# Copyright (c) 2021-2022 Huawei Device Co., Ltd.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

type init, nativedomain, domain;
type init_exec, exec_attr, file_attr, system_file_attr;
allow init console:process { rlimitinh siginh transition getattr };
allow init data_startup:dir { create getattr open read relabelfrom relabelto remove_name search setattr write add_name };
allow init data_startup:file { create ioctl open read append relabelto rename unlink write open };
allow init proc_stat_file:file { setattr read open };
allow init proc_diskstats_file:file { read open };
allow init kernel:file { read open };
allow init kernel:dir { search };
allow bootevent_wms_param tmpfs:filesystem associate;
allow init bootevent_wms_param:file { map open read relabelto relabelfrom};
allow dhardware_dm_param tmpfs:filesystem associate;
allow init dhardware_dm_param:file { map open read relabelto relabelfrom };
allow persist_audio_param tmpfs:filesystem associate;
allow init persist_audio_param:file { map open read relabelto relabelfrom };
allow arkcompiler_param tmpfs:filesystem associate;
allow init arkcompiler_param:file { map open read relabelto relabelfrom };
allow init arkcompiler_param:parameter_service { set };
allow init inputmethod_param:file { map open read relabelto relabelfrom };
allow init inputmethod_param:parameter_service { set };
allow pasteboard_param tmpfs:filesystem associate;
allow init pasteboard_param:file { map open read relabelto relabelfrom };
allow time_param tmpfs:filesystem associate;
allow init time_param:file { map open read relabelto relabelfrom };
allow accesstoken_perm_param tmpfs:filesystem associate;
allow init accesstoken_perm_param:file { map open read relabelto relabelfrom };

allow xts_devattest_authresult_param tmpfs:filesystem associate;
allow init xts_devattest_authresult_param:file { map open read relabelto relabelfrom };
allow init xts_devattest_authresult_param:parameter_service { set };
allow init hiviewdfx_profiler_param:file { map open read relabelto relabelfrom };

#for bootchart to read
allow init { domain }:file { open read };
allow init { domain }:dir { search };