• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# Copyright (c) 2022 Huawei Device Co., Ltd.
2# Licensed under the Apache License, Version 2.0 (the "License");
3# you may not use this file except in compliance with the License.
4# You may obtain a copy of the License at
5#
6#     http://www.apache.org/licenses/LICENSE-2.0
7#
8# Unless required by applicable law or agreed to in writing, software
9# distributed under the License is distributed on an "AS IS" BASIS,
10# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11# See the License for the specific language governing permissions and
12# limitations under the License.
13
14type device_manager, sadomain, domain;
15
16allow device_manager sa_foundation_devicemanager_service:samgr_class { add get };
17
18#avc:  denied  { search } for  pid=594 comm="sa_main" name="bin" dev="mmcblk0p6" ino=107 scontext=u:r:device_manager:s0 tcontext=u:object_r:system_bin_file:s0 tclass=dir permissive=0
19allow device_manager system_bin_file:dir { search };
20
21#avc:  denied  { read } for  pid=594 comm="sa_main" name="u:object_r:ohos_param:s0" dev="tmpfs" ino=27 scontext=u:r:device_manager:s0 tcontext=u:object_r:ohos_param:s0 tclass=file permissive=0
22#avc:  denied  { open } for  pid=525 comm="sa_main" path="/dev/__parameters__/u:object_r:ohos_param:s0" dev="tmpfs" ino=27 scontext=u:r:device_manager:s0 tcontext=u:object_r:ohos_param:s0 tclass=file permissive=0
23#avc:  denied  { map } for  pid=469 comm="sa_main" path="/dev/__parameters__/u:object_r:ohos_param:s0" dev="tmpfs" ino=27 scontext=u:r:device_manager:s0 tcontext=u:object_r:ohos_param:s0 tclass=file permissive=0
24allow device_manager ohos_param:file { read open map };
25
26#avc:  denied  { search } for  pid=594 comm="sa_main" name="socket" dev="tmpfs" ino=21 scontext=u:r:device_manager:s0 tcontext=u:object_r:dev_unix_socket:s0 tclass=dir permissive=0
27#avc:  denied  { search } for  pid=594 comm="device_manager" name="socket" dev="tmpfs" ino=21 scontext=u:r:device_manager:s0 tcontext=u:object_r:dev_unix_socket:s0 tclass=dir permissive=0
28allow device_manager dev_unix_socket:dir { search };
29
30#avc:  denied  { read } for  pid=479 comm="device_manager" name="u:object_r:hilog_param:s0" dev="tmpfs" ino=46 scontext=u:r:device_manager:s0 tcontext=u:object_r:hilog_param:s0 tclass=file permissive=0
31#avc:  denied  { open } for  pid=496 comm="device_manager" path="/dev/__parameters__/u:object_r:hilog_param:s0" dev="tmpfs" ino=46 scontext=u:r:device_manager:s0 tcontext=u:object_r:hilog_param:s0 tclass=file permissive=0
32#avc:  denied  { map } for  pid=525 comm="device_manager" path="/dev/__parameters__/u:object_r:hilog_param:s0" dev="tmpfs" ino=46 scontext=u:r:device_manager:s0 tcontext=u:object_r:hilog_param:s0 tclass=file permissive=0
33allow device_manager hilog_param:file { read open map };
34
35#avc:  denied  { set } for parameter=persist.distributed_hardware.device_manager.discover_status pid=506 uid=3062 gid=1000 scontext=u:r:device_manager:s0 tcontext=u:object_r:persist_param:s0 tclass=parameter_service permissive=1
36allow device_manager persist_param:parameter_service { set };
37
38#avc:  denied  { read } for  pid=675 comm="sa_main" name="u:object_r:persist_param:s0" dev="tmpfs" ino=47 scontext=u:r:device_manager:s0 tcontext=u:object_r:persist_param:s0 tclass=file permissive=0
39#avc:  denied  { open } for  pid=496 comm="sa_main" path="/dev/__parameters__/u:object_r:persist_param:s0" dev="tmpfs" ino=47 scontext=u:r:device_manager:s0 tcontext=u:object_r:persist_param:s0 tclass=file permissive=0
40#avc:  denied  { map } for  pid=647 comm="sa_main" path="/dev/__parameters__/u:object_r:persist_param:s0" dev="tmpfs" ino=47 scontext=u:r:device_manager:s0 tcontext=u:object_r:persist_param:s0 tclass=file permissive=0
41allow device_manager persist_param:file { read open map };
42
43#avc:  denied  { call } for  pid=506 comm="device_manager" scontext=u:r:device_manager:s0 tcontext=u:r:system_basic_hap:s0 tclass=binder permissive=1
44allow device_manager system_basic_hap:binder { call };
45
46#avc:  denied  { get } for service=3510 pid=559 scontext=u:r:device_manager:s0 tcontext=u:object_r:sa_huks_service:s0 tclass=samgr_class permissive=1
47allow device_manager sa_huks_service:samgr_class { get };
48
49#avc:  denied  { get } for service=200 pid=559 scontext=u:r:device_manager:s0 tcontext=u:object_r:sa_accountmgr:s0 tclass=samgr_class permissive=1
50allow device_manager sa_accountmgr:samgr_class { get };
51
52#avc:  denied  { get } for service=3299 pid=559 scontext=u:r:device_manager:s0 tcontext=u:object_r:sa_foundation_cesfwk_service:s0 tclass=samgr_class permissive=1
53allow device_manager sa_foundation_cesfwk_service:samgr_class { get };
54
55#avc:  denied  { get } for service=7001 pid=559 scontext=u:r:device_manager:s0 tcontext=u:object_r:sa_subsys_ace_service:s0 tclass=samgr_class permissive=1
56allow device_manager sa_subsys_ace_service:samgr_class { get };
57
58#avc:  denied  { get } for service=4701 pid=530 scontext=u:r:device_manager:s0 tcontext=u:object_r:sa_device_auth_service:s0 tclass=samgr_class permissive=1
59allow device_manager sa_device_auth_service:samgr_class { get };
60
61#avc:  denied  { get } for service=401 pid=518 scontext=u:r:device_manager:s0 tcontext=u:object_r:sa_foundation_bms:s0 tclass=samgr_class permissive=1
62allow device_manager sa_foundation_bms:samgr_class { get };
63
64#avc:  denied  { get } for service=4801 pid=518 scontext=u:r:device_manager:s0 tcontext=u:object_r:sa_dhardware_service:s0 tclass=samgr_class permissive=1
65allow device_manager sa_dhardware_service:samgr_class { get };
66
67#avc:  denied  { call } for  pid=724 comm="device_manager" scontext=u:r:device_manager:s0 tcontext=u:r:dhardware:s0 tclass=binder permissive=0
68allow device_manager dhardware:binder { call };
69
70#avc:  denied  { get } for service=6001 pid=518 scontext=u:r:device_manager:s0 tcontext=u:object_r:sa_device_profile_service:s0 tclass=samgr_class permissive=1
71allow device_manager sa_device_profile_service:samgr_class { get };
72
73#avc:  denied  { read } for  pid=525 comm="sa_main" name="u:object_r:ohos_boot_param:s0" dev="tmpfs" ino=28 scontext=u:r:device_manager:s0 tcontext=u:object_r:ohos_boot_param:s0 tclass=file permissive=0
74#avc:  denied  { open } for  pid=469 comm="sa_main" path="/dev/__parameters__/u:object_r:ohos_boot_param:s0" dev="tmpfs" ino=28 scontext=u:r:device_manager:s0 tcontext=u:object_r:ohos_boot_param:s0 tclass=file permissive=0
75#avc:  denied  { map } for  pid=489 comm="sa_main" path="/dev/__parameters__/u:object_r:ohos_boot_param:s0" dev="tmpfs" ino=28 scontext=u:r:device_manager:s0 tcontext=u:object_r:ohos_boot_param:s0 tclass=file permissive=0
76allow device_manager ohos_boot_param:file { read open map };
77
78#denied  { read } for  pid=525 comm="sa_main" name="u:object_r:sys_param:s0" dev="tmpfs" ino=29 scontext=u:r:device_manager:s0 tcontext=u:object_r:sys_param:s0 tclass=file permissive=0
79#avc:  denied  { open } for  pid=469 comm="sa_main" path="/dev/__parameters__/u:object_r:sys_param:s0" dev="tmpfs" ino=29 scontext=u:r:device_manager:s0 tcontext=u:object_r:sys_param:s0 tclass=file permissive=0
80#avc:  denied  { map } for  pid=489 comm="sa_main" path="/dev/__parameters__/u:object_r:sys_param:s0" dev="tmpfs" ino=29 scontext=u:r:device_manager:s0 tcontext=u:object_r:sys_param:s0 tclass=file permissive=0
81allow device_manager sys_param:file { read open map };
82
83#avc:  denied  { read } for  pid=525 comm="sa_main" name="u:object_r:sys_usb_param:s0" dev="tmpfs" ino=30 scontext=u:r:device_manager:s0 tcontext=u:object_r:sys_usb_param:s0 tclass=file permissive=0
84#avc:  denied  { open } for  pid=469 comm="sa_main" path="/dev/__parameters__/u:object_r:sys_usb_param:s0" dev="tmpfs" ino=30 scontext=u:r:device_manager:s0 tcontext=u:object_r:sys_usb_param:s0 tclass=file permissive=0
85#avc:  denied  { map } for  pid=489 comm="sa_main" path="/dev/__parameters__/u:object_r:sys_usb_param:s0" dev="tmpfs" ino=30 scontext=u:r:device_manager:s0 tcontext=u:object_r:sys_usb_param:s0 tclass=file permissive=0
86allow device_manager sys_usb_param:file { read open map };
87
88#avc:  denied  { read } for  pid=525 comm="sa_main" name="u:object_r:net_param:s0" dev="tmpfs" ino=31 scontext=u:r:device_manager:s0 tcontext=u:object_r:net_param:s0 tclass=file permissive=0
89#avc:  denied  { open } for  pid=469 comm="sa_main" path="/dev/__parameters__/u:object_r:net_param:s0" dev="tmpfs" ino=31 scontext=u:r:device_manager:s0 tcontext=u:object_r:net_param:s0 tclass=file permissive=0
90#avc:  denied  { map } for  pid=570 comm="sa_main" path="/dev/__parameters__/u:object_r:net_param:s0" dev="tmpfs" ino=31 scontext=u:r:device_manager:s0 tcontext=u:object_r:net_param:s0 tclass=file permissive=0
91allow device_manager net_param:file { read open map };
92
93#avc:  denied  { read } for  pid=525 comm="sa_main" name="u:object_r:net_tcp_param:s0" dev="tmpfs" ino=32 scontext=u:r:device_manager:s0 tcontext=u:object_r:net_tcp_param:s0 tclass=file permissive=0
94#avc:  denied  { open } for  pid=469 comm="sa_main" path="/dev/__parameters__/u:object_r:net_tcp_param:s0" dev="tmpfs" ino=32 scontext=u:r:device_manager:s0 tcontext=u:object_r:net_tcp_param:s0 tclass=file permissive=0
95#avc:  denied  { map } for  pid=570 comm="sa_main" path="/dev/__parameters__/u:object_r:net_tcp_param:s0" dev="tmpfs" ino=32 scontext=u:r:device_manager:s0 tcontext=u:object_r:net_tcp_param:s0 tclass=file permissive=0
96allow device_manager net_tcp_param:file { read open map };
97
98#avc:  denied  { read } for  pid=525 comm="sa_main" name="u:object_r:hw_sc_param:s0" dev="tmpfs" ino=33 scontext=u:r:device_manager:s0 tcontext=u:object_r:hw_sc_param:s0 tclass=file permissive=0
99#avc:  denied  { open } for  pid=469 comm="sa_main" path="/dev/__parameters__/u:object_r:hw_sc_param:s0" dev="tmpfs" ino=33 scontext=u:r:device_manager:s0 tcontext=u:object_r:hw_sc_param:s0 tclass=file permissive=0
100#avc:  denied  { map } for  pid=570 comm="sa_main" path="/dev/__parameters__/u:object_r:hw_sc_param:s0" dev="tmpfs" ino=33 scontext=u:r:device_manager:s0 tcontext=u:object_r:hw_sc_param:s0 tclass=file permissive=0
101allow device_manager hw_sc_param:file { read open map };
102
103#avc:  denied  { read } for  pid=525 comm="sa_main" name="u:object_r:hw_sc_build_param:s0" dev="tmpfs" ino=34 scontext=u:r:device_manager:s0 tcontext=u:object_r:hw_sc_build_param:s0 tclass=file permissive=0
104#avc:  denied  { open } for  pid=469 comm="sa_main" path="/dev/__parameters__/u:object_r:hw_sc_build_param:s0" dev="tmpfs" ino=34 scontext=u:r:device_manager:s0 tcontext=u:object_r:hw_sc_build_param:s0 tclass=file permissive=0
105#avc:  denied  { map } for  pid=570 comm="sa_main" path="/dev/__parameters__/u:object_r:hw_sc_build_param:s0" dev="tmpfs" ino=34 scontext=u:r:device_manager:s0 tcontext=u:object_r:hw_sc_build_param:s0 tclass=file permissive=0
106allow device_manager hw_sc_build_param:file { read open map };
107
108#avc:  denied  { read } for  pid=525 comm="sa_main" name="u:object_r:hw_sc_build_os_param:s0" dev="tmpfs" ino=35 scontext=u:r:device_manager:s0 tcontext=u:object_r:hw_sc_build_os_param:s0 tclass=file permissive=0
109#avc:  denied  { open } for  pid=469 comm="sa_main" path="/dev/__parameters__/u:object_r:hw_sc_build_os_param:s0" dev="tmpfs" ino=35 scontext=u:r:device_manager:s0 tcontext=u:object_r:hw_sc_build_os_param:s0 tclass=file permissive=0
110#avc:  denied  { map } for  pid=570 comm="sa_main" path="/dev/__parameters__/u:object_r:hw_sc_build_os_param:s0" dev="tmpfs" ino=35 scontext=u:r:device_manager:s0 tcontext=u:object_r:hw_sc_build_os_param:s0 tclass=file permissive=0
111allow device_manager hw_sc_build_os_param:file { read open map };
112
113#avc:  denied  { read } for  pid=525 comm="sa_main" name="u:object_r:init_param:s0" dev="tmpfs" ino=36 scontext=u:r:device_manager:s0 tcontext=u:object_r:init_param:s0 tclass=file permissive=0
114#avc:  denied  { open } for  pid=469 comm="sa_main" path="/dev/__parameters__/u:object_r:init_param:s0" dev="tmpfs" ino=36 scontext=u:r:device_manager:s0 tcontext=u:object_r:init_param:s0 tclass=file permissive=0
115#avc:  denied  { map } for  pid=570 comm="sa_main" path="/dev/__parameters__/u:object_r:init_param:s0" dev="tmpfs" ino=36 scontext=u:r:device_manager:s0 tcontext=u:object_r:init_param:s0 tclass=file permissive=0
116allow device_manager init_param:file { read open map };
117
118#avc:  denied  { read } for  pid=525 comm="sa_main" name="u:object_r:init_svc_param:s0" dev="tmpfs" ino=37 scontext=u:r:device_manager:s0 tcontext=u:object_r:init_svc_param:s0 tclass=file permissive=0
119#avc:  denied  { open } for  pid=570 comm="sa_main" path="/dev/__parameters__/u:object_r:init_svc_param:s0" dev="tmpfs" ino=37 scontext=u:r:device_manager:s0 tcontext=u:object_r:init_svc_param:s0 tclass=file permissive=0
120#avc:  denied  { map } for  pid=675 comm="sa_main" path="/dev/__parameters__/u:object_r:init_svc_param:s0" dev="tmpfs" ino=37 scontext=u:r:device_manager:s0 tcontext=u:object_r:init_svc_param:s0 tclass=file permissive=0
121allow device_manager init_svc_param:file { read open map };
122
123#avc:  denied  { read } for  pid=525 comm="sa_main" name="u:object_r:const_param:s0" dev="tmpfs" ino=38 scontext=u:r:device_manager:s0 tcontext=u:object_r:const_param:s0 tclass=file permissive=0
124#avc:  denied  { open } for  pid=570 comm="sa_main" path="/dev/__parameters__/u:object_r:const_param:s0" dev="tmpfs" ino=38 scontext=u:r:device_manager:s0 tcontext=u:object_r:const_param:s0 tclass=file permissive=0
125#avc:  denied  { map } for  pid=675 comm="sa_main" path="/dev/__parameters__/u:object_r:const_param:s0" dev="tmpfs" ino=38 scontext=u:r:device_manager:s0 tcontext=u:object_r:const_param:s0 tclass=file permissive=0
126allow device_manager const_param:file { read open map };
127
128#avc:  denied  { read } for  pid=525 comm="sa_main" name="u:object_r:const_postinstall_param:s0" dev="tmpfs" ino=39 scontext=u:r:device_manager:s0 tcontext=u:object_r:const_postinstall_param:s0 tclass=file permissive=0
129#avc:  denied  { open } for  pid=570 comm="sa_main" path="/dev/__parameters__/u:object_r:const_postinstall_param:s0" dev="tmpfs" ino=39 scontext=u:r:device_manager:s0 tcontext=u:object_r:const_postinstall_param:s0 tclass=file permissive=0
130#avc:  denied  { map } for  pid=675 comm="sa_main" path="/dev/__parameters__/u:object_r:const_postinstall_param:s0" dev="tmpfs" ino=39 scontext=u:r:device_manager:s0 tcontext=u:object_r:const_postinstall_param:s0 tclass=file permissive=0
131allow device_manager const_postinstall_param:file { read open map };
132
133#avc:  denied  { read } for  pid=570 comm="sa_main" name="u:object_r:const_postinstall_fstab_param:s0" dev="tmpfs" ino=40 scontext=u:r:device_manager:s0 tcontext=u:object_r:const_postinstall_fstab_param:s0 tclass=file permissive=0
134#avc:  denied  { open } for  pid=675 comm="sa_main" path="/dev/__parameters__/u:object_r:const_postinstall_fstab_param:s0" dev="tmpfs" ino=40 scontext=u:r:device_manager:s0 tcontext=u:object_r:const_postinstall_fstab_param:s0 tclass=file permissive=0
135#avc:  denied  { map } for  pid=647 comm="sa_main" path="/dev/__parameters__/u:object_r:const_postinstall_fstab_param:s0" dev="tmpfs" ino=40 scontext=u:r:device_manager:s0 tcontext=u:object_r:const_postinstall_fstab_param:s0 tclass=file permissive=0
136allow device_manager const_postinstall_fstab_param:file { read open map };
137
138#avc:  denied  { get } for service=4700 pid=609 scontext=u:r:device_manager:s0 tcontext=u:object_r:sa_softbus_service:s0 tclass=samgr_class permissive=1
139allow device_manager sa_softbus_service:samgr_class { get };
140
141#avc:  denied  { call } for  pid=599 comm="device_manager" scontext=u:r:device_manager:s0 tcontext=u:r:huks_service:s0 tclass=binder permissive=1
142allow device_manager huks_service:binder { call };
143
144#avc:  denied  { call } for  pid=599 comm="device_manager" scontext=u:r:device_manager:s0 tcontext=u:r:deviceauth_service:s0 tclass=binder permissive=1
145#avc:  denied  { transfer } for  pid=599 comm="device_manager" scontext=u:r:device_manager:s0 tcontext=u:r:deviceauth_service:s0 tclass=binder permissive=1
146allow device_manager deviceauth_service:binder { call transfer };
147
148#avc:  denied  { call } for  pid=599 comm="device_manager" scontext=u:r:device_manager:s0 tcontext=u:r:accountmgr:s0 tclass=binder permissive=1
149allow device_manager accountmgr:binder { call };
150
151#avc:  denied  { call } for  pid=599 comm="device_manager" scontext=u:r:device_manager:s0 tcontext=u:r:foundation:s0 tclass=binder permissive=1
152#avc:  denied  { transfer } for  pid=724 comm="device_manager" scontext=u:r:device_manager:s0 tcontext=u:r:foundation:s0 tclass=binder permissive=0
153allow device_manager foundation:binder { call transfer };
154
155#avc:  denied  { call } for  pid=599 comm="device_manager" scontext=u:r:device_manager:s0 tcontext=u:r:ui_service:s0 tclass=binder permissive=1
156#avc:  denied  { transfer } for  pid=599 comm="device_manager" scontext=u:r:device_manager:s0 tcontext=u:r:ui_service:s0 tclass=binder permissive=1
157allow device_manager ui_service:binder { call transfer };
158
159#avc:  denied  { getopt } for  pid=599 comm="device_manager" scontext=u:r:device_manager:s0 tcontext=u:r:device_manager:s0 tclass=unix_dgram_socket permissive=1
160#avc:  denied  { setopt } for  pid=599 comm="device_manager" scontext=u:r:device_manager:s0 tcontext=u:r:device_manager:s0 tclass=unix_dgram_socket permissive=1
161allow device_manager device_manager:unix_dgram_socket { getopt setopt };
162
163#avc:  denied  { call } for  pid=599 comm="device_manager" scontext=u:r:device_manager:s0 tcontext=u:r:softbus_server:s0 tclass=binder permissive=1
164#avc:  denied  { transfer } for  pid=675 comm="device_manager" scontext=u:r:device_manager:s0 tcontext=u:r:softbus_server:s0 tclass=binder permissive=0
165allow device_manager softbus_server:binder { call transfer };
166
167#avc:  denied  { call } for  pid=599 comm="device_manager" scontext=u:r:device_manager:s0 tcontext=u:r:normal_hap:s0 tclass=binder permissive=1
168allow device_manager normal_hap:binder { call };
169
170#avc:  denied  { read } for  pid=675 comm="sa_main" name="u:object_r:const_allow_param:s0" dev="tmpfs" ino=41 scontext=u:r:device_manager:s0 tcontext=u:object_r:const_allow_param:s0 tclass=file permissive=0
171#avc:  denied  { open } for  pid=647 comm="sa_main" path="/dev/__parameters__/u:object_r:const_allow_param:s0" dev="tmpfs" ino=41 scontext=u:r:device_manager:s0 tcontext=u:object_r:const_allow_param:s0 tclass=file permissive=0
172#avc:  denied  { map } for  pid=462 comm="sa_main" path="/dev/__parameters__/u:object_r:const_allow_param:s0" dev="tmpfs" ino=41 scontext=u:r:device_manager:s0 tcontext=u:object_r:const_allow_param:s0 tclass=file permissive=0
173allow device_manager const_allow_param:file { read open map };
174
175#avc:  denied  { read } for  pid=675 comm="sa_main" name="u:object_r:const_allow_mock_param:s0" dev="tmpfs" ino=42 scontext=u:r:device_manager:s0 tcontext=u:object_r:const_allow_mock_param:s0 tclass=file permissive=0
176#avc:  denied  { open } for  pid=647 comm="sa_main" path="/dev/__parameters__/u:object_r:const_allow_mock_param:s0" dev="tmpfs" ino=42 scontext=u:r:device_manager:s0 tcontext=u:object_r:const_allow_mock_param:s0 tclass=file permissive=0
177#avc:  denied  { map } for  pid=462 comm="sa_main" path="/dev/__parameters__/u:object_r:const_allow_mock_param:s0" dev="tmpfs" ino=42 scontext=u:r:device_manager:s0 tcontext=u:object_r:const_allow_mock_param:s0 tclass=file permissive=0
178allow device_manager const_allow_mock_param:file { read open map };
179
180#avc:  denied  { read } for  pid=675 comm="sa_main" name="u:object_r:const_build_param:s0" dev="tmpfs" ino=43 scontext=u:r:device_manager:s0 tcontext=u:object_r:const_build_param:s0 tclass=file permissive=0
181#avc:  denied  { open } for  pid=496 comm="sa_main" path="/dev/__parameters__/u:object_r:const_build_param:s0" dev="tmpfs" ino=43 scontext=u:r:device_manager:s0 tcontext=u:object_r:const_build_param:s0 tclass=file permissive=0
182#avc:  denied  { map } for  pid=647 comm="sa_main" path="/dev/__parameters__/u:object_r:const_build_param:s0" dev="tmpfs" ino=43 scontext=u:r:device_manager:s0 tcontext=u:object_r:const_build_param:s0 tclass=file permissive=0
183allow device_manager const_build_param:file { read open map };
184
185#avc:  denied  { read } for  pid=675 comm="sa_main" name="u:object_r:const_product_param:s0" dev="tmpfs" ino=44 scontext=u:r:device_manager:s0 tcontext=u:object_r:const_product_param:s0 tclass=file permissive=0
186#avc:  denied  { open } for  pid=496 comm="sa_main" path="/dev/__parameters__/u:object_r:const_product_param:s0" dev="tmpfs" ino=44 scontext=u:r:device_manager:s0 tcontext=u:object_r:const_product_param:s0 tclass=file permissive=0
187#avc:  denied  { map } for  pid=647 comm="sa_main" path="/dev/__parameters__/u:object_r:const_product_param:s0" dev="tmpfs" ino=44 scontext=u:r:device_manager:s0 tcontext=u:object_r:const_product_param:s0 tclass=file permissive=0
188allow device_manager const_product_param:file { read open map };
189
190#avc:  denied  { read } for  pid=675 comm="sa_main" name="u:object_r:security_param:s0" dev="tmpfs" ino=45 scontext=u:r:device_manager:s0 tcontext=u:object_r:security_param:s0 tclass=file permissive=0
191#avc:  denied  { open } for  pid=496 comm="sa_main" path="/dev/__parameters__/u:object_r:security_param:s0" dev="tmpfs" ino=45 scontext=u:r:device_manager:s0 tcontext=u:object_r:security_param:s0 tclass=file permissive=0
192#avc:  denied  { map } for  pid=647 comm="sa_main" path="/dev/__parameters__/u:object_r:security_param:s0" dev="tmpfs" ino=45 scontext=u:r:device_manager:s0 tcontext=u:object_r:security_param:s0 tclass=file permissive=0
193allow device_manager security_param:file { read open map };
194
195#avc:  denied  { read } for  pid=496 comm="sa_main" name="u:object_r:persist_sys_param:s0" dev="tmpfs" ino=48 scontext=u:r:device_manager:s0 tcontext=u:object_r:persist_sys_param:s0 tclass=file permissive=0
196#avc:  denied  { open } for  pid=647 comm="sa_main" path="/dev/__parameters__/u:object_r:persist_sys_param:s0" dev="tmpfs" ino=48 scontext=u:r:device_manager:s0 tcontext=u:object_r:persist_sys_param:s0 tclass=file permissive=0
197#avc:  denied  { map } for  pid=462 comm="sa_main" path="/dev/__parameters__/u:object_r:persist_sys_param:s0" dev="tmpfs" ino=48 scontext=u:r:device_manager:s0 tcontext=u:object_r:persist_sys_param:s0 tclass=file permissive=0
198allow device_manager persist_sys_param:file { read open map };
199
200#avc:  denied  { read } for  pid=496 comm="sa_main" name="u:object_r:debug_param:s0" dev="tmpfs" ino=49 scontext=u:r:device_manager:s0 tcontext=u:object_r:debug_param:s0 tclass=file permissive=0
201#avc:  denied  { open } for  pid=647 comm="sa_main" path="/dev/__parameters__/u:object_r:debug_param:s0" dev="tmpfs" ino=49 scontext=u:r:device_manager:s0 tcontext=u:object_r:debug_param:s0 tclass=file permissive=0
202#avc:  denied  { map } for  pid=462 comm="sa_main" path="/dev/__parameters__/u:object_r:debug_param:s0" dev="tmpfs" ino=49 scontext=u:r:device_manager:s0 tcontext=u:object_r:debug_param:s0 tclass=file permissive=0
203allow device_manager debug_param:file { read open map };
204
205#avc:  denied  { read } for  pid=496 comm="sa_main" name="u:object_r:startup_param:s0" dev="tmpfs" ino=50 scontext=u:r:device_manager:s0 tcontext=u:object_r:startup_param:s0 tclass=file permissive=0
206#avc:  denied  { open } for  pid=647 comm="sa_main" path="/dev/__parameters__/u:object_r:startup_param:s0" dev="tmpfs" ino=50 scontext=u:r:device_manager:s0 tcontext=u:object_r:startup_param:s0 tclass=file permissive=0
207#avc:  denied  { map } for  pid=462 comm="sa_main" path="/dev/__parameters__/u:object_r:startup_param:s0" dev="tmpfs" ino=50 scontext=u:r:device_manager:s0 tcontext=u:object_r:startup_param:s0 tclass=file permissive=0
208allow device_manager startup_param:file { read open map };
209
210#avc:  denied  { read } for  pid=496 comm="sa_main" name="u:object_r:bootevent_param:s0" dev="tmpfs" ino=51 scontext=u:r:device_manager:s0 tcontext=u:object_r:bootevent_param:s0 tclass=file permissive=0
211#avc:  denied  { open } for  pid=462 comm="sa_main" path="/dev/__parameters__/u:object_r:bootevent_param:s0" dev="tmpfs" ino=51 scontext=u:r:device_manager:s0 tcontext=u:object_r:bootevent_param:s0 tclass=file permissive=0
212#avc:  denied  { map } for  pid=554 comm="sa_main" path="/dev/__parameters__/u:object_r:bootevent_param:s0" dev="tmpfs" ino=51 scontext=u:r:device_manager:s0 tcontext=u:object_r:bootevent_param:s0 tclass=file permissive=0
213allow device_manager bootevent_param:file { read open map };
214
215#avc:  denied  { read } for  pid=496 comm="sa_main" name="u:object_r:build_version_param:s0" dev="tmpfs" ino=53 scontext=u:r:device_manager:s0 tcontext=u:object_r:build_version_param:s0 tclass=file permissive=0
216#avc:  denied  { open } for  pid=462 comm="sa_main" path="/dev/__parameters__/u:object_r:build_version_param:s0" dev="tmpfs" ino=53 scontext=u:r:device_manager:s0 tcontext=u:object_r:build_version_param:s0 tclass=file permissive=0
217allow device_manager build_version_param:file { read open };
218#avc:  denied  { map } for  pid=554 comm="sa_main" path="/dev/__parameters__/u:object_r:build_version_param:s0" dev="tmpfs" ino=53 scontext=u:r:device_manager:s0 tcontext=u:object_r:build_version_param:s0 tclass=file permissive=0
219allow device_manager build_version_param:file { map };
220
221#avc:  denied  { read } for  pid=496 comm="sa_main" name="u:object_r:bootevent_samgr_param:s0" dev="tmpfs" ino=54 scontext=u:r:device_manager:s0 tcontext=u:object_r:bootevent_samgr_param:s0 tclass=file permissive=0
222#avc:  denied  { open } for  pid=462 comm="sa_main" path="/dev/__parameters__/u:object_r:bootevent_samgr_param:s0" dev="tmpfs" ino=54 scontext=u:r:device_manager:s0 tcontext=u:object_r:bootevent_samgr_param:s0 tclass=file permissive=0
223#avc:  denied  { map } for  pid=554 comm="sa_main" path="/dev/__parameters__/u:object_r:bootevent_samgr_param:s0" dev="tmpfs" ino=54 scontext=u:r:device_manager:s0 tcontext=u:object_r:bootevent_samgr_param:s0 tclass=file permissive=0
224allow device_manager bootevent_samgr_param:file { read open map };
225
226#avc:  denied  { call } for  pid=525 comm="device_manager" scontext=u:r:device_manager:s0 tcontext=u:r:accesstoken_service:s0 tclass=binder permissive=0
227allow device_manager accesstoken_service:binder { call };
228
229#avc:  denied  { call } for  pid=525 comm="device_manager" scontext=u:r:device_manager:s0 tcontext=u:r:distributedfiledaemon:s0 tclass=binder permissive=0
230allow device_manager distributedfiledaemon:binder { call };
231
232#avc:  denied  { read } for  pid=462 comm="sa_main" name="u:object_r:distributedsche_param:s0" dev="tmpfs" ino=55 scontext=u:r:device_manager:s0 tcontext=u:object_r:distributedsche_param:s0 tclass=file permissive=0
233#avc:  denied  { open } for  pid=554 comm="sa_main" path="/dev/__parameters__/u:object_r:distributedsche_param:s0" dev="tmpfs" ino=55 scontext=u:r:device_manager:s0 tcontext=u:object_r:distributedsche_param:s0 tclass=file permissive=0
234#avc:  denied  { map } for  pid=557 comm="sa_main" path="/dev/__parameters__/u:object_r:distributedsche_param:s0" dev="tmpfs" ino=55 scontext=u:r:device_manager:s0 tcontext=u:object_r:distributedsche_param:s0 tclass=file permissive=0
235allow device_manager distributedsche_param:file { read open map };
236
237#avc:  denied  { call } for  pid=724 comm="device_manager" scontext=u:r:device_manager:s0 tcontext=u:r:distributedsche:s0 tclass=binder permissive=0
238#avc:  denied  { transfer } for  pid=657 comm="device_manager" scontext=u:r:device_manager:s0 tcontext=u:r:distributedsche:s0 tclass=binder permissive=1
239allow device_manager distributedsche:binder { call transfer };
240
241#avc:  denied  { read } for  pid=462 comm="sa_main" name="u:object_r:input_pointer_device_param:s0" dev="tmpfs" ino=56 scontext=u:r:device_manager:s0 tcontext=u:object_r:input_pointer_device_param:s0 tclass=file permissive=0
242#avc:  denied  { open } for  pid=554 comm="sa_main" path="/dev/__parameters__/u:object_r:input_pointer_device_param:s0" dev="tmpfs" ino=56 scontext=u:r:device_manager:s0 tcontext=u:object_r:input_pointer_device_param:s0 tclass=file permissive=0
243allow device_manager input_pointer_device_param:file { read open };
244#avc:  denied  { map } for  pid=557 comm="sa_main" path="/dev/__parameters__/u:object_r:input_pointer_device_param:s0" dev="tmpfs" ino=56 scontext=u:r:device_manager:s0 tcontext=u:object_r:input_pointer_device_param:s0 tclass=file permissive=0
245allow device_manager input_pointer_device_param:file { read open map };
246
247#avc:  denied  { write } for  pid=427 comm="device_manager" name="paramservice" dev="tmpfs" ino=26 scontext=u:r:device_manager:s0 tcontext=u:object_r:paramservice_socket:s0 tclass=sock_file permissive=0
248allow device_manager paramservice_socket:sock_file { write };
249
250#avc:  denied  { read } for  pid=554 comm="sa_main" name="u:object_r:const_display_brightness_param:s0" dev="tmpfs" ino=57 scontext=u:r:device_manager:s0 tcontext=u:object_r:const_display_brightness_param:s0 tclass=file permissive=0
251#avc:  denied  { open } for  pid=557 comm="sa_main" path="/dev/__parameters__/u:object_r:const_display_brightness_param:s0" dev="tmpfs" ino=57 scontext=u:r:device_manager:s0 tcontext=u:object_r:const_display_brightness_param:s0 tclass=file permissive=0
252#avc:  denied  { map } for  pid=536 comm="sa_main" path="/dev/__parameters__/u:object_r:const_display_brightness_param:s0" dev="tmpfs" ino=57 scontext=u:r:device_manager:s0 tcontext=u:object_r:const_display_brightness_param:s0 tclass=file permissive=0
253allow device_manager const_display_brightness_param:file { read open map };
254
255#avc:  denied  { read } for  pid=554 comm="sa_main" name="u:object_r:default_param:s0" dev="tmpfs" ino=58 scontext=u:r:device_manager:s0 tcontext=u:object_r:default_param:s0 tclass=file permissive=0
256#avc:  denied  { open } for  pid=557 comm="sa_main" path="/dev/__parameters__/u:object_r:default_param:s0" dev="tmpfs" ino=58 scontext=u:r:device_manager:s0 tcontext=u:object_r:default_param:s0 tclass=file permissive=0
257#avc:  denied  { map } for  pid=536 comm="sa_main" path="/dev/__parameters__/u:object_r:default_param:s0" dev="tmpfs" ino=58 scontext=u:r:device_manager:s0 tcontext=u:object_r:default_param:s0 tclass=file permissive=0
258allow device_manager default_param:file { read open map };
259
260#avc:  denied  { search } for  pid=554 comm="device_manager" name="/" dev="tracefs" ino=1 scontext=u:r:device_manager:s0 tcontext=u:object_r:tracefs:s0 tclass=dir permissive=0
261allow device_manager tracefs:dir { search };
262
263#avc:  denied  { connectto } for  pid=554 comm="device_manager" path="/dev/unix/socket/paramservice" scontext=u:r:device_manager:s0 tcontext=u:r:kernel:s0 tclass=unix_stream_socket permissive=0
264allow device_manager kernel:unix_stream_socket { connectto };
265
266#avc:  denied  { get } for service=3901 pid=647 scontext=u:r:device_manager:s0 tcontext=u:object_r:sa_param_watcher:s0 tclass=samgr_class permissive=0
267allow device_manager sa_param_watcher:samgr_class { get };
268
269#avc:  denied  { call } for  pid=557 comm="device_manager" scontext=u:r:device_manager:s0 tcontext=u:r:param_watcher:s0 tclass=binder permissive=0
270#avc:  denied  { transfer } for  pid=536 comm="device_manager" scontext=u:r:device_manager:s0 tcontext=u:r:param_watcher:s0 tclass=binder permissive=0
271allow device_manager param_watcher:binder { call transfer };
272
273#avc:  denied  { write } for  pid=557 comm="device_manager" name="trace_marker" dev="tracefs" ino=14932 scontext=u:r:device_manager:s0 tcontext=u:object_r:tracefs_trace_marker_file:s0 tclass=file permissive=0
274#avc:  denied  { open } for  pid=536 comm="device_manager" path="/sys/kernel/debug/tracing/trace_marker" dev="tracefs" ino=15109 scontext=u:r:device_manager:s0 tcontext=u:object_r:tracefs_trace_marker_file:s0 tclass=file permissive=0
275allow device_manager tracefs_trace_marker_file:file { write open };
276
277#avc:  denied  { call } for  pid=657 comm="device_manager" scontext=u:r:device_manager:s0 tcontext=u:r:token_sync_service:s0 tclass=binder permissive=1
278allow device_manager token_sync_service:binder { call };
279
280#avc:  denied  { call } for  pid=686 comm="device_manager" scontext=u:r:device_manager:s0 tcontext=u:r:sh:s0 tclass=binder permissive=0
281allow device_manager sh:binder { call };
282
283#avc:  denied  { get } for service=3503 pid=615 scontext=u:r:device_manager:s0 tcontext=u:object_r:sa_accesstoken_manager_service:s0 tclass=samgr_class permissive=0
284allow device_manager sa_accesstoken_manager_service:samgr_class { get };
285
286#avc: denied  { get } for service=180 pid=246 scontext=u:r:device_manager:s0 tcontext=u:object_r:sa_foundation_abilityms:s0 tclass=samgr_class permissive=0
287allow device_manager sa_foundation_abilityms:samgr_class { get };
288
289allow device_manager system_core_hap:binder { call transfer };
290allow device_manager pasteboard_service:binder { call transfer };
291allow device_manager distributeddata:binder { call };
292
293allow device_manager devinfo_private_param:file { map open read};
294
295allow device_manager dhardware_dm_param:parameter_service { set };
296allow { domain -limit_domain } dhardware_dm_param:file { map open read };
297