1# Copyright (c) 2022 Huawei Device Co., Ltd. 2# Licensed under the Apache License, Version 2.0 (the "License"); 3# you may not use this file except in compliance with the License. 4# You may obtain a copy of the License at 5# 6# http://www.apache.org/licenses/LICENSE-2.0 7# 8# Unless required by applicable law or agreed to in writing, software 9# distributed under the License is distributed on an "AS IS" BASIS, 10# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11# See the License for the specific language governing permissions and 12# limitations under the License. 13 14type sa_foundation_tel_state_registry, sa_service_attr; 15type sa_net_policy_manager, sa_service_attr; 16type sa_telephony_tel_cellular_data, sa_service_attr; 17type sa_telephony_tel_sms_mms, sa_service_attr; 18 19allow telephony_sa accesstoken_service:binder call; 20allow telephony_sa chip_prod_file:dir search; 21allow telephony_sa data_file:dir search; 22allow telephony_sa data_app_el1_file:dir search; 23allow telephony_sa data_app_el1_file:file { getattr open read }; 24allow telephony_sa data_app_file:dir search; 25allow telephony_sa data_service_el1_file:dir { add_name create search write getattr remove_name }; 26allow telephony_sa data_service_el1_file:file { create ioctl open read write getattr setattr rename }; 27allow telephony_sa data_service_file:dir search; 28allow telephony_sa dev_console_file:chr_file { read write }; 29allow telephony_sa distributeddata:binder { call transfer }; 30allow telephony_sa distributeddata:fd use; 31allow telephony_sa foundation:binder { call transfer }; 32allow telephony_sa hdf_cellular_radio_ext:hdf_devmgr_class get; 33allow telephony_sa init:binder { call transfer }; 34allow telephony_sa kernel:unix_stream_socket connectto; 35allow telephony_sa musl_param:file { map open read }; 36allow telephony_sa netmanager:binder { call transfer }; 37allow telephony_sa netsysnative:binder { call transfer }; 38allow telephony_sa normal_hap:binder { call transfer }; 39allow telephony_sa normal_hap:fd use; 40allow telephony_sa paramservice_socket:sock_file write; 41allow telephony_sa persist_param:parameter_service set; 42allow telephony_sa privacy_service:binder call; 43allow telephony_sa riladapter_host:binder { call transfer }; 44allow telephony_sa sa_accesstoken_manager_service:samgr_class get; 45allow telephony_sa sa_comm_net_tethering_manager_service:samgr_class get; 46allow telephony_sa sa_device_service_manager:samgr_class get; 47allow telephony_sa sa_dataobs_mgr_service_service:samgr_class get; 48allow telephony_sa sa_distributeddata_service:samgr_class get; 49allow telephony_sa sa_foundation_abilityms:samgr_class get; 50allow telephony_sa sa_foundation_battery_service:samgr_class get; 51allow telephony_sa sa_foundation_bms:samgr_class get; 52allow telephony_sa sa_foundation_cesfwk_service:samgr_class get; 53allow telephony_sa sa_foundation_powermgr_service:samgr_class get; 54allow telephony_sa sa_foundation_tel_call_manager:samgr_class get; 55allow telephony_sa sa_foundation_tel_state_registry:samgr_class get; 56allow telephony_sa sa_netsys_native_manager:samgr_class get; 57allow telephony_sa sa_net_conn_manager:samgr_class get; 58allow telephony_sa sa_net_policy_manager:samgr_class get; 59allow telephony_sa sa_param_watcher:samgr_class get; 60allow telephony_sa sa_privacy_service:samgr_class get; 61allow telephony_sa sa_telephony_tel_cellular_call:samgr_class { add get }; 62allow telephony_sa sa_telephony_tel_cellular_data:samgr_class { add get }; 63allow telephony_sa sa_telephony_tel_core_service:samgr_class { add get }; 64allow telephony_sa sa_telephony_tel_ims:samgr_class { add get }; 65allow telephony_sa sa_telephony_tel_sms_mms:samgr_class { add get }; 66allow telephony_sa sa_time_service:samgr_class get; 67allow telephony_sa self:unix_dgram_socket { getopt setopt }; 68allow telephony_sa sh:binder { call transfer }; 69allow telephony_sa sysfs_net:dir { open read }; 70allow telephony_sa system_basic_hap:binder { call transfer }; 71allow telephony_sa system_basic_hap:fd use; 72allow telephony_sa system_core_hap:binder call; 73allow telephony_sa sys_file:dir { open read }; 74allow telephony_sa sys_file:file { open read }; 75allow telephony_sa sys_prod_file:dir search; 76allow telephony_sa time_service:binder call; 77allow telephony_sa vendor_etc_file:dir search; 78allow telephony_sa sa_foundation_tel_call_manager:samgr_class get; 79 80#avc: denied { get } for service=ril_service pid=317 scontext=u:r:telephony_sa:s0 tcontext=u:object_r:hdf_ril_service:s0 tclass=hdf_devmgr_class permissive=1 81allow telephony_sa hdf_ril_service:hdf_devmgr_class get; 82 83allow telephony_sa rootfs:file { read open }; 84allow telephony_sa vendor_etc_file:file { read open }; 85allow telephony_sa chip_prod_file:file { read open }; 86allow telephony_sa sys_prod_file:file { read open }; 87allow telephony_sa sysfs_net:file { getattr };