1# Copyright (c) 2022 Huawei Device Co., Ltd. 2# Licensed under the Apache License, Version 2.0 (the "License"); 3# you may not use this file except in compliance with the License. 4# You may obtain a copy of the License at 5# 6# http://www.apache.org/licenses/LICENSE-2.0 7# 8# Unless required by applicable law or agreed to in writing, software 9# distributed under the License is distributed on an "AS IS" BASIS, 10# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11# See the License for the specific language governing permissions and 12# limitations under the License. 13 14#allow sh sh:capability { dac_override sys_ptrace sys_ptrace }; 15allow sh accessibility:binder { call transfer call transfer }; 16allow sh accessibility:dir { getattr search }; 17allow sh accessibility:file { open read }; 18allow sh accesstoken_service:dir { getattr search }; 19allow sh accesstoken_service:file { open read }; 20allow sh accountmgr:dir { getattr search }; 21allow sh accountmgr:file { open read }; 22allow sh appspawn:dir { getattr search }; 23allow sh appspawn:file { open read open read }; 24allow sh audio_hdi_server_host:dir { getattr search }; 25allow sh audio_hdi_server_host:file { open read }; 26allow sh audio_policy:dir { getattr search }; 27allow sh audio_policy:file { open read }; 28allow sh blue_host:dir { getattr search }; 29allow sh blue_host:file { open read }; 30allow sh bluetooth_service:dir { getattr search }; 31allow sh bluetooth_service:file { open read }; 32allow sh bootanimation:dir { search }; 33allow sh bootanimation:file { open read }; 34allow sh camera_host:dir { getattr search }; 35allow sh camera_host:file { open read }; 36allow sh camera_service:dir { getattr search }; 37allow sh camera_service:file { open read }; 38allow sh codec_host:dir { getattr search }; 39allow sh codec_host:file { open read }; 40allow sh console:dir { getattr search }; 41allow sh console:file { open read }; 42#allow sh data_app_el1_file:dir { getattr open read search }; 43#allow sh data_app_el1_file:file { getattr }; 44allow sh data_app_file:dir { search }; 45allow sh data_file:dir { add_name open read write }; 46allow sh data_file:file { create }; 47#allow sh data_hilogd_file:dir { open read open read search }; 48#allow sh data_hilogd_file:file { getattr open read }; 49allow sh data_local:dir { add_name create open read write add_name create open read write }; 50allow sh data_local:file { create ioctl open write open write create getattr ioctl open write open write }; 51allow sh data_log:dir { open read remove_name search write open read remove_name write search }; 52allow sh data_log:file { getattr open read unlink unlink }; 53allow sh dev_kmsg_file:chr_file { open read }; 54allow sh deviceauth_service:dir { getattr search }; 55allow sh deviceauth_service:file { open read }; 56allow sh disp_gralloc_host:dir { getattr search }; 57allow sh disp_gralloc_host:file { open read }; 58allow sh distributeddata:dir { getattr search }; 59allow sh distributeddata:file { open read }; 60allow sh distributedfiledaemon:dir { getattr search }; 61allow sh distributedfiledaemon:file { open read }; 62allow sh distributedsche:dir { getattr search }; 63allow sh distributedsche:file { open read }; 64allow sh distributedsche_param:file { map open read map open read }; 65allow sh download_server:dir { getattr search }; 66allow sh download_server:file { open read }; 67allow sh dslm_service:dir { getattr search }; 68allow sh dslm_service:file { open read }; 69allow sh edm_sa:dir { getattr search }; 70allow sh edm_sa:file { open read }; 71allow sh face_auth_host:dir { getattr search }; 72allow sh face_auth_host:file { open read }; 73allow sh faultloggerd:dir { getattr search }; 74allow sh faultloggerd:file { open read }; 75allow sh fingerprint_auth_host:dir { getattr search }; 76allow sh fingerprint_auth_host:file { open read }; 77allow sh foundation:dir { getattr search }; 78allow sh foundation:file { open read }; 79allow sh hdcd:dir { getattr search }; 80allow sh hdcd:file { open read }; 81allow sh hdf_devmgr:dir { getattr search }; 82allow sh hdf_devmgr:file { open read open read }; 83allow sh hidumper_service:dir { getattr search }; 84allow sh hidumper_service:file { open read }; 85allow sh hilog_control_socket:sock_file { write }; 86allow sh hilog_exec:file { execute execute_no_trans getattr map read open }; 87allow sh hilogd:dir { getattr search }; 88allow sh hilogd:file { open read open read }; 89allow sh hiview:binder { call transfer call transfer }; 90allow sh hiview:dir { getattr search }; 91allow sh hiview:file { open read }; 92allow sh huks_service:dir { getattr search }; 93allow sh huks_service:file { open read }; 94allow sh init:dir { getattr search }; 95allow sh init:file { open read open read }; 96allow sh init:unix_stream_socket { connectto }; 97allow sh input_user_host:dir { getattr search }; 98allow sh input_user_host:file { open read }; 99allow sh inputmethod_service:dir { getattr search }; 100allow sh inputmethod_service:file { open read }; 101allow sh installs:dir { getattr search }; 102allow sh installs:file { open read }; 103allow sh kernel:dir { getattr search }; 104allow sh kernel:file { open read open read }; 105allow sh kernel:system { syslog_read }; 106allow sh kernel:unix_stream_socket { connectto }; 107allow sh light_host:dir { getattr search }; 108allow sh light_host:file { open read }; 109allow sh location_host:dir { getattr search }; 110allow sh location_host:file { open read }; 111allow sh locationhub:dir { getattr search }; 112allow sh locationhub:file { open read }; 113allow sh media_service:dir { getattr search }; 114allow sh media_service:file { open read }; 115allow sh mmi_uinput_service:dir { getattr search }; 116allow sh mmi_uinput_service:file { open read open read }; 117allow sh msdp_sa:dir { getattr search }; 118allow sh msdp_sa:file { open read }; 119allow sh multimodalinput:dir { getattr search }; 120allow sh multimodalinput:file { open }; 121allow sh multimodalinput:unix_stream_socket { read }; 122allow sh netmanager:dir { getattr search }; 123allow sh netmanager:file { open read }; 124allow sh netsysnative:dir { getattr search }; 125allow sh netsysnative:file { open read }; 126allow sh normal_hap:dir { getattr search }; 127allow sh normal_hap:file { open read }; 128allow sh param_watcher:dir { getattr search }; 129allow sh param_watcher:file { open read open read }; 130allow sh paramservice_socket:sock_file { write }; 131allow sh pasteboard_service:dir { getattr search }; 132allow sh pasteboard_service:file { open read }; 133allow sh pin_auth_host:dir { getattr search }; 134allow sh pin_auth_host:file { open read }; 135allow sh pinauth:dir { getattr search }; 136allow sh pinauth:file { open read }; 137allow sh power_host:dir { getattr search }; 138allow sh power_host:file { open read }; 139allow sh pulseaudio:dir { getattr search }; 140allow sh pulseaudio:file { open read }; 141allow sh render_service:dir { getattr search }; 142allow sh render_service:file { open read }; 143allow sh rootfs:dir { open read }; 144allow sh sa_foundation_dms:samgr_class { get }; 145allow sh sa_multimodalinput_service:samgr_class { get }; 146allow sh sa_sys_event_service:samgr_class { get }; 147allow sh samgr:dir { getattr search }; 148allow sh samgr:file { open read open read }; 149allow sh screenlock_server:dir { getattr search }; 150allow sh screenlock_server:file { open read }; 151allow sh security:security { setenforce }; 152allow sh selinuxfs:dir { search }; 153allow sh selinuxfs:file { open read write read }; 154allow sh sensor_host:dir { getattr search }; 155allow sh sensor_host:file { open read }; 156allow sh sensors:file { open read }; 157#allow sh sh:capability { dac_override sys_ptrace }; 158allow sh sh_exec:file { execute_no_trans }; 159allow sh softbus_server:dir { getattr search }; 160allow sh softbus_server:file { open read }; 161allow sh storage_daemon:dir { getattr search }; 162allow sh storage_daemon:file { open read open read }; 163allow sh storage_manager:dir { getattr search }; 164allow sh storage_manager:file { open read open read }; 165allow sh system_basic_hap:dir { getattr search }; 166allow sh system_basic_hap:file { open read }; 167allow sh system_core_hap:dir { search }; 168allow sh system_core_hap:file { open read }; 169allow sh system_usr_file:dir { search }; 170allow sh system_usr_file:file { getattr map open read getattr map open read }; 171allow sh telephony_sa:dir { getattr search }; 172allow sh telephony_sa:file { open read }; 173allow sh time_service:dir { getattr search }; 174allow sh time_service:file { open read }; 175allow sh udevd:dir { getattr search }; 176allow sh udevd:file { open read open read }; 177allow sh ueventd:dir { search }; 178allow sh ueventd:file { open read }; 179allow sh ui_service:dir { getattr search }; 180allow sh ui_service:file { open read }; 181allow sh updater_sa:dir { getattr search }; 182allow sh updater_sa:file { open read }; 183allow sh usb_host:dir { getattr search }; 184allow sh usb_host:file { open read }; 185allow sh usb_service:dir { getattr search }; 186allow sh usb_service:file { open read }; 187allow sh user_auth_host:dir { getattr search }; 188allow sh user_auth_host:file { open read }; 189allow sh useriam:dir { getattr search }; 190allow sh useriam:file { open read }; 191allow sh vibrator_host:dir { getattr search }; 192allow sh vibrator_host:file { open read }; 193allow sh wallpaper_service:dir { getattr search }; 194allow sh wallpaper_service:file { open read }; 195allow sh watchdog_service:dir { getattr search }; 196allow sh watchdog_service:file { open read open read }; 197allow sh wifi_hal_service:dir { getattr search }; 198allow sh wifi_hal_service:file { open read }; 199allow sh wifi_host:dir { getattr search }; 200allow sh wifi_host:file { open read }; 201allow sh wifi_manager_service:dir { getattr search }; 202allow sh wifi_manager_service:file { open read }; 203allowxperm sh data_local:file ioctl { 0x5413 }; 204 205