• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# Copyright (c) 2022 Huawei Device Co., Ltd.
2# Licensed under the Apache License, Version 2.0 (the "License");
3# you may not use this file except in compliance with the License.
4# You may obtain a copy of the License at
5#
6#     http://www.apache.org/licenses/LICENSE-2.0
7#
8# Unless required by applicable law or agreed to in writing, software
9# distributed under the License is distributed on an "AS IS" BASIS,
10# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11# See the License for the specific language governing permissions and
12# limitations under the License.
13
14init_daemon_domain(charger);
15
16#avc:  denied  { search } for  pid=268 comm="charger" name="socket" dev="tmpfs" ino=21 scontext=u:r:charger:s0 tcontext=u:object_r:dev_unix_socket:s0 tclass=dir permissive=0
17allow charger dev_unix_socket:dir { search };
18
19#avc:  denied  { search } for  pid=238 comm="charger" name="processdump" dev="mmcblk0p6" ino=321 scontext=u:r:charger:s0 tcontext=u:object_r:system_bin_file:s0 tclass=dir permissive=1
20allow charger system_bin_file:dir { search };
21
22#avc:  denied  { entrypoint } for  pid=258 comm="charger" name="bin" dev="mmcblk0p6" ino=321 scontext=u:r:charger:s0 tcontext=u:object_r:system_bin_file:s0 tclass=file permissive=1
23#avc:  denied  { read execute } for  pid=239 comm="charger" name="bin" dev="mmcblk0p6" ino=321 scontext=u:r:charger:s0 tcontext=u:object_r:system_bin_file:s0 tclass=file permissive=1
24#avc:  denied  { map } for  pid=233 comm="charger" name="bin" dev="mmcblk0p6" ino=321 scontext=u:r:charger:s0 tcontext=u:object_r:system_bin_file:s0 tclass=file permissive=1
25allow charger system_bin_file:file { entrypoint map read execute };
26
27#avc:  denied  { entrypoint } for  pid=235 comm="init" path="/vendor/bin/charger" dev="mmcblk0p6" ino=14 scontext=u:r:charger:s0 tcontext=u:charger_exec:s0 tclass=file permissive=1
28allow charger charger_exec:file { entrypoint };
29
30#avc:  denied  { read map } for process="unknown process" parameter=startup.device.ctl pid=268 uid=6667 gid=6667 scontext=u:r:charger:s0 tcontext=u:object_r:startup_param:s0 tclass=file permissive=0
31allow charger startup_param:file { open read map };
32
33#avc:  denied  { read } for  pid=307 comm="charger" name="u:object_r:ohos_param:s0" dev="tmpfs" ino=30 scontext=u:r:charger:s0 tcontext=u:object_r:ohos_param:s0 tclass=file permissive=0
34#avc:  denied  { open } for  pid=300 comm="charger" name="u:object_r:ohos_param:s0" dev="tmpfs" ino=30 scontext=u:r:charger:s0 tcontext=u:object_r:ohos_param:s0 tclass=file permissive=0
35#avc:  denied  { map } for  pid=312 comm="charger" name="u:object_r:ohos_param:s0" dev="tmpfs" ino=30 scontext=u:r:charger:s0 tcontext=u:object_r:ohos_param:s0 tclass=file permissive=k
36allow charger ohos_param:file { read open map };
37
38#avc:  denied  { read } for  pid=219 comm="charger" name="u:object_r:ohos_boot_param:s0" dev="tmpfs" ino=28 scontext=u:r:charger:s0 tcontext=u:object_r:ohos_boot_param:s0 tclass=file permissive=0
39#avc:  denied  { open } for  pid=223 comm="charger" name="u:object_r:ohos_boot_param:s0" dev="tmpfs" ino=28 scontext=u:r:charger:s0 tcontext=u:object_r:ohos_boot_param:s0 tclass=file permissive=0
40#avc:  denied  { map } for  pid=225 comm="charger" name="u:object_r:ohos_boot_param:s0" dev="tmpfs" ino=28 scontext=u:r:charger:s0 tcontext=u:object_r:ohos_boot_param:s0 tclass=file permissive=0
41allow charger ohos_boot_param:file { read open map };
42
43#avc: denied { read } for pid=296 comm="charger" path="/dev/parameters/u:object_r:sys_param:s0" dev="tmpfs" ino=48 scontext=u:r:charger:s0 tcontext=u:object_r:sys_param:s0 tclass=file permissive=1
44#avc: denied { open map } for pid=296 comm="charger" path="/dev/parameters/u:object_r:sys_param:s0" dev="tmpfs" ino=48 scontext=u:r:charger:s0 tcontext=u:object_r:sys_param:s0 tclass=file permissive=1
45allow charger sys_param:file { read open map };
46
47#avc:  denied  { read } for  pid=281 comm="charger" name="u:object_r:net_param:s0" dev="tmpfs" ino=50 scontext=u:r:charger:s0 tcontext=u:object_r:net_param:s0 tclass=file permissive=0
48#avc:  denied  { open } for  pid=222 comm="charger" path="/dev/__parameters__/u:object_r:net_param:s0" dev="tmpfs" ino=50 scontext=u:r:charger:s0 tcontext=u:object_r:net_param:s0 tclass=file permissive=1
49#avc:  denied  { map } for  pid=235 comm="charger" path="/dev/__parameters__/u:object_r:net_param:s0" dev="tmpfs" ino=50 scontext=u:r:charger:s0 tcontext=u:object_r:net_param:s0 tclass=file permissive=1
50allow charger net_param:file { read open map };
51
52#avc:  denied  { read } for  pid=256 comm="charger" name="u:object_r:net_tcp_param:s0" dev="tmpfs" ino=51 scontext=u:r:charger:s0 tcontext=u:object_r:net_tcp_param:s0 tclass=file permissive=1
53#avc:  denied  { open } for  pid=265 comm="charger" path="/dev/__parameters__/u:object_r:net_tcp_param:s0" dev="tmpfs" ino=51 scontext=u:r:charger:s0 tcontext=u:object_r:net_tcp_param:s0 tclass=file permissive=0
54#avc:  denied  { map } for  pid=269 comm="charger" path="/dev/__parameters__/u:object_r:net_tcp_param:s0" dev="tmpfs" ino=51 scontext=u:r:charger:s0 tcontext=u:object_r:net_tcp_param:s0 tclass=file permissive=1
55allow charger net_tcp_param:file { read open map };
56
57#avc:  denied  { search } for  pid=271 comm="charger" name="/" dev="mmcblk0p11" ino=3 scontext=u:r:charger:s0 tcontext=u:object_r:data_file:s0 tclass=dir permissive=0
58allow charger data_file:dir { search };
59
60#avc:  denied  { write } for  pid=291 comm="charger" name="paramservice" dev="tmpfs" ino=27 scontext=u:r:charger:s0 tcontext=u:object_r:paramservice_socket:s0 tclass=sock_file permissive=0
61allow charger paramservice_socket:sock_file { write };
62
63#avc:  denied  { read } for  pid=204 comm="charger" name="u:object_r:const_allow_param:s0" dev="tmpfs" ino=60 scontext=u:r:charger:s0 tcontext=u:object_r:const_allow_param:s0 tclass=file permissive=0
64#avc:  denied  { open } for  pid=197 comm="charger" path="/dev/__parameters__/u:object_r:const_allow_param:s0" dev="tmpfs" ino=60 scontext=u:r:charger:s0 tcontext=u:object_r:const_allow_param:s0 tclass=file permissive=1
65#avc:  denied  { map } for  pid=172 comm="charger" path="/dev/__parameters__/u:object_r:const_allow_param:s0" dev="tmpfs" ino=60 scontext=u:r:charger:s0 tcontext=u:object_r:const_allow_param:s0 tclass=file permissive=1
66allow charger const_allow_param:file { open read map };
67
68#avc:  denied  { read } for  pid=220 comm="charger" name="u:object_r:const_allow_mock_param:s0" dev="tmpfs" ino=61 scontext=u:r:charger:s0 tcontext=u:object_r:const_allow_mock_param:s0 tclass=file permissive=0
69#avc:  denied  { open } for  pid=234 comm="charger" path="/dev/__parameters__/u:object_r:const_allow_mock_param:s0" dev="tmpfs" ino=61 scontext=u:r:charger:s0 tcontext=u:object_r:const_allow_mock_param:s0 tclass=file permissive=1
70#avc:  denied  { map } for  pid=214 comm="charger" path="/dev/__parameters__/u:object_r:const_allow_mock_param:s0" dev="tmpfs" ino=61 scontext=u:r:charger:s0 tcontext=u:object_r:const_allow_mock_param:s0 tclass=file permissive=1
71allow charger const_allow_mock_param:file { open read map };
72
73#avc:  denied  { connectto } for  pid=262 comm="charger" path="/dev/unix/socket/paramservice" scontext=u:r:charger:s0 tcontext=u:r:kernel:s0 tclass=unix_stream_socket permissive=0
74allow charger kernel:unix_stream_socket { connectto };
75
76#avc:  denied  { read } for  pid=192 comm="charger" name="u:object_r:security_param:s0" dev="tmpfs" ino=64 scontext=u:r:charger:s0 tcontext=u:object_r:security_param:s0 tclass=file permissive=1
77#avc:  denied  { map } for  pid=211 comm="charger" path="/dev/__parameters__/u:object_r:security_param:s0" dev="tmpfs" ino=64 scontext=u:r:charger:s0 tcontext=u:object_r:security_param:s0 tclass=file permissive=1
78allow charger security_param:file { open read map };
79
80#avc:  denied  { open } for  pid=212 comm="charger" path="/dev/__parameters__/u:object_r:hilog_param:s0" dev="tmpfs" ino=65 scontext=u:r:charger:s0 tcontext=u:object_r:hilog_param:s0 tclass=file permissive=1
81#avc:  denied  { map } for  pid=209 comm="charger" path="/dev/__parameters__/u:object_r:hilog_param:s0" dev="tmpfs" ino=65 scontext=u:r:charger:s0 tcontext=u:object_r:hilog_param:s0 tclass=file permissive=1
82allow charger hilog_param:file { open read map };
83
84#avc:  denied  { read } for  pid=205 comm="charger" name="u:object_r:input_pointer_device_param:s0" dev="tmpfs" ino=73 scontext=u:r:charger:s0 tcontext=u:object_r:input_pointer_device_param:s0 tclass=file permissive=1
85#avc:  denied  { open } for  pid=209 comm="charger" path="/dev/__parameters__/u:object_r:input_pointer_device_param:s0" dev="tmpfs" ino=73 scontext=u:r:charger:s0 tcontext=u:object_r:input_pointer_device_param:s0 tclass=file permissive=1
86#avc:  denied  { map } for  pid=200 comm="charger" path="/dev/__parameters__/u:object_r:input_pointer_device_param:s0" dev="tmpfs" ino=73 scontext=u:r:charger:s0 tcontext=u:object_r:input_pointer_device_param:s0 tclass=file permissive=1
87allow charger input_pointer_device_param:file { open read map };
88
89#avc:  denied  { read } for  pid=258 comm="charger" name="u:object_r:const_display_brightness_param:s0" dev="tmpfs" ino=74 scontext=u:r:charger:s0 tcontext=u:object_r:const_display_brightness_param:s0 tclass=file permissive=1
90#avc:  denied  { open } for  pid=244 comm="charger" path="/dev/__parameters__/u:object_r:const_display_brightness_param:s0" dev="tmpfs" ino=74 scontext=u:r:charger:s0 tcontext=u:object_r:const_display_brightness_param:s0 tclass=file permissive=1
91#avc:  denied  { map } for  pid=248 comm="charger" path="/dev/__parameters__/u:object_r:const_display_brightness_param:s0" dev="tmpfs" ino=74 scontext=u:r:charger:s0 tcontext=u:object_r:const_display_brightness_param:s0 tclass=file permissive=1
92allow charger const_display_brightness_param:file { open read map };
93
94#avc:  denied  { read } for  pid=250 comm="hdf_devhost" name="u:object_r:default_param:s0" dev="tmpfs" ino=75 scontext=u:r:charger:s0 tcontext=u:object_r:default_param:s0 tclass=file permissive=1
95#avc:  denied  { open } for  pid=245 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:default_param:s0" dev="tmpfs" ino=75 scontext=u:r:charger:s0 tcontext=u:object_r:default_param:s0 tclass=file permissive=1
96#avc:  denied  { map } for  pid=215 comm="hdf_devhost" path="/dev/__parameters__/u:object_r:default_param:s0" dev="tmpfs" ino=75 scontext=u:r:charger:s0 tcontext=u:object_r:default_param:s0 tclass=file permissive=1
97allow charger default_param:file { open read map };
98
99#avc:  denied  { getattr } for  pid=262 comm="charger" path="/dev/dev_mgr" dev="tmpfs" ino=188 scontext=u:r:charger:s0 tcontext=u:object_r:dev_mgr_file:s0 tclass=chr_file permissive=0
100allow charger dev_mgr_file:chr_file { getattr };
101
102#avc:  denied  { search } for  pid=275 comm="charger" name="service" dev="mmcblk0p11" ino=7 scontext=u:r:charger:s0 tcontext=u:object_r:data_service_file:s0 tclass=dir permissive=0
103allow charger data_service_file:dir { search };
104
105#avc:  denied  { search } for  pid=267 comm="charger" name="el0" dev="mmcblk0p11" ino=8 scontext=u:r:charger:s0 tcontext=u:object_r:data_service_el0_file:s0 tclass=dir permissive=0
106#avc:  denied  { add_name } for  pid=242 comm="charger" name="el0" dev="mmcblk0p11" ino=8 scontext=u:r:charger:s0 tcontext=u:object_r:data_service_el0_file:s0 tclass=dir permissive=0
107#avc:  denied  { read } for  pid=253 comm="charger" name="el0" dev="mmcblk0p11" ino=8 scontext=u:r:charger:s0 tcontext=u:object_r:data_service_el0_file:s0 tclass=dir permissive=0
108#avc:  denied  { write } for  pid=253 comm="charger" name="el0" dev="mmcblk0p11" ino=8 scontext=u:r:charger:s0 tcontext=u:object_r:data_service_el0_file:s0 tclass=dir permissive=0
109allow charger data_service_el0_file:dir { search open read write add_name };
110
111#avc:  denied  { read } for  pid=268 comm="charger" name="capacity" dev="mmcblk0p11" ino=240 scontext=u:r:charger:s0 tcontext=u:object_r:data_service_el0_file:s0 tclass=file permissive=0
112#avc:  denied  { write } for  pid=296 comm="charger" name="capacity" dev="mmcblk0p11" ino=242 scontext=u:r:charger:s0 tcontext=u:object_r:data_service_el0_file:s0 tclass=file permissive=0
113#avc:  denied  { ioctl } for  pid=202 comm="charger" dev="mmcblk0p11" ino=204 ioctlcmd=0x6203 scontext=u:r:charger:s0 tcontext=u:object_r:data_service_el0_file:s0 tclass=file permissive=1
114#avc:  denied  { create } for  pid=202 comm="charger" dev="mmcblk0p11" ino=204 ioctlcmd=0x6203 scontext=u:r:charger:s0 tcontext=u:object_r:data_service_el0_file:s0 tclass=file permissive=1
115allow charger data_service_el0_file:file { open read write create ioctl };
116
117#avc:  denied  { read } for  pid=306 comm="charger" name="leds" scontext=u:r:charger:s0 tcontext=u:object_r:sysfs_leds:s0 tclass=dir permissive=0
118allow charger sysfs_leds:dir { open read };
119
120#avc:  denied  { call } for  pid=275 comm="charger" scontext=u:r:charger:s0 tcontext=u:r:hdf_devmgr:s0 tclass=binder permissive=1
121allow charger hdf_devmgr:binder { call };
122
123#avc:  denied  { call } for  pid=327 comm="charger" scontext=u:r:charger:s0 tcontext=u:r:light_host:s0 tclass=binder permissive=1
124allow charger light_host:binder { call };
125
126#avc:  denied  { search } for  pid=271 comm="charger" name="dri" dev="tmpfs" ino=81 scontext=u:r:charger:s0 tcontext=u:object_r:dev_dri_file:s0 tclass=dir permissive=0
127allow charger dev_dri_file:dir { search };
128
129#avc:  denied  { open } for  pid=235 comm="charger" name="card0" dev="tmpfs" ino=83 scontext=u:r:charger:s0 tcontext=u:object_r:dev_dri_file:s0 tclass=chr_file permissive=0
130#avc:  denied  { read write } for  pid=275 comm="charger" name="card0" dev="tmpfs" ino=83 scontext=u:r:charger:s0 tcontext=u:object_r:dev_dri_file:s0 tclass=chr_file permissive=0
131#avc:  denied  { map } for  pid=239 comm="charger" name="card0" dev="tmpfs" ino=83 scontext=u:r:charger:s0 tcontext=u:object_r:dev_dri_file:s0 tclass=chr_file permissive=0
132#avc:  denied  { ioctl } for  pid=267 comm="charger" name="card0" dev="tmpfs" ino=83 scontext=u:r:charger:s0 tcontext=u:object_r:dev_dri_file:s0 tclass=chr_file permissive=0
133allow charger dev_dri_file:chr_file { open ioctl read write map };
134
135#avc:  denied  { getattr } for  pid=262 comm="charger" path="/dev/hdf_input_event1" dev="tmpfs" ino=198 scontext=u:r:charger:s0 tcontext=u:object_r:dev_hdf_input:s0 tclass=chr_file permissive=0
136#avc:  denied  { ioctl } for  pid=253 comm="charger" path="/dev/hdf_input_event1" dev="tmpfs" ino=198 scontext=u:r:charger:s0 tcontext=u:object_r:dev_hdf_input:s0 tclass=chr_file permissive=0
137#avc:  denied  { write} for  pid=260 comm="charger" path="/dev/hdf_input_event1" dev="tmpfs" ino=198 scontext=u:r:charger:s0 tcontext=u:object_r:dev_hdf_input:s0 tclass=chr_file permissive=0
138#avc:  denied  { map } for  pid=257 comm="charger" path="/dev/hdf_input_event1" dev="tmpfs" ino=198 scontext=u:r:charger:s0 tcontext=u:object_r:dev_hdf_input:s0 tclass=chr_file permissive=0
139#avc:  denied  { read } for  pid=257 comm="charger" path="/dev/hdf_input_event1" dev="tmpfs" ino=198 scontext=u:r:charger:s0 tcontext=u:object_r:dev_hdf_input:s0 tclass=chr_file permissive=0
140allow charger dev_hdf_input:chr_file { getattr open read write ioctl map };
141
142#avc:  denied  { read } for  pid=271 comm="charger" scontext=u:r:charger:s0 tcontext=u:r:charger:s0 tclass=netlink_kobject_uevent_socket permissive=1
143#avc:  denied  { create } for  pid=271 comm="charger" scontext=u:r:charger:s0 tcontext=u:r:charger:s0 tclass=netlink_kobject_uevent_socket permissive=1
144#avc:  denied  { setopt } for  pid=266 comm="charger" scontext=u:r:charger:s0 tcontext=u:r:charger:s0 tclass=netlink_kobject_uevent_socket permissive=1
145#avc:  denied  { bind } for  pid=266 comm="charger" scontext=u:r:charger:s0 tcontext=u:r:charger:s0 tclass=netlink_kobject_uevent_socket permissive=1
146allow charger charger:netlink_kobject_uevent_socket { read create setopt bind };
147
148#avc:  denied  { get } for service=5100 pid=280 scontext=u:r:charger:s0 tcontext=u:object_r:hdf_light_interface_service:s0 tclass=hdf_devmgr_class permissive=0
149allow charger hdf_light_interface_service:hdf_devmgr_class { get };
150
151#avc:  denied  { get } for service=5100 pid=270 scontext=u:r:charger:s0 tcontext=u:object_r:sa_device_service_manager:s0 tclass=samgr_class permissive=0
152allow charger sa_device_service_manager:samgr_class { get };
153
154#avc:  denied  { read } for  pid=278 comm="charger" scontext=u:r:charger:s0 tcontext=u:object_r:accessibility_param:s0 tclass=file permissive=1
155#avc:  denied  { map } for  pid=278 comm="charger" scontext=u:r:charger:s0 tcontext=u:object_r:accessibility_param:s0 tclass=file permissive=1
156allow charger accessibility_param:file { open read map };
157
158#avc:  denied  { search } for  pid=271 comm="charger" name="etc" dev="mmcblk0p7" ino=20 scontext=u:r:charger:s0 tcontext=u:object_r:vendor_etc_file:s0 tclass=dir permissive=0
159allow charger vendor_etc_file:dir { search };
160
161#avc:  denied  { read } for  pid=275 comm="charger" name="loop00000.png" dev="mmcblk0p7" ino=31 scontext=u:r:charger:s0 tcontext=u:object_r:vendor_etc_file:s0 tclass=file permissive=0
162allow charger vendor_etc_file:file { open read };
163
164#avc:  denied  { set } for process="unknown process" parameter=startup.device.ctl pid=268 uid=6667 gid=6667 scontext=u:r:charger:s0 tcontext=u:object_r:startup_param:s0 tclass=parameter_service permissive=0
165allow charger startup_param:parameter_service { set };
166
167#avc:  denied  { set } for process="unknown process" parameter=startup.device.ctl pid=299 uid=6667 gid=6667 scontext=u:r:charger:s0 tcontext=u:object_r:ohos_param:s0 tclass=parameter_service permissive=0
168allow charger ohos_param:parameter_service { set };
169
170#avc: denied { search } for  pid=379 scontext=u:r:hdf_devmgr:s0 tcontext=u:object_r:charger:s0 tclass=dir permissive=1
171allow hdf_devmgr charger:dir { search };
172
173#avc: denied { read } for  pid=370 scontext=u:r:hdf_devmgr:s0 tcontext=u:object_r:charger:s0 tclass=file permissive=1
174allow hdf_devmgr charger:file { open read };
175
176#avc: denied { getattr } for  pid=390 scontext=u:r:hdf_devmgr:s0 tcontext=u:object_r:charger:s0 tclass=process permissive=1
177allow hdf_devmgr charger:process { getattr };
178
179#avc:  denied  { call } for  pid=271 comm="hdf_devmgr" scontext=u:r:hdf_devmgr:s0 tcontext=u:r:charger:s0 tclass=binder permissive=1
180allow hdf_devmgr charger:binder { transfer };
181
182# avc:  denied  { getattr } for  pid=1 comm="init" scontext=u:r:init:s0 tcontext=u:r:charger:s0 tclass=process permissive=1
183# avc:  denied  { rlimitinh } for  pid=1 comm="init" scontext=u:r:init:s0 tcontext=u:r:charger:s0 tclass=process permissive=1
184# avc:  denied  { siginh } for  pid=1 comm="init" scontext=u:r:init:s0 tcontext=u:r:charger:s0 tclass=process permissive=1
185# avc:  denied  { transition } for  pid=1 comm="init" scontext=u:r:init:s0 tcontext=u:r:charger:s0 tclass=process permissive=1
186allow init charger:process { getattr rlimitinh siginh transition };
187
188#avc:  denied  { execute } for  pid=235 comm="init" path="/vendor/bin/charger" dev="mmcblk0p6" ino=14 scontext=u:r:init:s0 tcontext=u:object_r:charger:s0 tclass=file permissive=1
189#avc: denied { read } for  pid=217 scontext=u:r:init:s0 tcontext=u:object_r:charger_exec:s0 tclass=file permissive=1
190#avc: denied { getattr } for  pid=218 scontext=u:r:init:s0 tcontext=u:object_r:charger_exec:s0 tclass=file permissive=0
191allow init charger_exec:file { execute getattr read open };
192
193#.avc:  denied  { read } for  pid=1 comm="init" scontext=u:r:init:s0 tcontext=u:r:usb_host:s0 tclass=file permissive=1
194allow init charger:file { open read };
195
196#avc:  denied  { search } for  pid=228 comm="init" name="charger" dev="mmcblk0p11" ino=31 scontext=u:r:init:s0 tcontext=u:object_r:charger:s0 tclass=dir permissive=1
197allow init charger:dir { search };
198
199