# Copyright (c) 2022 Huawei Device Co., Ltd.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

allow init sa_storage_manager_daemon:samgr_class { get };
allow init sa_storage_manager_service:samgr_class { get };
allow init storage_manager:binder { call };
allow init storage_daemon:binder { call };

#avc:  denied  { call } for  pid=262 comm="sdc" scontext=u:r:init:s0 tcontext=u:r:samgr:s0 tclass=binder permissive=0
allow init samgr:binder { call };

#avc:  denied  { execute } for  pid=260 comm="init" name="sdc" dev="mmcblk0p6" ino=354 scontext=u:r:init:s0 tcontext=u:object_r:sdc_exec:s0 tclass=file permissive=1
#avc:  denied  { read open } for  pid=260 comm="init" path="/system/bin/sdc" dev="mmcblk0p6" ino=354 scontext=u:r:init:s0 tcontext=u:object_r:sdc_exec:s0 tclass=file permissive=1
#avc:  denied  { execute_no_trans } for  pid=260 comm="init" path="/system/bin/sdc" dev="mmcblk0p6" ino=354 scontext=u:r:init:s0 tcontext=u:object_r:sdc_exec:s0 tclass=file permissive=1
#avc:  denied  { map } for  pid=260 comm="sdc" path="/system/bin/sdc" dev="mmcblk0p6" ino=354 scontext=u:r:init:s0 tcontext=u:object_r:sdc_exec:s0 tclass=file permissive=1
allow init system_bin_file:file { execute execute_no_trans map read open };

#avc:  denied  { execute } for  pid=250 comm="init" name="sdc" dev="mmcblk0p6" ino=354 scontext=u:r:init:s0 tcontext=u:object_r:sdc_exec:s0 tclass=file permissive=0
allow init sdc_exec:file { execute execute_no_trans map read open };

#avc:  denied  { ioctl } for  pid=1 comm="init" path="/data/app/el1/bundle/public" dev="mmcblk0p11" ino=652804 ioctlcmd=0x6613 scontext=u:r:init:s0 tcontext=u:object_r:data_app_el1_file:s0 tclass=dir permissive=0
#avc:  denied  { ioctl } for  pid=1 comm="init" path="/data/chipset/el1/public" dev="mmcblk0p11" ino=783363 ioctlcmd=0x6613 scontext=u:r:init:s0 tcontext=u:object_r:data_chipset_el1_file:s0 tclass=dir permissive=0
#avc:  denied  { ioctl } for  pid=1 comm="init" path="/data/service/el1/public" dev="mmcblk0p11" ino=522256 ioctlcmd=0x6613 scontext=u:r:init:s0 tcontext=u:object_r:data_service_el1_file:s0 tclass=dir permissive=0
allow init data_app_el1_file:dir { ioctl };
allow init data_chipset_el1_file:dir { ioctl };
allow init data_service_el1_file:dir { ioctl };

allow init proc_version_file:file { open read };

#avc:  denied  { module_request } for  pid=1 comm="init" kmod="crypto-cryptd(__cts-cbc-aes-ce)" scontext=u:r:init:s0 tcontext=u:r:kernel:s0 tclass=system permissive=0
#avc:  denied  { module_request } for  pid=1 comm="init" kmod="crypto-cryptd(__cts-cbc-aes-ce)-all" scontext=u:r:init:s0 tcontext=u:r:kernel:s0 tclass=system permissive=0
allow init kernel:system { module_request };