• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# Copyright (c) 2022-2023 Huawei Device Co., Ltd.
2# Licensed under the Apache License, Version 2.0 (the "License");
3# you may not use this file except in compliance with the License.
4# You may obtain a copy of the License at
5#
6#     http://www.apache.org/licenses/LICENSE-2.0
7#
8# Unless required by applicable law or agreed to in writing, software
9# distributed under the License is distributed on an "AS IS" BASIS,
10# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11# See the License for the specific language governing permissions and
12# limitations under the License.
13
14#avc:  denied  { call } for  pid=2061 comm="ohos.dhardware." scontext=u:r:dcamera:s0 tcontext=u:r:camera_service:s0 tclass=binder permissive=1
15#avc:  denied  { transfer } for  pid=2061 comm="ohos.dhardware." scontext=u:r:dcamera:s0 tcontext=u:r:camera_service:s0 tclass=binder permissive=1
16allow dcamera camera_service:binder { call transfer };
17
18#avc:  denied  { search } for  pid=2040 comm="dcamera" name="/" dev="mmcblk0p11" ino=2 scontext=u:r:dcamera:s0 tcontext=u:object_r:data_file:s0 tclass=dir permissive=1
19allow dcamera data_file:dir { search };
20
21#avc:  denied  { bind } for  pid=3250 comm="Fillp_core_0" scontext=u:r:dcamera:s0 tcontext=u:r:dcamera:s0 tclass=udp_socket permissive=1
22#avc:  denied  { connect } for  pid=2344 comm="Fillp_core_0" scontext=u:r:dcamera:s0 tcontext=u:r:dcamera:s0 tclass=udp_socket permissive=1
23#avc:  denied  { create } for  pid=3250 comm="Fillp_core_0" scontext=u:r:dcamera:s0 tcontext=u:r:dcamera:s0 tclass=udp_socket permissive=1
24#avc:  denied  { getattr } for  pid=2344 comm="dcamera" scontext=u:r:dcamera:s0 tcontext=u:r:dcamera:s0 tclass=udp_socket permissive=1
25#avc:  denied  { read } for  pid=2040 comm="Fillp_core_94" scontext=u:r:dcamera:s0 tcontext=u:r:dcamera:s0 tclass=udp_socket permissive=1
26#avc:  denied  { setopt } for  pid=3250 comm="Fillp_core_0" scontext=u:r:dcamera:s0 tcontext=u:r:dcamera:s0 tclass=udp_socket permissive=1
27#avc:  denied  { write } for  pid=2040 comm="Fillp_core_94" scontext=u:r:dcamera:s0 tcontext=u:r:dcamera:s0 tclass=udp_socket permissive=1
28allow dcamera dcamera:udp_socket { bind connect create getattr read setopt write };
29
30#avc:  denied  { getopt } for  pid=2051 comm="DHEventbusHandl" scontext=u:r:dcamera:s0 tcontext=u:r:dcamera:s0 tclass=unix_dgram_socket permissive=1
31#avc:  denied  { setopt } for  pid=2051 comm="DHEventbusHandl" scontext=u:r:dcamera:s0 tcontext=u:r:dcamera:s0 tclass=unix_dgram_socket permissive=1
32allow dcamera dcamera:unix_dgram_socket { getopt setopt };
33
34#avc:  denied  { call } for  pid=2178 comm="DHEventbusHandl" scontext=u:r:dcamera:s0 tcontext=u:r:dcamera_host:s0 tclass=binder permissive=1
35#avc:  denied  { transfer } for  pid=2429 comm="DHEventbusHandl" scontext=u:r:dcamera:s0 tcontext=u:r:dcamera_host:s0 tclass=binder permissive=1
36allow dcamera dcamera_host:binder { call transfer };
37
38#avc:  denied  { create } for  pid=2166 comm="dcamera" scontext=u:r:dcamera:s0 tcontext=u:r:dcamera:s0 tclass=netlink_route_socket permissive=1
39#avc:  denied  { write } for  pid=2166 comm="dcamera" scontext=u:r:dcamera:s0 tcontext=u:r:dcamera:s0 tclass=netlink_route_socket permissive=1
40#avc:  denied  { nlmsg_read } for  pid=2166 comm="dcamera" scontext=u:r:dcamera:s0 tcontext=u:r:dcamera:s0 tclass=netlink_route_socket permissive=1
41#avc:  denied  { read } for  pid=2166 comm="dcamera" scontext=u:r:dcamera:s0 tcontext=u:r:dcamera:s0 tclass=netlink_route_socket permissive=1
42allow dcamera dcamera:netlink_route_socket { create nlmsg_read read write };
43
44#avc:  denied  { search } for  pid=2047 comm="dcamera" name="socket" dev="tmpfs" ino=38 scontext=u:r:dcamera:s0 tcontext=u:object_r:dev_unix_socket:s0 tclass=dir permissive=1
45allow dcamera dev_unix_socket:dir { search };
46
47#avc:  denied  { read write } for  pid=2520 comm="sa_main" path="/dev/console" dev="tmpfs" ino=19 scontext=u:r:dcamera:s0 tcontext=u:object_r:dev_console_file:s0 tclass=chr_file permissive=0
48allow dcamera dev_console_file:chr_file { read write };
49
50#avc:  denied  { getattr } for  pid=2396 comm="dcamera" path="/dev/dri/renderD128" dev="tmpfs" ino=94 scontext=u:r:dcamera:s0 tcontext=u:object_r:dev_dri_file:s0 tclass=chr_file permissive=1
51#avc:  denied  { read write } for  pid=2396 comm="dcamera" name="renderD128" dev="tmpfs" ino=94 scontext=u:r:dcamera:s0 tcontext=u:object_r:dev_dri_file:s0 tclass=chr_file permissive=1
52#avc:  denied  { open } for  pid=2396 comm="dcamera" path="/dev/dri/renderD128" dev="tmpfs" ino=94 scontext=u:r:dcamera:s0 tcontext=u:object_r:dev_dri_file:s0 tclass=chr_file permissive=1
53#avc:  denied  { ioctl } for  pid=2396 comm="dcamera" path="/dev/dri/renderD128" dev="tmpfs" ino=94 ioctlcmd=0x641f scontext=u:r:dcamera:s0 tcontext=u:object_r:dev_dri_file:s0 tclass=chr_file permissive=1
54allow dcamera dev_dri_file:chr_file { getattr ioctl open read write };
55
56#avc:  denied  { search } for  pid=2396 comm="dcamera" name="dri" dev="tmpfs" ino=93 scontext=u:r:dcamera:s0 tcontext=u:object_r:dev_dri_file:s0 tclass=dir permissive=1
57allow dcamera dev_dri_file:dir { search };
58
59#avc:  denied  { call } for  pid=2464 comm="dcamera" scontext=u:r:dcamera:s0 tcontext=u:r:dhardware:s0 tclass=binder permissive=1
60allow dcamera dhardware:binder { call };
61
62
63
64#avc:  denied  { call } for  pid=2061 comm="dcamera" scontext=u:r:dcamera:s0 tcontext=u:r:allocator_host:s0 tclass=binder permissive=1
65allow dcamera allocator_host:binder { call };
66
67#avc:  denied  { use } for  pid=2033 comm="dcamera" path="/dmabuf:" dev="dmabuf" ino=29931 ioctlcmd=0x6200 scontext=u:r:dcamera:s0 tcontext=u:r:allocator_host:s0 tclass=fd permissive=1
68allow dcamera allocator_host:fd { use };
69
70#avc:  denied  { call } for  pid=2483 comm="ohos.dhardware." scontext=u:r:dcamera:s0 tcontext=u:r:foundation:s0 tclass=binder permissive=1
71allow dcamera foundation:binder { call };
72
73#avc:  denied  { get } for service=hdf_device_manager pid=2053 scontext=u:r:dcamera:s0 tcontext=u:object_r:hdf_device_manager:s0 tclass=hdf_devmgr_class permissive=1
74allow dcamera hdf_device_manager:hdf_devmgr_class { get };
75
76#avc:  denied  { get } for service=distributed_camera_provider_service pid=2053 scontext=u:r:dcamera:s0 tcontext=u:object_r:hdf_distributed_camera_provider_service:s0 tclass=hdf_devmgr_class permissive=1
77allow dcamera hdf_distributed_camera_provider_service:hdf_devmgr_class { get };
78
79
80allow dcamera hdf_allocator_service:hdf_devmgr_class { get };
81
82#avc:  denied  { call } for  pid=2040 comm="DHEventbusHandl" scontext=u:r:dcamera:s0 tcontext=u:r:hdf_devmgr:s0 tclass=binder permissive=1
83#avc:  denied  { transfer } for  pid=2464 comm="dcamera" scontext=u:r:dcamera:s0 tcontext=u:r:hdf_devmgr:s0 tclass=binder permissive=1
84allow dcamera hdf_devmgr:binder { call transfer };
85
86#avc:  denied  { call } for  pid=2061 comm="ohos.dhardware." scontext=u:r:dcamera:s0 tcontext=u:r:media_service:s0 tclass=binder permissive=1
87#avc:  denied  { transfer } for  pid=2061 comm="ohos.dhardware." scontext=u:r:dcamera:s0 tcontext=u:r:media_service:s0 tclass=binder permissive=1
88allow dcamera media_service:binder { call transfer };
89
90#avc:  denied  { read } for  pid=3521 comm="sa_main" name="u:object_r:accessibility_param:s0" dev="tmpfs" ino=53 scontext=u:r:dcamera:s0 tcontext=u:object_r:accessibility_param:s0 tclass=file permissive=0
91allow dcamera accessibility_param:file { read open map };
92
93#avc:  denied  { use } for  pid=514 comm="media_service" path="/dev/ashmem" dev="tmpfs" ino=181 scontext=u:r:dcamera:s0 tcontext=u:r:media_service:s0 tclass=fd permissive=1
94allow dcamera media_service:fd { use };
95
96#avc:  denied  { get } for service=3002 pid=2053 scontext=u:r:dcamera:s0 tcontext=u:object_r:sa_media_service:s0 tclass=samgr_class permissive=1
97allow dcamera sa_media_service:samgr_class { get };
98
99#avc:  denied  { get } for service=3901 pid=2042 scontext=u:r:dcamera:s0 tcontext=u:object_r:sa_param_watcher:s0 tclass=samgr_class permissive=1
100allow dcamera sa_param_watcher:samgr_class { get };
101
102#avc: denied  { get } for service=4700 pid=2053 scontext=u:r:dcamera:s0 tcontext=u:object_r:sa_softbus_service:s0 tclass=samgr_class permissive=1
103allow dcamera sa_softbus_service:samgr_class { get };
104
105#avc:  denied  { add } for service=4803 pid=2068 scontext=u:r:dcamera:s0 tcontext=u:object_r:sa_dcamera_source_service:s0 tclass=samgr_class permissive=1
106allow dcamera sa_dcamera_source_service:samgr_class { add get_remote };
107
108#avc:  denied  { get_remote } for service=4804 pid=2068 scontext=u:r:dcamera:s0 tcontext=u:object_r:sa_dcamera_sink_service:s0 tclass=samgr_class permissive=1
109#avc:  denied  { add } for service=4804 pid=2068 scontext=u:r:dcamera:s0 tcontext=u:object_r:sa_dcamera_sink_service:s0 tclass=samgr_class permissive=1
110allow dcamera sa_dcamera_sink_service:samgr_class { add get_remote };
111
112#avc:  denied  { get } for service=5100 pid=2068 scontext=u:r:dcamera:s0 tcontext=u:object_r:sa_device_service_manager:s0 tclass=samgr_class permissive=1
113allow dcamera sa_device_service_manager:samgr_class { get };
114
115#avc:  denied  { get } for service=3008 pid=2475 scontext=u:r:dcamera:s0 tcontext=u:object_r:sa_camera_service:s0 tclass=samgr_class permissive=1
116allow dcamera sa_camera_service:samgr_class { get };
117
118#avc:  denied  { get } for service=401 pid=2490 scontext=u:r:dcamera:s0 tcontext=u:object_r:sa_foundation_bms:s0 tclass=samgr_class permissive=1
119allow dcamera sa_foundation_bms:samgr_class { get };
120
121#avc:  denied  { read } for  pid=2433 comm="THREAD_POOL" scontext=u:r:dcamera:s0 tcontext=u:r:softbus_server:s0 tclass=tcp_socket permissive=1
122#avc:  denied  { setopt } for  pid=2047 comm="DHEventbusHandl" scontext=u:r:dcamera:s0 tcontext=u:r:softbus_server:s0 tclass=tcp_socket permissive=1
123#avc:  denied  { shutdown } for  pid=2061 comm="THREAD_POOL" scontext=u:r:dcamera:s0 tcontext=u:r:softbus_server:s0 tclass=tcp_socket permissive=1
124#avc:  denied  { write } for  pid=2047 comm="DHEventbusHandl" scontext=u:r:dcamera:s0 tcontext=u:r:softbus_server:s0 tclass=tcp_socket permissive=1
125allow dcamera softbus_server:tcp_socket { read setopt write shutdown };
126
127#avc:  denied  { call } for  pid=2047 comm="DHEventbusHandl" scontext=u:r:dcamera:s0 tcontext=u:r:softbus_server:s0 tclass=binder permissive=1
128#avc:  denied  { transfer } for  pid=2061 comm="dcamera" scontext=u:r:dcamera:s0 tcontext=u:r:softbus_server:s0 tclass=binder permissive=1
129allow dcamera softbus_server:binder { call transfer };
130
131#avc:  denied  { use } for  pid=586 comm="THREAD_POOL"  scontext=u:r:dcamera:s0 tcontext=u:r:softbus_server:s0 tclass=fd permissive=1
132allow dcamera softbus_server:fd { use };
133
134#avc:  denied  { read } for  pid=2020 comm="sa_main" name="u:object_r:ohos_dev_param:s0" dev="tmpfs" ino=30 scontext=u:r:dcamera:s0 tcontext=u:object_r:ohos_dev_param:s0 tclass=file permissive=0
135allow dcamera ohos_dev_param:file { read };
136
137#avc:  denied  { get } for service=3503 pid=2648 scontext=u:r:dcamera:s0 tcontext=u:object_r:sa_accesstoken_manager_service:s0 tclass=samgr_class permissive=1
138allow dcamera sa_accesstoken_manager_service:samgr_class { get };
139
140#avc:  denied  { node_bind } for  pid=2166 comm="Fillp_core_210" scontext=u:r:dcamera:s0 tcontext=u:object_r:node:s0 tclass=udp_socket permissive=1
141allow dcamera node:udp_socket { node_bind };
142allow dcamera init:binder { call transfer };
143debug_only(`
144    allow dcamera sh:binder { call transfer };
145')
146
147#avc:  denied  { get } for service=4803 pid=560 scontext=u:r:hidumper_service:s0 tcontext=u:object_r:sa_dcamera_source_service:s0 tclass=samgr_class permissive=0
148# avc:  denied  { get } for service=4804 pid=560 scontext=u:r:hidumper_service:s0 tcontext=u:object_r:sa_dcamera_sink_service:s0 tclass=samgr_class permissive=0
149allow hidumper_service sa_dcamera_source_service:samgr_class { get };
150allow hidumper_service sa_dcamera_sink_service:samgr_class { get };
151
152#avc:  denied  { get } for service=4801 pid=2892 scontext=u:r:dcamera:s0 tcontext=u:object_r:sa_dhardware_service:s0 tclass=samgr_class permissive=0
153allow dcamera sa_dhardware_service:samgr_class { get };
154
155#avc:  denied  { search } for  pid=3030 comm="sa_main" name="bin" dev="sdd72" ino=12 scontext=u:r:dcamera:s0 tcontext=u:object_r:vendor_bin_file:s0 tclass=dir permissive=1
156allow dcamera vendor_bin_file:dir { search };
157
158#avc:  denied  { call } for  pid=571 comm="msdp" scontext=u:r:dcamera:s0 tcontext=u:r:accesstoken_service:s0 tclass=binder permissive=1
159allow dcamera accesstoken_service:binder { call };
160
161#avc:  denied  { get } for service=4802 pid=3227 scontext=u:r:dcamera:s0 tcontext=u:object_r:sa_foundation_devicemanager_service:s0 tclass=samgr_class permissive=1
162allow dcamera sa_foundation_devicemanager_service:samgr_class { get };
163
164#avc:  denied  { call } for  pid=2169 comm="dcamera" scontext=u:r:dcamera:s0 tcontext=u:r:device_manager:s0 tclass=binder permissive=0
165#avc:  denied  { transfer } for  pid=2712 comm="IPC_1_2732" scontext=u:r:dcamera:s0 tcontext=u:r:device_manager:s0 tclass=binder permissive=1
166allow dcamera device_manager:binder { call transfer };
167
168allow dcamera bootevent_param:file { map open read };
169allow dcamera bootevent_samgr_param:file { map open read };
170allow dcamera build_version_param:file { map open read };
171allow dcamera const_allow_mock_param:file { map open read };
172allow dcamera const_allow_param:file { map open read };
173allow dcamera const_build_param:file { map open read };
174allow dcamera const_display_brightness_param:file { map open read };
175allow dcamera const_param:file { map open read };
176allow dcamera const_postinstall_fstab_param:file { map open read };
177allow dcamera const_postinstall_param:file { map open read };
178allow dcamera const_product_param:file { map open read };
179allow dcamera dcamera_host:binder { transfer };
180allow dcamera debug_param:file { map open read };
181allow dcamera default_param:file { map open read };
182allow dcamera distributedsche_param:file { map open read };
183allow dcamera hilog_param:file { map open read };
184allow dcamera hw_sc_build_os_param:file { map open read };
185allow dcamera hw_sc_build_param:file { map open read };
186allow dcamera hw_sc_param:file { map open read };
187allow dcamera init_param:file { map open read };
188allow dcamera init_svc_param:file { map open read };
189allow dcamera input_pointer_device_param:file { map open read };
190allow dcamera net_param:file { map open read };
191allow dcamera net_tcp_param:file { map open read };
192allow dcamera ohos_boot_param:file { map open read };
193allow dcamera ohos_param:file { map open read };
194allow dcamera param_watcher:binder { call transfer };
195allow dcamera persist_param:file { map open read };
196allow dcamera persist_sys_param:file { map open read };
197allow dcamera security_param:file { map open read };
198allow dcamera startup_param:file { map open read };
199allow dcamera sys_param:file { map open read };
200allow dcamera system_bin_file:dir { search };
201allow dcamera sys_usb_param:file { map open read };
202allow dcamera tracefs:dir { search };
203allow dcamera tracefs_trace_marker_file:file { open write };
204