhost" scontext=u:r:init:s0 tcontext=u:r:sample_host:s0 tclass=process permissive=1 #avc: denied { sigkill } for pid=1 comm="init" scontext=u:r:init:s0 tcontext=u:r:sample_host:s0 tclass=process permissive=1 allow init sample_host:process { rlimitinh siginh transition sigkill }; #avc: denied { call } for pid=1967 comm="HdiServiceManag" scontext=u:r:sh:s0 tcontext=u:r:hdf_devmgr:s0 tclass=binder permissive=1 #avc: denied { transfer } for pid=2007 comm="HdiServiceManag" scontext=u:r:sh:s0 tcontext=u:r:hdf_devmgr:s0 tclass=binder permissive=1 #avc: denied { open } for pid=2103 comm="sh" path="/sys/devices/virtual/hdf/khdf_ut/uevent" dev="sysfs" ino=32554 scontext=u:r:sh:s0 tcontext=u:object_r:sys_file:s0 tclass=file permissive=1 #avc: denied { write } for pid=2103 comm="sh" name="uevent" dev="sysfs" ino=32554 scontext=u:r:sh:s0 tcontext=u:object_r:sys_file:s0 tclass=file permissive=1 #avc: denied { get } for service=sample_driver_service2 pid=1998 scontext=u:r:sh:s0 tcontext=u:object_r:default_hdf_service:s0 tclass=hdf_devmgr_class permissive=1 #avc: denied { get } for service=hdf_device_manager pid=1998 scontext=u:r:sh:s0 tcontext=u:object_r:hdf_device_manager:s0 tclass=hdf_devmgr_class permissive=1 #avc: denied { get } for service=sample_driver_service pid=1998 scontext=u:r:sh:s0 tcontext=u:object_r:hdf_sample_driver_service:s0 tclass=hdf_devmgr_class permissive=1 allow sh hdf_devmgr:binder { call transfer }; allow sh sys_file:file { open write }; allow sh hdf_sample_service:hdf_devmgr_class { get }; allow sh hdf_device_manager:hdf_devmgr_class { get }; allow sh hdf_sample_driver_service:hdf_devmgr_class { get }; #avc: denied { read } for pid=1992 comm="hdf_devhost" name="u:object_r:security_param:s0" dev="tmpfs" ino=64 scontext=u:r:sample_host:s0 tcontext=u:object_r:security_param:s0 tclass=file permissive=1 #avc: denied { map } for pid=1992 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:security_param:s0" dev="tmpfs" ino=64 scontext=u:r:sample_host:s0 tcontext=u:object_r:security_param:s0 tclass=file permissive=1 #avc: denied { read } for pid=1992 comm="hdf_devhost" name="u:object_r:hilog_param:s0" dev="tmpfs" ino=65 scontext=u:r:sample_host:s0 tcontext=u:object_r:hilog_param:s0 tclass=file permissive=1 #avc: denied { open } for pid=1992 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:hilog_param:s0" dev="tmpfs" ino=65 scontext=u:r:sample_host:s0 tcontext=u:object_r:hilog_param:s0 tclass=file permissive=1 #avc: denied { map } for pid=1992 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:hilog_param:s0" dev="tmpfs" ino=65 scontext=u:r:sample_host:s0 tcontext=u:object_r:hilog_param:s0 tclass=file permissive=1 #avc: denied { read } for pid=1992 comm="hdf_devhost" name="u:object_r:persist_param:s0" dev="tmpfs" ino=66 scontext=u:r:sample_host:s0 tcontext=u:object_r:persist_param:s0 tclass=file permissive=1 #avc: denied { open } for pid=1992 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:persist_param:s0" dev="tmpfs" ino=66 scontext=u:r:sample_host:s0 tcontext=u:object_r:persist_param:s0 tclass=file permissive=1 #avc: denied { map } for pid=1992 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:persist_param:s0" dev="tmpfs" ino=66 scontext=u:r:sample_host:s0 tcontext=u:object_r:persist_param:s0 tclass=file permissive=1 #avc: denied { read } for pid=1992 comm="hdf_devhost" name="u:object_r:persist_sys_param:s0" dev="tmpfs" ino=67 scontext=u:r:sample_host:s0 tcontext=u:object_r:persist_sys_param:s0 tclass=file permissive=1 #avc: denied { use } for pid=1997 comm="HdiServiceManag" path="/dev/ashmem" dev="tmpfs" ino=185 scontext=u:r:sample_host:s0 tcontext=u:r:sh:s0 tclass=fd permissive=1 #avc: denied { read } for pid=2106 comm="hdf_devhost" name="u:object_r:ohos_param:s0" dev="tmpfs" ino=46 scontext=u:r:sample_host:s0 tcontext=u:object_r:ohos_param:s0 tclass=file permissive=1 #avc: denied { open } for pid=2106 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:ohos_param:s0" dev="tmpfs" ino=46 scontext=u:r:sample_host:s0 tcontext=u:object_r:ohos_param:s0 tclass=file permissive=1 #avc: denied { map } for pid=2106 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:ohos_param:s0" dev="tmpfs" ino=46 scontext=u:r:sample_host:s0 tcontext=u:object_r:ohos_param:s0 tclass=file permissive=1 #avc: denied { read } for pid=2106 comm="hdf_devhost" name="u:object_r:ohos_boot_param:s0" dev="tmpfs" ino=47 scontext=u:r:sample_host:s0 tcontext=u:object_r:ohos_boot_param:s0 tclass=file permissive=1 #avc: denied { open } for pid=2106 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:ohos_boot_param:s0" dev="tmpfs" ino=47 scontext=u:r:sample_host:s0 tcontext=u:object_r:ohos_boot_param:s0 tclass=file permissive=1 #avc: denied { map } for pid=2119 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:ohos_boot_param:s0" dev="tmpfs" ino=47 scontext=u:r:sample_host:s0 tcontext=u:object_r:ohos_boot_param:s0 tclass=file permissive=1 #avc: denied { read } for pid=2010 comm="hdf_devhost" name="u:object_r:net_param:s0" dev="tmpfs" ino=50 scontext=u:r:sample_host:s0 tcontext=u:object_r:net_param:s0 tclass=file permissive=1 #avc: denied { read } for pid=2010 comm="hdf_devhost" name="u:object_r:sys_param:s0" dev="tmpfs" ino=48 scontext=u:r:sample_host:s0 tcontext=u:object_r:sys_param:s0 tclass=file permissive=1 #avc: denied { open } for pid=2010 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:sys_param:s0" dev="tmpfs" ino=48 scontext=u:r:sample_host:s0 tcontext=u:object_r:sys_param:s0 tclass=file permissive=1 #avc: denied { map } for pid=2010 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:sys_param:s0" dev="tmpfs" ino=48 scontext=u:r:sample_host:s0 tcontext=u:object_r:sys_param:s0 tclass=file permissive=1 #avc: denied { read } for pid=2119 comm="hdf_devhost" name="u:object_r:sys_usb_param:s0" dev="tmpfs" ino=49 scontext=u:r:sample_host:s0 tcontext=u:object_r:sys_usb_param:s0 tclass=file permissive=1 #avc: denied { open } for pid=2119 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:sys_usb_param:s0" dev="tmpfs" ino=49 scontext=u:r:sample_host:s0 tcontext=u:object_r:sys_usb_param:s0 tclass=file permissive=1 #avc: denied { map } for pid=2119 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:sys_usb_param:s0" dev="tmpfs" ino=49 scontext=u:r:sample_host:s0 tcontext=u:object_r:sys_usb_param:s0 tclass=file permissive=1 #avc: denied { search } for pid=2038 comm="sample_host" name="etc" dev="mmcblk0p7" ino=19 scontext=u:r:sample_host:s0 tcontext=u:object_r:vendor_etc_file:s0 tclass=dir permissive=1 #avc: denied { getattr } for pid=2063 comm="sample_host" path="/vendor/etc/hdfconfig/hdf_default.hcb" dev="mmcblk0p7" ino=36 scontext=u:r:sample_host:s0 tcontext=u:object_r:vendor_etc_file:s0 tclass=file permissive=1 #avc: denied { read } for pid=2063 comm="sample_host" name="hdf_default.hcb" dev="mmcblk0p7" ino=36 scontext=u:r:sample_host:s0 tcontext=u:object_r:vendor_etc_file:s0 tclass=file permissive=1 #avc: denied { open } for pid=2063 comm="sample_host" path="/vendor/etc/hdfconfig/hdf_default.hcb" dev="mmcblk0p7" ino=36 scontext=u:r:sample_host:s0 tcontext=u:object_r:vendor_etc_file:s0 tclass=file permissive=1 #avc: denied { open } for pid=2221 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:net_param:s0" dev="tmpfs" ino=50 scontext=u:r:sample_host:s0 tcontext=u:object_r:net_param:s0 tclass=file permissive=0 #avc: denied { map } for pid=2056 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:net_param:s0" dev="tmpfs" ino=50 scontext=u:r:sample_host:s0 tcontext=u:object_r:net_param:s0 tclass=file permissive=1 #avc: denied { read } for pid=2005 comm="hdf_devhost" name="u:object_r:bootevent_samgr_param:s0" dev="tmpfs" ino=72 scontext=u:r:sample_host:s0 tcontext=u:object_r:bootevent_samgr_param:s0 tclass=file permissive=1 #avc: denied { open } for pid=2005 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:bootevent_samgr_param:s0" dev="tmpfs" ino=72 scontext=u:r:sample_host:s0 tcontext=u:object_r:bootevent_samgr_param:s0 tclass=file permissive=1 #avc: denied { map } for pid=2005 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:bootevent_samgr_param:s0" dev="tmpfs" ino=72 scontext=u:r:sample_host:s0 tcontext=u:object_r:bootevent_samgr_param:s0 tclass=file permissive=1 #avc: denied { read } for pid=2221 comm="hdf_devhost" name="u:object_r:const_param:s0" dev="tmpfs" ino=57 scontext=u:r:sample_host:s0 tcontext=u:object_r:const_param:s0 tclass=file permissive=0 #avc: denied { read } for pid=2221 comm="hdf_devhost" name="u:object_r:const_postinstall_fstab_param:s0" dev="tmpfs" ino=59 scontext=u:r:sample_host:s0 tcontext=u:object_r:const_postinstall_fstab_param:s0 tclass=file permissive=0 #avc: denied { read } for pid=2221 comm="hdf_devhost" name="u:object_r:const_postinstall_param:s0" dev="tmpfs" ino=58 scontext=u:r:sample_host:s0 tcontext=u:object_r:const_postinstall_param:s0 tclass=file permissive=0 #avc: denied { read } for pid=2005 comm="hdf_devhost" name="u:object_r:default_param:s0" dev="tmpfs" ino=75 scontext=u:r:sample_host:s0 tcontext=u:object_r:default_param:s0 tclass=file permissive=1 #avc: denied { open } for pid=2005 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:default_param:s0" dev="tmpfs" ino=75 scontext=u:r:sample_host:s0 tcontext=u:object_r:default_param:s0 tclass=file permissive=1 #avc: denied { map } for pid=2005 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:default_param:s0" dev="tmpfs" ino=75 scontext=u:r:sample_host:s0 tcontext=u:object_r:default_param:s0 tclass=file permissive=1 #avc: denied { read } for pid=2221 comm="hdf_devhost" name="u:object_r:hw_sc_build_os_param:s0" dev="tmpfs" ino=54 scontext=u:r:sample_host:s0 tcontext=u:object_r:hw_sc_build_os_param:s0 tclass=file permissive=0 #avc: denied { read } for pid=2056 comm="hdf_devhost" name="u:object_r:hw_sc_build_param:s0" dev="tmpfs" ino=53 scontext=u:r:sample_host:s0 tcontext=u:object_r:hw_sc_build_param:s0 tclass=file permissive=1 #avc: denied { read } for pid=2056 comm="hdf_devhost" name="u:object_r:hw_sc_param:s0" dev="tmpfs" ino=52 scontext=u:r:sample_host:s0 tcontext=u:object_r:hw_sc_param:s0 tclass=file permissive=1 #avc: denied { open } for pid=2056 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:hw_sc_param:s0" dev="tmpfs" ino=52 scontext=u:r:sample_host:s0 tcontext=u:object_r:hw_sc_param:s0 tclass=file permissive=1 #avc: denied { map } for pid=2056 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:hw_sc_param:s0" dev="tmpfs" ino=52 scontext=u:r:sample_host:s0 tcontext=u:object_r:hw_sc_param:s0 tclass=file permissive=1 #avc: denied { read } for pid=2221 comm="hdf_devhost" name="u:object_r:init_param:s0" dev="tmpfs" ino=55 scontext=u:r:sample_host:s0 tcontext=u:object_r:init_param:s0 tclass=file permissive=0 #avc: denied { read } for pid=2221 comm="hdf_devhost" name="u:object_r:init_svc_param:s0" dev="tmpfs" ino=56 scontext=u:r:sample_host:s0 tcontext=u:object_r:init_svc_param:s0 tclass=file permissive=0 #avc: denied { read } for pid=2005 comm="hdf_devhost" name="u:object_r:input_pointer_device_param:s0" dev="tmpfs" ino=73 scontext=u:r:sample_host:s0 tcontext=u:object_r:input_pointer_device_param:s0 tclass=file permissive=1 #avc: denied { open } for pid=2005 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:input_pointer_device_param:s0" dev="tmpfs" ino=73 scontext=u:r:sample_host:s0 tcontext=u:object_r:input_pointer_device_param:s0 tclass=file permissive=1 #avc: denied { map } for pid=2005 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:input_pointer_device_param:s0" dev="tmpfs" ino=73 scontext=u:r:sample_host:s0 tcontext=u:object_r:input_pointer_device_param:s0 tclass=file permissive=1 #avc: denied { read } for pid=2056 comm="hdf_devhost" name="u:object_r:net_tcp_param:s0" dev="tmpfs" ino=51 scontext=u:r:sample_host:s0 tcontext=u:object_r:net_tcp_param:s0 tclass=file permissive=1 #avc: denied { open } for pid=2056 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:net_tcp_param:s0" dev="tmpfs" ino=51 scontext=u:r:sample_host:s0 tcontext=u:object_r:net_tcp_param:s0 tclass=file permissive=1 #avc: denied { map } for pid=2056 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:net_tcp_param:s0" dev="tmpfs" ino=51 scontext=u:r:sample_host:s0 tcontext=u:object_r:net_tcp_param:s0 tclass=file permissive=1 #avc: denied { read } for pid=2031 comm="hdf_devhost" name="u:object_r:bootevent_param:s0" dev="tmpfs" ino=70 scontext=u:r:sample_host:s0 tcontext=u:object_r:bootevent_param:s0 tclass=file permissive=1 #avc: denied { open } for pid=2031 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:bootevent_param:s0" dev="tmpfs" ino=70 scontext=u:r:sample_host:s0 tcontext=u:object_r:bootevent_param:s0 tclass=file permissive=1 #avc: denied { map } for pid=2031 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:bootevent_param:s0" dev="tmpfs" ino=70 scontext=u:r:sample_host:s0 tcontext=u:object_r:bootevent_param:s0 tclass=file permissive=1 #avc: denied { read } for pid=2204 comm="hdf_devhost" name="u:object_r:const_allow_mock_param:s0" dev="tmpfs" ino=61 scontext=u:r:sample_host:s0 tcontext=u:object_r:const_allow_mock_param:s0 tclass=file permissive=0 #avc: denied { read } for pid=2204 comm="hdf_devhost" name="u:object_r:const_allow_param:s0" dev="tmpfs" ino=60 scontext=u:r:sample_host:s0 tcontext=u:object_r:const_allow_param:s0 tclass=file permissive=0 #avc: denied { read } for pid=2058 comm="hdf_devhost" name="u:object_r:const_display_brightness_param:s0" dev="tmpfs" ino=74 scontext=u:r:sample_host:s0 tcontext=u:object_r:const_display_brightness_param:s0 tclass=file permissive=1 #avc: denied { open } for pid=2058 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:const_display_brightness_param:s0" dev="tmpfs" ino=74 scontext=u:r:sample_host:s0 tcontext=u:object_r:const_display_brightness_param:s0 tclass=file permissive=1 #avc: denied { map } for pid=2058 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:const_display_brightness_param:s0" dev="tmpfs" ino=74 scontext=u:r:sample_host:s0 tcontext=u:object_r:const_display_brightness_param:s0 tclass=file permissive=1 #avc: denied { open } for pid=2195 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:const_param:s0" dev="tmpfs" ino=57 scontext=u:r:sample_host:s0 tcontext=u:object_r:const_param:s0 tclass=file permissive=0 #avc: denied { open } for pid=2195 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:const_postinstall_fstab_param:s0" dev="tmpfs" ino=59 scontext=u:r:sample_host:s0 tcontext=u:object_r:const_postinstall_fstab_param:s0 tclass=file permissive=0 #avc: denied { open } for pid=2195 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:const_postinstall_param:s0" dev="tmpfs" ino=58 scontext=u:r:sample_host:s0 tcontext=u:object_r:const_postinstall_param:s0 tclass=file permissive=0 #avc: denied { open } for pid=2069 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:hw_sc_build_os_param:s0" dev="tmpfs" ino=54 scontext=u:r:sample_host:s0 tcontext=u:object_r:hw_sc_build_os_param:s0 tclass=file permissive=1 #avc: denied { map } for pid=2069 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:hw_sc_build_os_param:s0" dev="tmpfs" ino=54 scontext=u:r:sample_host:s0 tcontext=u:object_r:hw_sc_build_os_param:s0 tclass=file permissive=1 #avc: denied { open } for pid=2069 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:hw_sc_build_param:s0" dev="tmpfs" ino=53 scontext=u:r:sample_host:s0 tcontext=u:object_r:hw_sc_build_param:s0 tclass=file permissive=1 #avc: denied { map } for pid=2069 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:hw_sc_build_param:s0" dev="tmpfs" ino=53 scontext=u:r:sample_host:s0 tcontext=u:object_r:hw_sc_build_param:s0 tclass=file permissive=1 #avc: denied { open } for pid=2155 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:init_param:s0" dev="tmpfs" ino=55 scontext=u:r:sample_host:s0 tcontext=u:object_r:init_param:s0 tclass=file permissive=0 #avc: denied { open } for pid=2173 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:init_svc_param:s0" dev="tmpfs" ino=56 scontext=u:r:sample_host:s0 tcontext=u:object_r:init_svc_param:s0 tclass=file permissive=0 #avc: denied { open } for pid=2031 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:persist_sys_param:s0" dev="tmpfs" ino=67 scontext=u:r:sample_host:s0 tcontext=u:object_r:persist_sys_param:s0 tclass=file permissive=1 #avc: denied { map } for pid=2031 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:persist_sys_param:s0" dev="tmpfs" ino=67 scontext=u:r:sample_host:s0 tcontext=u:object_r:persist_sys_param:s0 tclass=file permissive=1 #avc: denied { open } for pid=2043 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:const_allow_mock_param:s0" dev="tmpfs" ino=61 scontext=u:r:sample_host:s0 tcontext=u:object_r:const_allow_mock_param:s0 tclass=file permissive=1 #avc: denied { map } for pid=2043 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:const_allow_mock_param:s0" dev="tmpfs" ino=61 scontext=u:r:sample_host:s0 tcontext=u:object_r:const_allow_mock_param:s0 tclass=file permissive=1 #avc: denied { open } for pid=1972 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:const_allow_param:s0" dev="tmpfs" ino=60 scontext=u:r:sample_host:s0 tcontext=u:object_r:const_allow_param:s0 tclass=file permissive=1 #avc: denied { map } for pid=1972 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:const_allow_param:s0" dev="tmpfs" ino=60 scontext=u:r:sample_host:s0 tcontext=u:object_r:const_allow_param:s0 tclass=file permissive=1 #avc: denied { read } for pid=2043 comm="hdf_devhost" name="u:object_r:const_build_param:s0" dev="tmpfs" ino=62 scontext=u:r:sample_host:s0 tcontext=u:object_r:const_build_param:s0 tclass=file permissive=1 #avc: denied { map } for pid=1972 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:const_param:s0" dev="tmpfs" ino=57 scontext=u:r:sample_host:s0 tcontext=u:object_r:const_param:s0 tclass=file permissive=1 #avc: denied { map } for pid=1972 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:const_postinstall_fstab_param:s0" dev="tmpfs" ino=59 scontext=u:r:sample_host:s0 tcontext=u:object_r:const_postinstall_fstab_param:s0 tclass=file permissive=1 #avc: denied { map } for pid=1972 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:const_postinstall_param:s0" dev="tmpfs" ino=58 scontext=u:r:sample_host:s0 tcontext=u:object_r:const_postinstall_param:s0 tclass=file permissive=1 #avc: denied { read } for pid=2148 comm="hdf_devhost" name="u:object_r:const_product_param:s0" dev="tmpfs" ino=63 scontext=u:r:sample_host:s0 tcontext=u:object_r:const_product_param:s0 tclass=file permissive=0 #avc: denied { read } for pid=2148 comm="hdf_devhost" name="u:object_r:debug_param:s0" dev="tmpfs" ino=68 scontext=u:r:sample_host:s0 tcontext=u:object_r:debug_param:s0 tclass=file permissive=0 #avc: denied { map } for pid=2167 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:init_param:s0" dev="tmpfs" ino=55 scontext=u:r:sample_host:s0 tcontext=u:object_r:init_param:s0 tclass=file permissive=0 #avc: denied { map } for pid=2167 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:init_svc_param:s0" dev="tmpfs" ino=56 scontext=u:r:sample_host:s0 tcontext=u:object_r:init_svc_param:s0 tclass=file permissive=0 #avc: denied { read } for pid=2064 comm="hdf_devhost" name="u:object_r:build_version_param:s0" dev="tmpfs" ino=71 scontext=u:r:sample_host:s0 tcontext=u:object_r:build_version_param:s0 tclass=file permissive=0 #avc: denied { open } for pid=2064 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:const_build_param:s0" dev="tmpfs" ino=62 scontext=u:r:sample_host:s0 tcontext=u:object_r:const_build_param:s0 tclass=file permissive=0 #avc: denied { open } for pid=2064 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:const_product_param:s0" dev="tmpfs" ino=63 scontext=u:r:sample_host:s0 tcontext=u:object_r:const_product_param:s0 tclass=file permissive=0 #avc: denied { open } for pid=2064 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:debug_param:s0" dev="tmpfs" ino=68 scontext=u:r:sample_host:s0 tcontext=u:object_r:debug_param:s0 tclass=file permissive=0 #avc: denied { call } for pid=2064 comm="sample_host" scontext=u:r:sample_host:s0 tcontext=u:r:samgr:s0 tclass=binder permissive=0 #avc: denied { read } for pid=2064 comm="hdf_devhost" name="u:object_r:startup_param:s0" dev="tmpfs" ino=69 scontext=u:r:sample_host:s0 tcontext=u:object_r:startup_param:s0 tclass=file permissive=0 #avc: denied { open } for pid=2072 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:build_version_param:s0" dev="tmpfs" ino=71 scontext=u:r:sample_host:s0 tcontext=u:object_r:build_version_param:s0 tclass=file permissive=0 #avc: denied { map } for pid=2066 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:const_build_param:s0" dev="tmpfs" ino=62 scontext=u:r:sample_host:s0 tcontext=u:object_r:const_build_param:s0 tclass=file permissive=0 #avc: denied { map } for pid=2066 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:const_product_param:s0" dev="tmpfs" ino=63 scontext=u:r:sample_host:s0 tcontext=u:object_r:const_product_param:s0 tclass=file permissive=0 #avc: denied { map } for pid=2072 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:debug_param:s0" dev="tmpfs" ino=68 scontext=u:r:sample_host:s0 tcontext=u:object_r:debug_param:s0 tclass=file permissive=0 #avc: denied { call } for pid=2063 comm="sample_host" scontext=u:r:sample_host:s0 tcontext=u:r:hdf_devmgr:s0 tclass=binder permissive=0 #avc: denied { open } for pid=2072 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:startup_param:s0" dev="tmpfs" ino=69 scontext=u:r:sample_host:s0 tcontext=u:object_r:startup_param:s0 tclass=file permissive=0 #avc: denied { map } for pid=2030 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:build_version_param:s0" dev="tmpfs" ino=71 scontext=u:r:sample_host:s0 tcontext=u:object_r:build_version_param:s0 tclass=file permissive=0 #avc: denied { map } for pid=2033 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:startup_param:s0" dev="tmpfs" ino=69 scontext=u:r:sample_host:s0 tcontext=u:object_r:startup_param:s0 tclass=file permissive=0 #avc: denied { transfer } for pid=2007 comm="sample_host" scontext=u:r:sample_host:s0 tcontext=u:r:hdf_devmgr:s0 tclass=binder permissive=0 #avc: denied { call } for pid=2011 comm="sample_host" scontext=u:r:sample_host:s0 tcontext=u:r:sh:s0 tclass=binder permissive=0 #avc: denied { getattr } for pid=2029 comm="sample_host" path="/dev/hdf_kevent" dev="tmpfs" ino=204 scontext=u:r:sample_host:s0 tcontext=u:object_r:dev_hdf_kevent:s0 tclass=chr_file permissive=1 #avc: denied { read write } for pid=2029 comm="sample_host" name="hdf_kevent" dev="tmpfs" ino=204 scontext=u:r:sample_host:s0 tcontext=u:object_r:dev_hdf_kevent:s0 tclass=chr_file permissive=1 #avc: denied { open } for pid=2029 comm="sample_host" path="/dev/hdf_kevent" dev="tmpfs" ino=204 scontext=u:r:sample_host:s0 tcontext=u:object_r:dev_hdf_kevent:s0 tclass=chr_file permissive=1 #avc: denied { search } for pid=2001 comm="hdf_devhost" name="socket" dev="tmpfs" ino=40 scontext=u:r:sample_host:s0 tcontext=u:object_r:dev_unix_socket:s0 tclass=dir permissive=1 #avc: denied { add } for service=sample_driver_service2 pid=2005 scontext=u:r:sample_host:s0 tcontext=u:object_r:default_hdf_service:s0 tclass=hdf_devmgr_class permissive=1 #avc: denied { get } for service=hdf_device_manager pid=2001 scontext=u:r:sample_host:s0 tcontext=u:object_r:hdf_device_manager:s0 tclass=hdf_devmgr_class permissive=1 #avc: denied { add } for service=sample_driver_service pid=2001 scontext=u:r:sample_host:s0 tcontext=u:object_r:hdf_sample_driver_service:s0 tclass=hdf_devmgr_class permissive=1 #avc: denied { get } for service=5100 pid=2001 scontext=u:r:sample_host:s0 tcontext=u:object_r:sa_device_service_manager:s0 tclass=samgr_class permissive=1 #avc: denied { ioctl } for pid=2029 comm="sample_host" path="/dev/hdf_kevent" dev="tmpfs" ino=204 ioctlcmd=0x6203 scontext=u:r:sample_host:s0 tcontext=u:object_r:dev_hdf_kevent:s0 tclass=chr_file permissive=1 allow sample_host hilog_param:file { map open read }; allow sample_host ohos_boot_param:file { open read map }; allow sample_host ohos_param:file { map open read }; allow sample_host persist_param:file { map open read }; allow sample_host persist_sys_param:file { read map open }; allow sample_host security_param:file { map open read }; allow sample_host sh:fd { use }; allow sample_host system_bin_file:dir { search }; allow sample_host net_param:file { read map open }; allow sample_host sys_param:file { map open read }; allow sample_host sys_usb_param:file { map open read }; allow sample_host vendor_etc_file:dir { search }; allow sample_host vendor_etc_file:file { getattr open read }; allow sample_host bootevent_samgr_param:file { map open read }; allow sample_host const_param:file { read open map }; allow sample_host const_postinstall_fstab_param:file { read open map }; allow sample_host const_postinstall_param:file { read open map }; allow sample_host default_param:file { map open read }; allow sample_host hw_sc_build_os_param:file { read map open }; allow sample_host hw_sc_build_param:file { read map open }; allow sample_host hw_sc_param:file { map open read }; allow sample_host init_param:file { read open map }; allow sample_host init_svc_param:file { read open map }; allow sample_host input_pointer_device_param:file { map open read }; allow sample_host net_tcp_param:file { map open read }; allow sample_host bootevent_param:file { map open read }; allow sample_host const_allow_mock_param:file { read map open }; allow sample_host const_allow_param:file { read map open }; allow sample_host const_display_brightness_param:file { map open read }; allow sample_host const_build_param:file { read open map }; allow sample_host const_product_param:file { read open map }; allow sample_host debug_param:file { read open map }; allow sample_host build_version_param:file { read open map }; allow sample_host samgr:binder { call }; allow sample_host startup_param:file { read open map }; allow sample_host hdf_devmgr:binder { call transfer }; allow sample_host sh:binder { call }; allow sample_host dev_hdf_kevent:chr_file { getattr ioctl open read write }; allow sample_host dev_unix_socket:dir { search }; allow sample_host hdf_sample_service:hdf_devmgr_class { add }; allow sample_host hdf_device_manager:hdf_devmgr_class { get }; allow sample_host hdf_sample_driver_service:hdf_devmgr_class { add }; allow sample_host sa_device_service_manager:samgr_class { get }; allowxperm sample_host dev_hdf_kevent:chr_file ioctl { 0x6203 }; # for testcase end allow sensor_host dev_hdf_sensor_mgr:chr_file { ioctl }; allowxperm sensor_host dev_hdf_sensor_mgr:chr_file ioctl 0x6202; #avc: denied { ioctl } for pid=468 comm="sensor_host" path="/dev/hdf_sensor_manager_ap" dev="tmpfs" ino=195 ioctlcmd=0x6206 scontext=u:r:sensor_host:s0 tcontext=u:object_r:dev_hdf_sensor_mgr:s0 tclass=chr_file permissive=0 allow sensor_host dev_hdf_sensor_mgr:chr_file { ioctl }; allowxperm sensor_host dev_hdf_sensor_mgr:chr_file ioctl 0x6206; #avc: denied { call } for pid=502 comm="sensor_host" scontext=u:r:sensor_host:s0 tcontext=u:r:sh:s0 tclass=binder permissive=0 allow sensor_host sh:binder { call }; #avc: denied { get } for service=hdf_device_manager pid=379 scontext=u:r:partitionslot_host:s0 tcontext=u:object_r:hdf_device_manager:s0 tclass=hdf_devmgr_class permissive=1 #avc: denied { add } for service=partition_slot_service pid=379 scontext=u:r:partitionslot_host:s0 tcontext=u:object_r:hdf_partition_slot_service:s0 tclass=hdf_devmgr_class permissive=1 allow partitionslot_host hdf_device_manager:hdf_devmgr_class { get }; allow partitionslot_host hdf_partition_slot_service:hdf_devmgr_class { add }; allow partitionslot_host sa_device_service_manager:samgr_class { get };