# Copyright (c) 2022 Huawei Device Co., Ltd.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

type hdf_cellular_radio_ext, hdf_service_attr;
type hdf_ril_service, hdf_service_attr;

allow riladapter_host accessibility_param:file { map open read };
allow riladapter_host bootevent_param:file { map open read };
allow riladapter_host bootevent_samgr_param:file { map open read };
allow riladapter_host build_version_param:file { map open read };
allow riladapter_host const_allow_mock_param:file { map open read };
allow riladapter_host const_allow_param:file { map open read };
allow riladapter_host const_build_param:file { map open read };
allow riladapter_host const_display_brightness_param:file { map open read };
allow riladapter_host const_param:file { map open read };
allow riladapter_host const_postinstall_fstab_param:file { map open read };
allow riladapter_host const_postinstall_param:file { map open read };
allow riladapter_host const_product_param:file { map open read };
allow riladapter_host debug_param:file { map open read };
allow riladapter_host default_param:file { map open read };
allow riladapter_host dev_file:chr_file { open read write ioctl };
allow riladapter_host dev_hdf_kevent:chr_file { getattr ioctl open read write };
allow riladapter_host dev_unix_socket:dir search;
allow riladapter_host distributedsche_param:file { map open read };
allow riladapter_host foundation:binder { call transfer };
allow riladapter_host hilog_param:file { map open read };
allow riladapter_host hdf_device_manager:hdf_devmgr_class get;
allow riladapter_host hdf_devmgr:binder { call transfer };
allow riladapter_host hw_sc_build_os_param:file { map open read };
allow riladapter_host hw_sc_build_param:file { map open read };
allow riladapter_host hw_sc_param:file { map open read };
allow riladapter_host init_param:file { map open read };
allow riladapter_host init_svc_param:file { map open read };
allow riladapter_host input_pointer_device_param:file { map open read };
allow riladapter_host musl_param:file { map open read };
allow riladapter_host net_param:file { map open read };
allow riladapter_host net_tcp_param:file { map open read };
allow riladapter_host ohos_boot_param:file { map open read };
allow riladapter_host ohos_param:file { map open read };
allow riladapter_host persist_param:file { map open read };
allow riladapter_host persist_sys_param:file { map open read };
allow riladapter_host power_host:binder call;
allow riladapter_host samgr:binder call;
#avc:  denied  { get } for service=power_interface_service pid=439 scontext=u:r:riladapter_host:s0 tcontext=u:object_r:hdf_power_interface_service:s0 tclass=hdf_devmgr_class permissive=1
allow riladapter_host hdf_power_interface_service:hdf_devmgr_class get;
#avc:  denied  { add } for service=ril_service pid=439 scontext=u:r:riladapter_host:s0 tcontext=u:object_r:hdf_ril_service:s0 tclass=hdf_devmgr_class permissive=1
allow riladapter_host hdf_ril_service:hdf_devmgr_class add;
allow riladapter_host sa_device_service_manager:samgr_class get;
allow riladapter_host sa_foundation_powermgr_service:samgr_class get;
allow riladapter_host security_param:file { open read map };
allow riladapter_host self:capability net_admin;
allow riladapter_host self:udp_socket { create ioctl };
allow riladapter_host sh:binder call;
allow riladapter_host sh_exec:file { execute execute_no_trans map open read };
allow riladapter_host startup_param:file { map open read };
allow riladapter_host sys_file:dir { open read };
allow riladapter_host sys_file:file getattr;
allow riladapter_host sys_param:file { map open read };
allow riladapter_host sys_usb_param:file { map open read };
allow riladapter_host system_bin_file:dir search;
allow riladapter_host system_bin_file:file { execute execute_no_trans getattr map open read };
allow riladapter_host system_bin_file:lnk_file read;
allow riladapter_host telephony_sa:binder call;
allow riladapter_host tty_device:chr_file { open read write };
allow riladapter_host vendor_etc_file:dir search;
allow riladapter_host vendor_etc_file:file { getattr open read };