• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# Copyright (c) 2022 Huawei Device Co., Ltd.
2# Licensed under the Apache License, Version 2.0 (the License);
3# you may not use this file except in compliance with the License.
4# You may obtain a copy of the License at
5#
6#     http://www.apache.org/licenses/LICENSE-2.0
7#
8# Unless required by applicable law or agreed to in writing, software
9# distributed under the License is distributed on an "AS IS" BASIS,
10# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11# See the License for the specific language governing permissions and
12# limitations under the License.
13
14init_daemon_domain(pulseaudio);
15
16#avc:  denied  { call } for  pid=288 comm="pulseaudio" scontext=u:r:pulseaudio:s0 tcontext=u:r:a2dp_host:s0 tclass=binder permissive=1
17allow pulseaudio a2dp_host:binder { call };
18
19#avc:  denied  { call } for  pid=342 comm="pulseaudio" scontext=u:r:pulseaudio:s0 tcontext=u:r:accesstoken_service:s0 tclass=binder permissive=1
20allow pulseaudio accesstoken_service:binder { call };
21
22#avc:  denied  { call } for  pid=304 comm="hdi-sink-playba" scontext=u:r:pulseaudio:s0 tcontext=u:r:audio_hdi_server_host:s0 tclass=binder permissive=1
23allow pulseaudio audio_hdi_server_host:binder { call };
24
25#avc:  denied  { search } for  pid=285 comm="pulseaudio" name="data" dev="mmcblk0p7" ino=1436162 scontext=u:r:pulseaudio:s0 tcontext=u:object_r:data_data_file:s0 tclass=dir permissive=1
26allow pulseaudio data_data_file:dir { search };
27
28#avc:  denied  { add_name } for  pid=285 comm="pulseaudio" name="pipe_sink.pcm" scontext=u:r:pulseaudio:s0 tcontext=u:object_r:data_data_pulse_dir:s0 tclass=dir permissive=1
29#avc:  denied  { getattr } for  pid=285 comm="pulseaudio" path="/data/data/.pulse_dir/runtime" dev="mmcblk0p7" ino=1436166 scontext=u:r:pulseaudio:s0 tcontext=u:object_r:data_data_pulse_dir:s0 tclass=dir permissive=1
30#avc:  denied  { open } for  pid=285 comm="pulseaudio" path="/data/data/.pulse_dir/runtime" dev="mmcblk0p7" ino=1436166 scontext=u:r:pulseaudio:s0 tcontext=u:object_r:data_data_pulse_dir:s0 tclass=dir permissive=1
31#avc:  denied  { read } for  pid=285 comm="pulseaudio" name="runtime" dev="mmcblk0p7" ino=1436166 scontext=u:r:pulseaudio:s0 tcontext=u:object_r:data_data_pulse_dir:s0 tclass=dir permissive=1
32#avc:  denied  { remove_name } for  pid=284 comm="pulseaudio" name="cli" dev="mmcblk0p7" ino=1436169 scontext=u:r:pulseaudio:s0 tcontext=u:object_r:data_data_pulse_dir:s0 tclass=dir permissive=1
33#avc:  denied  { search } for  pid=285 comm="pulseaudio" name=".pulse_dir" dev="mmcblk0p7" ino=1436165 scontext=u:r:pulseaudio:s0 tcontext=u:object_r:data_data_pulse_dir:s0 tclass=dir permissive=1
34#avc:  denied  { setattr } for  pid=284 comm="pulseaudio" name="state" dev="mmcblk0p7" ino=1436167 scontext=u:r:pulseaudio:s0 tcontext=u:object_r:data_data_pulse_dir:s0 tclass=dir permissive=1
35#avc:  denied  { write } for  pid=285 comm="pulseaudio" name=".pulse_dir" dev="mmcblk0p7" ino=1436165 scontext=u:r:pulseaudio:s0 tcontext=u:object_r:data_data_pulse_dir:s0 tclass=dir permissive=1
36allow pulseaudio data_data_pulse_dir:dir { add_name getattr open read remove_name search setattr write };
37
38#avc:  denied  { create } for  pid=285 comm="pulseaudio" name="pipe_sink.pcm" scontext=u:r:pulseaudio:s0 tcontext=u:object_r:data_data_pulse_dir:s0 tclass=fifo_file permissive=1
39#avc:  denied  { getattr } for  pid=285 comm="pulseaudio" path="/data/data/.pulse_dir/pipe_sink.pcm" dev="mmcblk0p7" ino=1436174 scontext=u:r:pulseaudio:s0 tcontext=u:object_r:data_data_pulse_dir:s0 tclass=fifo_file permissive=
40#avc:  denied  { open } for  pid=285 comm="pulseaudio" path="/data/data/.pulse_dir/pipe_sink.pcm" dev="mmcblk0p7" ino=1436174 scontext=u:r:pulseaudio:s0 tcontext=u:object_r:data_data_pulse_dir:s0 tclass=fifo_file permissive=1
41#avc:  denied  { read write } for  pid=285 comm="pulseaudio" name="pipe_sink.pcm" dev="mmcblk0p7" ino=1436174 scontext=u:r:pulseaudio:s0 tcontext=u:object_r:data_data_pulse_dir:s0 tclass=fifo_file permissive=1
42#avc:  denied  { setattr } for  pid=285 comm="pulseaudio" name="pipe_sink.pcm" dev="mmcblk0p7" ino=1436174 scontext=u:r:pulseaudio:s0 tcontext=u:object_r:data_data_pulse_dir:s0 tclass=fifo_file permissive=1
43allow pulseaudio data_data_pulse_dir:fifo_file { create getattr open read write setattr };
44
45#avc:  denied  { create } for  pid=284 comm="pulseaudio" name="pid" scontext=u:r:pulseaudio:s0 tcontext=u:object_r:data_data_pulse_dir:s0 tclass=file permissive=1
46#avc:  denied  { getattr } for  pid=287 comm="pulseaudio" path="/data/data/.pulse_dir/runtime/pid" dev="mmcblk0p7" ino=1436168 scontext=u:r:pulseaudio:s0 tcontext=u:object_r:data_data_pulse_dir:s0 tclass=file permissive=1
47#avc:  denied  { ioctl } for  pid=287 comm="pulseaudio" path="/data/data/.pulse_dir/file_sink.pcm" dev="mmcblk0p11" ino=652819 ioctlcmd=0x5413 scontext=u:r:pulseaudio:s0 tcontext=u:object_r:data_data_pulse_dir:s0 tclass=file permissive=1
48#avc:  denied  { read write open } for  pid=284 comm="pulseaudio" path="/data/data/.pulse_dir/runtime/pid" dev="mmcblk0p7" ino=1436168 scontext=u:r:pulseaudio:s0 tcontext=u:object_r:data_data_pulse_dir:s0 tclass=file permissive=1
49#avc:  denied  { lock } for  pid=284 comm="pulseaudio" path="/data/data/.pulse_dir/runtime/pid" dev="mmcblk0p7" ino=1436168 scontext=u:r:pulseaudio:s0 tcontext=u:object_r:data_data_pulse_dir:s0 tclass=file permissive=1
50#avc:  denied  { setattr } for  pid=285 comm="pulseaudio" name="cookie" dev="mmcblk0p7" ino=1436170 scontext=u:r:pulseaudio:s0 tcontext=u:object_r:data_data_pulse_dir:s0 tclass=file permissive=1
51allow pulseaudio data_data_pulse_dir:file { create getattr ioctl read write open lock setattr unlink };
52
53#avc:  denied  { create } for  pid=284 comm="pulseaudio" name="cli" scontext=u:r:pulseaudio:s0 tcontext=u:object_r:data_data_pulse_dir:s0 tclass=sock_file permissive=1
54#avc:  denied  { setattr } for  pid=284 comm="pulseaudio" name="cli" dev="mmcblk0p7" ino=1436169 scontext=u:r:pulseaudio:s0 tcontext=u:object_r:data_data_pulse_dir:s0 tclass=sock_file permissive=1
55#avc:  denied  { unlink } for  pid=284 comm="pulseaudio" name="cli" dev="mmcblk0p7" ino=1436169 scontext=u:r:pulseaudio:s0 tcontext=u:object_r:data_data_pulse_dir:s0 tclass=sock_file permissive=1
56#avc:  denied  { write } for  pid=284 comm="pulseaudio" name="cli" dev="mmcblk0p7" ino=1436169 scontext=u:r:pulseaudio:s0 tcontext=u:object_r:data_data_pulse_dir:s0 tclass=sock_file permissive=1
57allow pulseaudio data_data_pulse_dir:sock_file { create setattr unlink write };
58
59#avc:  denied  { search } for  pid=294 comm="pulseaudio" name="/" dev="mmcblk0p7" ino=2 scontext=u:r:pulseaudio:s0 tcontext=u:object_r:data_file:s0 tclass=dir permissive=1
60allow pulseaudio data_file:dir { search };
61
62#avc:  denied  { search } for  pid=298 comm="pulseaudio" name="init_agent" dev="mmcblk0p7" ino=8166 scontext=u:r:pulseaudio:s0 tcontext=u:object_r:data_init_agent:s0 tclass=dir permissive=1
63allow pulseaudio data_init_agent:dir { search };
64
65#avc:  denied  { ioctl } for  pid=284 comm="sa_main" path="/data/init_agent/begetctl.log" dev="mmcblk0p11" ino=17 ioctlcmd=0x5413 scontext=u:r:pulseaudio:s0 tcontext=u:object_r:data_init_agent:s0 tclass=file permissive=1
66#avc:  denied  { open } for  pid=308 comm="pulseaudio" path="/data/init_agent/begetctl.log" dev="mmcblk0p11" ino=17 scontext=u:r:pulseaudio:s0 tcontext=u:object_r:data_init_agent:s0 tclass=file permissive=1
67#avc:  denied  { read append } for  pid=308 comm="pulseaudio" name="begetctl.log" dev="mmcblk0p11" ino=17 scontext=u:r:pulseaudio:s0 tcontext=u:object_r:data_init_agent:s0 tclass=file permissive=1
68allow pulseaudio data_init_agent:file { ioctl open read append };
69
70#avc:  denied  { search } for  pid=329 comm="sa_main" name="socket" dev="tmpfs" ino=38 scontext=u:r:pulseaudio:s0 tcontext=u:object_r:dev_unix_socket:s0 tclass=dir permissive=1
71allow pulseaudio dev_unix_socket:dir { search };
72
73#avc:  denied  { write } for  pid=329 comm="sa_main" name="hilogInput" dev="tmpfs" ino=281 scontext=u:r:pulseaudio:s0 tcontext=u:object_r:dev_unix_socket:s0 tclass=sock_file permissive=1
74allow pulseaudio dev_unix_socket:sock_file { write };
75
76#avc:  denied  { get } for service=audio_bluetooth_hdi_service pid=288 scontext=u:r:pulseaudio:s0 tcontext=u:object_r:hdf_audio_bluetooth_hdi_service:s0 tclass=hdf_devmgr_class permissive=1
77allow pulseaudio hdf_audio_bluetooth_hdi_service:hdf_devmgr_class { get };
78
79#avc:  denied  { get } for service=audio_hdi_a2dp_service pid=316 scontext=u:r:pulseaudio:s0 tcontext=u:object_r:hdf_audio_hdi_a2dp_service:s0 tclass=hdf_devmgr_class permissive=1
80allow pulseaudio hdf_audio_hdi_a2dp_service:hdf_devmgr_class { get };
81
82#avc:  denied  { get } for service=audio_hdi_service pid=288 scontext=u:r:pulseaudio:s0 tcontext=u:object_r:hdf_audio_hdi_service:s0 tclass=hdf_devmgr_class permissive=1
83allow pulseaudio hdf_audio_hdi_service:hdf_devmgr_class { get };
84
85#avc:  denied  { get } for service=audio_hdi_usb_service pid=283 scontext=u:r:pulseaudio:s0 tcontext=u:object_r:hdf_audio_hdi_usb_service:s0 tclass=hdf_devmgr_class permissive=1i
86allow pulseaudio hdf_audio_hdi_usb_service:hdf_devmgr_class { get };
87
88#avc:  denied  { call } for  pid=304 comm="pulseaudio" scontext=u:r:pulseaudio:s0 tcontext=u:r:hdf_devmgr:s0 tclass=binder permissive=1
89allow pulseaudio hdf_devmgr:binder { call };
90
91#avc:  denied  { write } for  pid=389 comm="hidumper_servic" path="pipe:[28561]" dev="pipefs" ino=28561 scontext=u:r:pulseaudio:s0 tcontext=u:r:hidumper_service:s0 tclass=fifo_file permissive=1
92allow pulseaudio hidumper_service:fifo_file { write };
93
94#avc:  denied  { accept } for  pid=292 comm="pulseaudio" path="/dev/unix/socket/native" scontext=u:r:pulseaudio:s0 tcontext=u:r:init:s0 tclass=unix_stream_socket permissive=1
95#avc:  denied  { getattr } for  pid=295 comm="pulseaudio" path="socket:[25323]" dev="sockfs" ino=25323 scontext=u:r:pulseaudio:s0 tcontext=u:r:init:s0 tclass=unix_stream_socket permissive=1
96#avc:  denied  { getopt } for  pid=295 comm="pulseaudio" path="/dev/unix/socket/native" scontext=u:r:pulseaudio:s0 tcontext=u:r:init:s0 tclass=unix_stream_socket permissive=1
97#avc:  denied  { listen } for  pid=287 comm="pulseaudio" path="/dev/unix/socket/native" scontext=u:r:pulseaudio:s0 tcontext=u:r:init:s0 tclass=unix_stream_socket permissive=1
98#avc:  denied  { setopt } for  pid=292 comm="pulseaudio" path="/dev/unix/socket/native" scontext=u:r:pulseaudio:s0 tcontext=u:r:init:s0 tclass=unix_stream_socket permissive=1
99allow pulseaudio init:unix_stream_socket { accept getattr getopt listen setopt };
100
101#avc:  denied  { write } for  pid=308 comm="pulseaudio" name="native" dev="tmpfs" ino=301 scontext=u:r:pulseaudio:s0 tcontext=u:object_r:native_socket:s0 tclass=sock_file permissive=1
102allow pulseaudio native_socket:sock_file { write };
103
104#avc:  denied  { ioctl } for  pid=281 comm="hdi-source-reco" path=2F6465762F636F6E736F6C65202864656C6574656429 dev="rootfs" ino=382 ioctlcmd=0x5413 scontext=u:r:pulseaudio:s0 tcontext=u:object_r:rootfs:s0 tclass=chr_file permissive=1
105#avc:  denied  { read } for  pid=277 comm="sa_main" path=2F6465762F636F6E736F6C65202864656C6574656429 dev="rootfs" ino=33 scontext=u:r:pulseaudio:s0 tcontext=u:object_r:rootfs:s0 tclass=chr_file permissive=1
106#avc:  denied  { write } for  pid=281 comm="hdi-source-reco" path=2F6465762F636F6E736F6C65202864656C6574656429 dev="rootfs" ino=382 scontext=u:r:pulseaudio:s0 tcontext=u:object_r:rootfs:s0 tclass=chr_file permissive=1
107allow pulseaudio rootfs:chr_file { ioctl read write };
108
109#avc:  denied  { get } for service=3503 pid=297 scontext=u:r:pulseaudio:s0 tcontext=u:object_r:sa_accesstoken_manager_service:s0 tclass=samgr_class permissive=1
110allow pulseaudio sa_accesstoken_manager_service:samgr_class { get };
111
112#avc:  denied  { get } for service=5100 pid=297 scontext=u:r:pulseaudio:s0 tcontext=u:object_r:sa_device_service_manager:s0 tclass=samgr_class permissive=1
113allow pulseaudio sa_device_service_manager:samgr_class { get };
114
115#avc:  denied  { add } for service=3001 pid=308 scontext=u:r:pulseaudio:s0 tcontext=u:object_r:sa_pulseaudio_audio_service:s0 tclass=samgr_class permissive=1
116allow pulseaudio sa_pulseaudio_audio_service:samgr_class { add };
117
118#avc:  denied  { getattr } for  pid=294 comm="pulseaudio" path="/system/bin" dev="mmcblk0p5" ino=101 scontext=u:r:pulseaudio:s0 tcontext=u:object_r:system_bin_file:s0 tclass=dir permissive=1
119#avc:  denied  { search } for  pid=329 comm="sa_main" name="bin" dev="mmcblk0p6" ino=103 scontext=u:r:pulseaudio:s0 tcontext=u:object_r:system_bin_file:s0 tclass=dir permissive=1
120allow pulseaudio system_bin_file:dir { getattr search };
121
122#avc:  denied  { search } for  pid=304 comm="pulseaudio" name="etc" dev="mmcblk0p6" ino=18 scontext=u:r:pulseaudio:s0 tcontext=u:object_r:vendor_etc_file:s0 tclass=dir permissive=1
123allow pulseaudio vendor_etc_file:dir { search };
124
125#avc:  denied  { getattr } for  pid=304 comm="pulseaudio" path="/vendor/etc/hdfconfig/audio_adapter_config.json" dev="mmcblk0p6" ino=28 scontext=u:r:pulseaudio:s0 tcontext=u:object_r:vendor_etc_file:s0 tclass=file permissive=1
126#avc:  denied  { read } for  pid=304 comm="pulseaudio" name="audio_adapter_config.json" dev="mmcblk0p6" ino=28 scontext=u:r:pulseaudio:s0 tcontext=u:object_r:vendor_etc_file:s0 tclass=file permissive=1
127#avc:  denied  { open } for  pid=304 comm="pulseaudio" path="/vendor/etc/hdfconfig/audio_adapter_config.json" dev="mmcblk0p6" ino=28 scontext=u:r:pulseaudio:s0 tcontext=u:object_r:vendor_etc_file:s0 tclass=file permissive=1
128allow pulseaudio vendor_etc_file:file { getattr read open };
129
130#avc:  denied  { execute } for  pid=305 comm="pulseaudio" path="/vendor/lib64/libhdi_audio_client.z.so" dev="mmcblk0p7" ino=102 scontext=u:r:pulseaudio:s0 tcontext=u:object_r:vendor_file:s0 tclass=file permissive=1
131#avc:  denied  { getattr } for  pid=297 comm="pulseaudio" path="/vendor/lib64/libhdi_audio_client.z.so" dev="mmcblk0p7" ino=102 scontext=u:r:pulseaudio:s0 tcontext=u:object_r:vendor_file:s0 tclass=file permissive=1
132#avc:  denied  { map } for  pid=305 comm="pulseaudio" path="/vendor/lib64/libhdi_audio_client.z.so" dev="mmcblk0p7" ino=102 scontext=u:r:pulseaudio:s0 tcontext=u:object_r:vendor_file:s0 tclass=file permissive=1
133#avc:  denied  { open } for  pid=297 comm="pulseaudio" path="/vendor/lib64/libhdi_audio_client.z.so" dev="mmcblk0p7" ino=102 scontext=u:r:pulseaudio:s0 tcontext=u:object_r:vendor_file:s0 tclass=file permissive=1
134#avc:  denied  { read } for  pid=292 comm="pulseaudio" path="/vendor/lib64/libhdi_audio_client.z.so" dev="mmcblk0p7" ino=102 scontext=u:r:pulseaudio:s0 tcontext=u:object_r:vendor_file:s0 tclass=file permissive=1
135allow pulseaudio vendor_file:file { execute getattr map open read };
136
137#avc:  denied  { search } for  pid=294 comm="pulseaudio" name="lib" dev="mmcblk0p6" ino=44 scontext=u:r:pulseaudio:s0 tcontext=u:object_r:vendor_lib_file:s0 tclass=dir permissive=1
138allow pulseaudio vendor_lib_file:dir { search };
139
140#avc:  denied  { read } for  pid=282 comm="pulseaudio" name="libhdi_audio_client.z.so" dev="mmcblk0p6" ino=91 scontext=u:r:pulseaudio:s0 tcontext=u:object_r:vendor_lib_file:s0 tclass=file permissive=1
141#avc:  denied  { open } for  pid=282 comm="pulseaudio" path="/vendor/lib/libhdi_audio_client.z.so" dev="mmcblk0p6" ino=91 scontext=u:r:pulseaudio:s0 tcontext=u:object_r:vendor_lib_file:s0 tclass=file permissive=1
142#avc:  denied  { getattr } for  pid=282 comm="pulseaudio" path="/vendor/lib/libhdi_audio_client.z.so" dev="mmcblk0p6" ino=91 scontext=u:r:pulseaudio:s0 tcontext=u:object_r:vendor_lib_file:s0 tclass=file permissive=1
143#avc:  denied  { map } for  pid=282 comm="pulseaudio" path="/vendor/lib/libhdi_audio_client.z.so" dev="mmcblk0p6" ino=91 scontext=u:r:pulseaudio:s0 tcontext=u:object_r:vendor_lib_file:s0 tclass=file permissive=1
144#avc:  denied  { execute } for  pid=282 comm="pulseaudio" path="/vendor/lib/libhdi_audio_client.z.so" dev="mmcblk0p6" ino=91 scontext=u:r:pulseaudio:s0 tcontext=u:object_r:vendor_lib_file:s0 tclass=file permissive=1
145allow pulseaudio vendor_lib_file:file { read open getattr map execute };
146
147#avc:  denied  { ioctl } for  pid=284 comm="pulseaudio" path="/data/data/.pulse_dir/file_sink.pcm" dev="mmcblk0p11" ino=652819 ioctlcmd=0x5413 scontext=u:r:pulseaudio:s0 tcontext=u:object_r:data_data_pulse_dir:s0 tclass=file permissive=1
148allowxperm pulseaudio data_data_pulse_dir:file ioctl { 0x5413 };
149
150#avc:  denied  { ioctl } for  pid=284 comm="sa_main" path="/data/init_agent/begetctl.log" dev="mmcblk0p11" ino=17 ioctlcmd=0x5413 scontext=u:r:pulseaudio:s0 tcontext=u:object_r:data_init_agent:s0 tclass=file permissive=1
151allowxperm pulseaudio data_init_agent:file ioctl { 0x5413 };
152
153#avc:  denied  { ioctl } for  pid=295 comm="hdi-source-reco" path=2F6465762F636F6E736F6C65202864656C6574656429 dev="rootfs" ino=15759 ioctlcmd=0x5413 scontext=u:r:pulseaudio:s0 tcontext=u:object_r:rootfs:s0 tclass=chr_file perm
154allowxperm pulseaudio rootfs:chr_file ioctl { 0x5413 };
155
156allow pulseaudio accessibility_param:file { map open read };
157
158allow pulseaudio sa_foundation_powermgr_service:samgr_class { get };
159allow pulseaudio foundation:binder { call transfer };
160
161allow pulseaudio vendor_bin_file:dir { search };
162
163allow pulseaudio hdf_audio_manager_service:hdf_devmgr_class { get };
164allow pulseaudio sa_audio_policy_service:samgr_class { get };
165
166