1# Copyright (c) 2022-2023 Huawei Device Co., Ltd. 2# Licensed under the Apache License, Version 2.0 (the "License"); 3# you may not use this file except in compliance with the License. 4# You may obtain a copy of the License at 5# 6# http://www.apache.org/licenses/LICENSE-2.0 7# 8# Unless required by applicable law or agreed to in writing, software 9# distributed under the License is distributed on an "AS IS" BASIS, 10# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11# See the License for the specific language governing permissions and 12# limitations under the License. 13 14#avc: denied { getopt } for pid=563 comm="msdp" scontext=u:r:msdp_sa:s0 tcontext=u:r:msdp_sa:s0 tclass=unix_dgram_socket permissive=1 15#avc: denied { setopt } for pid=563 comm="msdp" scontext=u:r:msdp_sa:s0 tcontext=u:r:msdp_sa:s0 tclass=unix_dgram_socket permissive=1 16allow msdp_sa msdp_sa:unix_dgram_socket { getopt setopt }; 17 18#avc: denied { search } for pid=538 comm="msdp" name="socket" dev="tmpfs" ino=40 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:dev_unix_socket:s0 tclass=dir permissive=1 19allow msdp_sa dev_unix_socket:dir { search }; 20 21#avc: denied { call } for pid=543 comm="msdp" scontext=u:r:msdp_sa:s0 tcontext=u:r:sh:s0 tclass=binder permissive=1 22allow msdp_sa sh:binder { call }; 23 24#avc: denied { call } for pid=571 comm="msdp" scontext=u:r:msdp_sa:s0 tcontext=u:r:accesstoken_service:s0 tclass=binder permissive=1 25allow msdp_sa accesstoken_service:binder { call }; 26 27#avc: denied { add } for service=2902 pid=387 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:sa_msdp_devicestatus_service:s0 tclass=samgr_class permissive=1 28allow msdp_sa sa_msdp_devicestatus_service:samgr_class { add }; 29 30#avc: denied { get } for service=3901 pid=387 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:sa_param_watcher:s0 tclass=samgr_class permissive=1 31allow msdp_sa sa_param_watcher:samgr_class { get }; 32 33#avc: denied { call } for pid=435 comm="msdp" scontext=u:r:msdp_sa:s0 tcontext=u:r:normal_hap:s0 tclass=binder permissive=0 34allow msdp_sa normal_hap:binder { call }; 35 36#avc: denied { search } for pid=431 comm="msdp" name="/" dev="mmcblk0p12" ino=3 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:data_file:s0 tclass=dir permissive=0 37allow msdp_sa data_file:dir { search }; 38 39#avc: denied { call } for pid=429 comm="msdp" scontext=u:r:msdp_sa:s0 tcontext=u:r:system_core_hap:s0 tclass=binder permissive=0 40allow msdp_sa system_core_hap:binder { call }; 41 42#avc: denied { watch } for pid=453 comm="device_status_s" path="/dev/input" dev="tmpfs" ino=77 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:dev_input_file:s0 tclass=dir permissive=0 43#avc: denied { open } for pid=1729 comm="device_status_s" path="/dev/input" dev="tmpfs" ino=77 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:dev_input_file:s0 tclass=dir permissive=0 44#avc: denied { read } for pid=1765 comm="device_status_s" name="input" dev="tmpfs" ino=77 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:dev_input_file:s0 tclass=dir permissive=0 45#avc: denied { search } for pid=1737 comm="device_status_s" name="input" dev="tmpfs" ino=77 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:dev_input_file:s0 tclass=dir permissive=0 46#avc: denied { getattr } for pid=1741 comm="device_status_s" path="/dev/input" dev="tmpfs" ino=77 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:dev_input_file:s0 tclass=dir permissive=0 47allow msdp_sa dev_input_file:dir { watch open read search getattr }; 48 49#avc: denied { getattr } for pid=1741 comm="device_status_s" path="/dev/input/event3" dev="tmpfs" ino=107 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:dev_input_file:s0 tclass=chr_file permissive=0 50#avc: denied { read write } for pid=1897 comm="device_status_s" name="event7" dev="tmpfs" ino=328 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:dev_input_file:s0 tclass=chr_file permissive=1 51#avc: denied { open } for pid=1897 comm="device_status_s" path="/dev/input/event7" dev="tmpfs" ino=328 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:dev_input_file:s0 tclass=chr_file permissive=1 52#avc: denied { ioctl } for pid=1748 comm="device_status_s" path="/dev/input/event7" dev="tmpfs" ino=328 ioctlcmd=0x4521 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:dev_input_file:s0 tclass=chr_file permissive=0 53allow msdp_sa dev_input_file:chr_file { getattr read write open ioctl }; 54 55#avc: denied { getattr } for pid=1741 comm="device_status_s" path="/dev" dev="tmpfs" ino=1 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:dev_file:s0 tclass=dir permissive=0 56allow msdp_sa dev_file:dir { getattr }; 57 58#avc: denied { search } for pid=1771 comm="device_status_s" name="etc" dev="mmcblk0p8" ino=17 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:vendor_etc_file:s0 tclass=dir permissive=1 59allow msdp_sa vendor_etc_file:dir { search }; 60 61#avc: denied { map } for pid=482 comm="IPC_1_549" path="/dev/__parameters__/u:object_r:musl_param:s0" dev="tmpfs" ino=56 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:musl_param:s0 tclass=file permissive=0 62#avc: denied { open } for pid=448 comm="IPC_1_490" path="/dev/__parameters__/u:object_r:musl_param:s0" dev="tmpfs" ino=56 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:musl_param:s0 tclass=file permissive=0 63#avc: denied { read } for pid=477 comm="IPC_1_657" name="u:object_r:musl_param:s0" dev="tmpfs" ino=56 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:musl_param:s0 tclass=file permissive=0 64allow msdp_sa musl_param:file { map open read }; 65 66#avc: denied { transfer } for pid=477 comm="IPC_1_657" scontext=u:r:msdp_sa:s0 tcontext=u:r:sensors:s0 tclass=binder permissive=1 67allow msdp_sa sensors:binder { transfer }; 68 69debug_only(` 70 allow msdp_sa data_file:file { getattr open read}; 71') 72