• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# Copyright (c) 2022 Huawei Device Co., Ltd.
2# Licensed under the Apache License, Version 2.0 (the "License");
3# you may not use this file except in compliance with the License.
4# You may obtain a copy of the License at
5#
6#     http://www.apache.org/licenses/LICENSE-2.0
7#
8# Unless required by applicable law or agreed to in writing, software
9# distributed under the License is distributed on an "AS IS" BASIS,
10# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11# See the License for the specific language governing permissions and
12# limitations under the License.
13
14type dscreen, sadomain, domain;
15type sa_dscreen_source_service, sa_service_attr;
16type sa_dscreen_sink_service, sa_service_attr;
17
18#avc:  denied  { get } for service=3002 pid=2063 scontext=u:r:dscreen:s0 tcontext=u:object_r:sa_media_service:s0 tclass=samgr_class permissive=1
19allow dscreen sa_media_service:samgr_class { get };
20
21#avc:  denied  { get } for service=4700 pid=2063 scontext=u:r:dscreen:s0 tcontext=u:object_r:sa_softbus_service:s0 tclass=samgr_class permissive=1
22allow dscreen sa_softbus_service:samgr_class { get };
23
24#avc:  denied  { get } for service=3901 pid=2063 scontext=u:r:dscreen:s0 tcontext=u:object_r:sa_param_watcher:s0 tclass=samgr_class permissive=1
25allow dscreen sa_param_watcher:samgr_class { get };
26
27#avc:  denied  { call } for  pid=2025 comm="dscreen" scontext=u:r:dscreen:s0 tcontext=u:r:softbus_server:s0 tclass=binder permissive=1
28allow dscreen softbus_server:binder { call };
29
30#avc:  denied  { call } for  pid=686 comm="THREAD_POOL" scontext=u:r:softbus_server:s0 tcontext=u:r:dscreen:s0 tclass=binder permissive=1
31allow dscreen dscreen:binder { call };
32
33#avc:  denied  { use } for  pid=686 comm="THREAD_POOL" path="socket:[32801]" dev="sockfs" ino=32801 scontext=u:r:dscreen:s0 tcontext=u:r:softbus_server:s0 tclass=fd permissive=1
34allow dscreen softbus_server:fd { use };
35
36#avc:  denied  { read write } for  pid=686 comm="THREAD_POOL" path="socket:[32801]" dev="sockfs" ino=32801 scontext=u:r:dscreen:s0 tcontext=u:r:softbus_server:s0 tclass=tcp_socket permissive=1
37allow dscreen softbus_server:tcp_socket { read write };
38
39#avc:  denied  { setopt } for  pid=2025 comm="dscreen"  scontext=u:r:dscreen:s0 tcontext=u:r:softbus_server:s0 tclass=tcp_socket permissive=1
40allow dscreen softbus_server:tcp_socket { setopt };
41
42#avc:  denied  { search } for  pid=2117 comm="dscreen" name="socket" dev="tmpfs" ino=40 scontext=u:r:dscreen:s0 tcontext=u:object_r:dev_unix_socket:s0 tclass=dir permissive=1
43allow dscreen dev_unix_socket:dir { search };
44
45#avc:  denied  { call } for  pid=2117 comm="dscreen" scontext=u:r:dscreen:s0 tcontext=u:r:foundation:s0 tclass=binder permissive=1
46#avc:  denied  { transfer } for  pid=1925 comm="dscreen" scontext=u:r:dscreen:s0 tcontext=u:r:foundation:s0 tclass=binder permissive=1
47allow dscreen foundation:binder { call transfer };
48
49#avc:  denied  { get_remote } for service=4808 pid=2117 scontext=u:r:dscreen:s0 tcontext=u:object_r:sa_dscreen_sink_service:s0 tclass=samgr_class permissive=1
50#avc:  denied  { add } for service=4808 pid=2067 scontext=u:r:dscreen:s0 tcontext=u:object_r:sa_dscreen_sink_service:s0 tclass=samgr_class permissive=1
51allow dscreen sa_dscreen_sink_service:samgr_class { get_remote add get };
52
53#avc:  denied  { search } for  pid=1925 comm="dscreen" name="/" dev="tracefs" ino=1 scontext=u:r:dscreen:s0 tcontext=u:object_r:tracefs:s0 tclass=dir permissive=1
54allow dscreen tracefs:dir { search };
55
56#avc:  denied  { write } for  pid=1925 comm="dscreen" name="trace_marker" dev="tracefs" ino=13902 scontext=u:r:dscreen:s0 tcontext=u:object_r:tracefs_trace_marker_file:s0 tclass=file permissive=1
57#avc:  denied  { open } for  pid=1925 comm="dscreen" path="/sys/kernel/debug/tracing/trace_marker" dev="tracefs" ino=13902 scontext=u:r:dscreen:s0 tcontext=u:object_r:tracefs_trace_marker_file:s0 tclass=file permissive=1
58allow dscreen tracefs_trace_marker_file:file { write open };
59
60#avc:  denied  { search } for  pid=1925 comm="dscreen" name="socket" dev="tmpfs" ino=40 scontext=u:r:dscreen:s0 tcontext=u:object_r:dev_unix_socket:s0 tclass=dir permissive=1
61allow dscreen dev_unix_socket:dir { search };
62
63#avc:  denied  { search } for  pid=1925 comm="dscreen" name="/" dev="mmcblk0p11" ino=2 scontext=u:r:dscreen:s0 tcontext=u:object_r:data_file:s0 tclass=dir permissive=1
64allow dscreen data_file:dir { search };
65
66#avc:  denied  { call } for  pid=1925 comm="dscreen" scontext=u:r:dscreen:s0 tcontext=u:r:media_service:s0 tclass=binder permissive=1
67#avc:  denied  { transfer } for  pid=2381 comm="dscreen" scontext=u:r:dscreen:s0 tcontext=u:r:media_service:s0 tclass=binder permissive=1
68allow dscreen media_service:binder { call transfer };
69
70#avc:  denied  { use } for  pid=674 comm="media_service" path="/dev/ashmem" dev="tmpfs" ino=179 scontext=u:r:dscreen:s0 tcontext=u:r:media_service:s0 tclass=fd permissive=1
71allow dscreen media_service:fd { use };
72
73#avc:  denied  { read } for  pid=1978 comm="Fillp_core_31"  scontext=u:r:dscreen:s0 tcontext=u:r:dscreen:s0 tclass=udp_socket permissive=1
74#avc:  denied  { write } for  pid=1978 comm="Fillp_core_31" scontext=u:r:dscreen:s0 tcontext=u:r:dscreen:s0 tclass=udp_socket permissive=1
75allow dscreen dscreen:udp_socket { read write };
76
77#avc:  denied  { add } for service=4807 pid=2067 scontext=u:r:dscreen:s0 tcontext=u:object_r:sa_dscreen_source_service:s0 tclass=samgr_class permissive=1
78#avc:  denied  { get_remote } for service=4807 pid=2325 scontext=u:r:dscreen:s0 tcontext=u:object_r:sa_dscreen_source_service:s0 tclass=samgr_class permissive=1
79allow dscreen sa_dscreen_source_service:samgr_class { add get_remote get };
80
81#avc:  denied  { get } for service=4607 pid=2067 scontext=u:r:dscreen:s0 tcontext=u:object_r:sa_foundation_dms:s0 tclass=samgr_class permissive=1
82allow dscreen sa_foundation_dms:samgr_class { get };
83
84#avc:  denied  { search } for  pid=2127 comm="dscreen" name="usr" dev="mmcblk0p6" ino=2492 scontext=u:r:dscreen:s0 tcontext=u:object_r:system_usr_file:s0 tclass=dir permissive=1
85allow dscreen system_usr_file:dir { search };
86
87#avc:  denied  { getattr } for  pid=2127 comm="dscreen" path="/system/usr/ohos_locale_config/supported_regions.xml" dev="mmcblk0p6" ino=2499 scontext=u:r:dscreen:s0 tcontext=u:object_r:system_usr_file:s0 tclass=file permissive=1
88#avc:  denied  { read } for  pid=2127 comm="dscreen" name="supported_regions.xml" dev="mmcblk0p6" ino=2499 scontext=u:r:dscreen:s0 tcontext=u:object_r:system_usr_file:s0 tclass=file permissive=1
89#avc:  denied  { open } for  pid=2127 comm="dscreen" path="/system/usr/ohos_locale_config/supported_regions.xml" dev="mmcblk0p6" ino=2499 scontext=u:r:dscreen:s0 tcontext=u:object_r:system_usr_file:s0 tclass=file permissive=1
90#avc:  denied  { map } for  pid=2127 comm="dscreen" path="/system/usr/ohos_icu/icudt67l.dat" dev="mmcblk0p6" ino=2494 scontext=u:r:dscreen:s0 tcontext=u:object_r:system_usr_file:s0 tclass=file permissive=1
91allow dscreen system_usr_file:file { getattr read open map };
92
93#avc:  denied  { transfer } for  pid=2127 comm="dscreen" scontext=u:r:dscreen:s0 tcontext=u:r:softbus_server:s0 tclass=binder permissive=1
94allow dscreen softbus_server:binder { transfer };
95
96#avc:  denied  { create } for  pid=2315 comm="Fillp_core_0" scontext=u:r:dscreen:s0 tcontext=u:r:dscreen:s0 tclass=udp_socket permissive=1
97#avc:  denied  { setopt } for  pid=2315 comm="Fillp_core_0" scontext=u:r:dscreen:s0 tcontext=u:r:dscreen:s0 tclass=udp_socket permissive=1
98#avc:  denied  { bind } for  pid=2315 comm="Fillp_core_0" scontext=u:r:dscreen:s0 tcontext=u:r:dscreen:s0 tclass=udp_socket permissive=1
99#avc:  denied  { getattr } for  pid=2315 comm="dscreen" scontext=u:r:dscreen:s0 tcontext=u:r:dscreen:s0 tclass=udp_socket permissive=1
100allow dscreen  dscreen:udp_socket { create setopt bind getattr};
101
102#avc:  denied  { node_bind } for  pid=2315 comm="Fillp_core_0" scontext=u:r:dscreen:s0 tcontext=u:object_r:node:s0 tclass=udp_socket permissive=1
103allow dscreen node:udp_socket { node_bind };
104
105#avc:  denied  { create } for  pid=2315 comm="dscreen" scontext=u:r:dscreen:s0 tcontext=u:r:dscreen:s0 tclass=netlink_route_socket permissive=1
106#avc:  denied  { write } for  pid=2315 comm="dscreen" scontext=u:r:dscreen:s0 tcontext=u:r:dscreen:s0 tclass=netlink_route_socket permissive=1
107allow dscreen dscreen:netlink_route_socket { create write};
108
109#avc:  denied  { shutdown } for  pid=2315 comm="dscreen" scontext=u:r:dscreen:s0 tcontext=u:r:softbus_server:s0 tclass=tcp_socket permissive=1
110allow dscreen softbus_server:tcp_socket { shutdown };
111
112#avc:  denied  { call } for  pid=2325 comm="dscreen"     scontext=u:r:dscreen:s0 tcontext=u:r:render_service:s0 tclass=binder permissive=1
113#avc:  denied  { transfer } for  pid=2444 comm="dscreen" scontext=u:r:dscreen:s0 tcontext=u:r:render_service:s0 tclass=binder permissive=1
114allow dscreen render_service:binder { call transfer };
115
116#avc:  denied  { shutdown } for  pid=2325 comm="THREAD_POOL" scontext=u:r:dscreen:s0 tcontext=u:r:softbus_server:s0 tclass=tcp_socket permissive=1
117allow dscreen softbus_server:tcp_socket { shutdown };
118
119#avc:  denied  { get } for service=10 pid=2325 scontext=u:r:dscreen:s0 tcontext=u:object_r:sa_render_service:s0 tclass=samgr_class permissive=1
120allow dscreen sa_render_service:samgr_class { get };
121
122#avc:  denied  { get } for service=4606 pid=2325 scontext=u:r:dscreen:s0 tcontext=u:object_r:sa_foundation_wms:s0 tclass=samgr_class permissive=1
123allow dscreen sa_foundation_wms:samgr_class { get };
124
125#avc:  denied  { get } for service=3101 pid=2325 scontext=u:r:dscreen:s0 tcontext=u:object_r:sa_multimodalinput_service:s0 tclass=samgr_class permissive=1
126allow dscreen sa_multimodalinput_service:samgr_class { get };
127
128#avc:  denied  { call } for  pid=2444 comm="dscreen" scontext=u:r:dscreen:s0 tcontext=u:r:multimodalinput:s0 tclass=binder permissive=1
129allow dscreen multimodalinput:binder { call };
130
131#avc:  denied  { use } for  pid=251 comm="multimodalinput" path="socket:[32377]" dev="sockfs" ino=32377 scontext=u:r:dscreen:s0 tcontext=u:r:multimodalinput:s0 tclass=fd permissive=1
132allow dscreen multimodalinput:fd { use };
133
134#avc:  denied  { nlmsg_read } for  pid=2417 comm="dscreen" scontext=u:r:dscreen:s0 tcontext=u:r:dscreen:s0 tclass=netlink_route_socket permissive=1
135#avc:  denied  { read } for  pid=2417 comm="dscreen" scontext=u:r:dscreen:s0 tcontext=u:r:dscreen:s0 tclass=netlink_route_socket permissive=1
136allow dscreen dscreen:netlink_route_socket { nlmsg_read read };
137
138#avc:  denied  { connect } for  pid=2417 comm="Fillp_core_0" scontext=u:r:dscreen:s0 tcontext=u:r:dscreen:s0 tclass=udp_socket permissive=1
139allow dscreen dscreen:udp_socket { connect };
140
141#avc:  denied  { read write } for  pid=253 comm="multimodalinput" scontext=u:r:dscreen:s0 tcontext=u:r:multimodalinput:s0 tclass=unix_stream_socket permissive=1
142allow dscreen multimodalinput:unix_stream_socket { read write };
143
144#avc:  denied  { getopt } for  pid=2404 comm="dscreen" scontext=u:r:dscreen:s0 tcontext=u:r:dscreen:s0 tclass=unix_dgram_socket permissive=1
145#avc:  denied  { setopt } for  pid=2404 comm="dscreen" scontext=u:r:dscreen:s0 tcontext=u:r:dscreen:s0 tclass=unix_dgram_socket permissive=1
146allow dscreen dscreen:unix_dgram_socket { getopt setopt };
147
148#avc:  denied  { call } for  pid=2552 comm="dscreen" scontext=u:r:dscreen:s0 tcontext=u:r:sh:s0 tclass=binder permissive=1
149allow dscreen sh:binder { call transfer };
150allow dscreen init:binder { call transfer };
151
152#avc:  denied  { use } for   scontext=u:r:dscreen:s0 tcontext=u:r:render_service:s0 tclass=fd permissive=0
153allow dscreen render_service:fd { use };
154
155#avc:  denied  { read write } for   scontext=u:r:dscreen:s0 tcontext=u:r:render_service:s0 tclass=unix_stream_socket permissive=1
156allow dscreen render_service:unix_stream_socket { read write };
157
158#avc:  denied  { get } for service=4801 pid=2892 scontext=u:r:dscreen:s0 tcontext=u:object_r:sa_dhardware_service:s0 tclass=samgr_class permissive=0
159allow dscreen sa_dhardware_service:samgr_class { get };
160
161#avc:  denied  { read } for  pid=2824 scontext=u:r:dscreen:s0 tcontext=u:object_r:accessibility_param:s0 tclass=file permissive=0
162#avc:  denied  { open } for  pid=2839 scontext=u:r:dscreen:s0 tcontext=u:object_r:accessibility_param:s0 tclass=file permissive=1
163#avc:  denied  { map } for  pid=2839  scontext=u:r:dscreen:s0 tcontext=u:object_r:accessibility_param:s0 tclass=file permissive=1
164allow dscreen accessibility_param:file { read open map };
165
166#avc:  denied  { read } for  pid=2021  scontext=u:r:dscreen:s0 tcontext=u:object_r:ohos_dev_param:s0 tclass=file permissive=0
167allow dscreen ohos_dev_param:file { read };
168
169#avc:  denied  { read write } for  pid=2573 scontext=u:r:dscreen:s0 tcontext=u:object_r:dev_console_file:s0 tclass=chr_file permissive=0
170allow dscreen dev_console_file:file { read write };
171
172#avc:  denied  { get } for service=4807 pid=616 scontext=u:r:hidumper_service:s0 tcontext=u:object_r:sa_dscreen_source_service:s0 tclass=samgr_class permissive
173allow hidumper_service sa_dscreen_source_service:samgr_class { get };
174
175#avc:  denied  { get } for service=4808 pid=616 scontext=u:r:hidumper_service:s0 tcontext=u:object_r:sa_dscreen_sink_service:s0 tclass=samgr_class permissive=0
176allow hidumper_service sa_dscreen_sink_service:samgr_class { get };
177
178