# Copyright (c) 2022 Huawei Device Co., Ltd.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

allow foundation accessibility:binder { call };
allow foundation accesstoken_service:binder { call };
allow foundation accountmgr:binder { call };
allow foundation appspawn_socket:sock_file { write };
allow foundation appspawn:fd { use };
allow foundation appspawn:unix_stream_socket { connectto };
allow foundation bootevent_param:file { map open read };
allow foundation bootevent_param:parameter_service { set };
allow foundation bgtaskmgr_service:binder { call transfer };
allow foundation configfs:dir { remove_name rmdir search write };
allow foundation data_app_el1_file:file { getattr read };
allow foundation data_file:dir { search };
allow foundation data_service_el1_file:dir { add_name create remove_name search write };
allow foundation data_service_el1_file:file { create ioctl unlink write open };
allow foundation data_service_file:dir { search };
allow foundation data_system_ce:dir { add_name search write };
allow foundation data_system_ce:file { create getattr ioctl lock map open read write };
allow foundation device_usage_stats_service:binder { call transfer };
allow foundation dev_mali:chr_file { ioctl };
allow foundation dev_unix_socket:dir { search };
allow foundation dev_unix_socket:sock_file { write };
allow foundation distributeddata:binder { call transfer };
allow foundation distributedfiledaemon:binder { call };
allow foundation distributedfileservice:binder { call };
allow foundation edm_sa:binder { call };
allow foundation foundation:unix_dgram_socket { getopt setopt };
allow foundation hdcd:binder { transfer };
allow foundation hdf_devmgr:binder { call transfer };
allow foundation hdf_hdi_display_gralloc_service:hdf_devmgr_class { get };
allow foundation hiview:binder { transfer };
allow foundation memmgrservice:binder { call transfer };
allow foundation multimodalinput:unix_stream_socket { read };
allow foundation normal_hap:process { sigkill signal };
allow foundation normal_hap_data_file:file { read };
allow foundation persist_param:parameter_service { set };
allow foundation power_host:binder { call };
allow foundation render_service:binder { call transfer };
allow foundation render_service:fd { use };
allow foundation resource_schedule_service:binder { call transfer };
allow foundation sa_accesstoken_manager_service:samgr_class { get };
allow foundation sa_accountmgr:samgr_class { get };
allow foundation sa_bgtaskmgr:samgr_class { get };
allow foundation sa_device_service_manager:samgr_class { get };
allow foundation sa_distributeddata_service:samgr_class { get };
allow foundation sa_distributeschedule:samgr_class { get };
allow foundation sa_foundation_abilityms:samgr_class { add };
allow foundation sa_foundation_ans:samgr_class { add };
allow foundation sa_foundation_appms:samgr_class { add get };
allow foundation sa_foundation_battery_service:samgr_class { get };
allow foundation sa_foundation_bms:samgr_class { add };
allow foundation sa_foundation_devicemanager_service:samgr_class { add get };
allow foundation sa_foundation_tel_call_manager:samgr_class { add };
allow foundation sa_foundation_wms:samgr_class { get };
allow foundation sa_msdp_devicestatus_service:samgr_class { get };
allow foundation sa_multimodalinput_service:samgr_class { get };
allow foundation sa_param_watcher:samgr_class { get };
allow foundation sa_softbus_service:samgr_class { get };
allow foundation sa_telephony_tel_cellular_call:samgr_class { get };
allow foundation screenlock_server:binder { call transfer };
allow foundation softbus_server:binder { call };
allow foundation sys_file:file { ioctl write };
allow foundation system_basic_hap:binder { call transfer };
allow foundation system_basic_hap:fd { use };
allow foundation system_basic_hap:process { sigkill signal };
allow foundation system_basic_hap_data_file:file { read };
allow foundation system_core_hap:binder { call transfer };
allow foundation system_core_hap:dir { search };
allow foundation system_core_hap:file { getattr read };
allow foundation system_core_hap:process { sigkill signal };
allow foundation system_core_hap_data_file:file { read };
allow foundation system_lib_file:dir { getattr };
allow foundation vendor_etc_file:dir { search };
allow foundation work_scheduler_service:binder { call };
allow foundation quick_fix:binder { call transfer };
allowxperm foundation data_service_el1_file:file ioctl {  0x5413  };
allowxperm foundation data_system_ce:file ioctl {  0xf50c  };
allowxperm foundation dev_mali:chr_file ioctl {  0x8002  };
allowxperm foundation sys_file:file ioctl {  0x5413  };
allow foundation foundation:capability { sys_ptrace };
allow foundation storage_manager:file { open read write getattr };
allow foundation sa_storage_manager_service:samgr_class { get };
neverallow foundation *:process ptrace;