1# Copyright (c) 2022-2023 Huawei Device Co., Ltd. 2# Licensed under the Apache License, Version 2.0 (the "License"); 3# you may not use this file except in compliance with the License. 4# You may obtain a copy of the License at 5# 6# http://www.apache.org/licenses/LICENSE-2.0 7# 8# Unless required by applicable law or agreed to in writing, software 9# distributed under the License is distributed on an "AS IS" BASIS, 10# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11# See the License for the specific language governing permissions and 12# limitations under the License. 13 14allow softbus_server bluetooth_service:fd { use }; 15allow softbus_server bluetooth_service:unix_stream_socket { read read write setopt shutdown write }; 16 17#avc: denied { call } for pid=496 comm="softbus_server" scontext=u:r:softbus_server:s0 tcontext=u:r:dcamera:s0 tclass=binder permissive=0 18allow softbus_server dcamera:binder { call transfer }; 19 20#avc: denied { call } for pid=471 comm="softbus_server" scontext=u:r:softbus_server:s0 tcontext=u:r:dscreen:s0 tclass=binder permissive=0 21allow softbus_server dscreen:binder { call }; 22 23allow softbus_server d-bms:binder { call }; 24 25#avc: denied { transfer } for pid=558 comm="softbus_server" scontext=u:r:softbus_server:s0 tcontext=u:r:normal_hap:s0 tclass=binder permissive=0 26#avc: denied { transfer } for pid=471 comm="softbus_server" scontext=u:r:softbus_server:s0 tcontext=u:r:normal_hap:s0 tclass=binder permissive=0 27allow softbus_server normal_hap_attr:binder { call transfer }; 28 29#avc: denied { use } for pid=1537 comm="com.ohos.settin" path="/dev/ashmem" dev="tmpfs" ino=178 scontext=u:r:softbus_server:s0 tcontext=u:r:normal_hap:s0 tclass=fd permissive=0 30#avc: denied { use } for pid=1601 comm="com.ohos.settin" path="/dev/ashmem" dev="tmpfs" ino=177 scontext=u:r:softbus_server:s0 tcontext=u:r:normal_hap:s0 tclass=fd permissive=0 31allow softbus_server normal_hap_attr:fd { use }; 32 33allow softbus_server sa_accesstoken_manager_service:samgr_class { get }; 34allow softbus_server sa_accountmgr:samgr_class { get }; 35allow softbus_server sa_bluetooth_server:samgr_class { get }; 36allow softbus_server sa_foundation_abilityms:samgr_class { get }; 37allow softbus_server sa_foundation_cesfwk_service:samgr_class { get }; 38allow softbus_server sa_param_watcher:samgr_class { get }; 39 40#avc: denied { get } for service=3505 pid=532 scontext=u:r:softbus_server:s0 tcontext=u:object_r:sa_privacy_service:s0 tclass=samgr_class permissive=0 41allow softbus_server sa_privacy_service:samgr_class { get }; 42 43allow softbus_server sa_softbus_service:samgr_class { add get }; 44allow softbus_server sa_wifi_device_ability:samgr_class { get }; 45allow softbus_server sa_wifi_hotspot_ability:samgr_class { get }; 46allow softbus_server sa_wifi_p2p_ability:samgr_class { get }; 47allow softbus_server sa_wifi_scan_ability:samgr_class { get }; 48debug_only(` 49 allow softbus_server sh:binder { call transfer }; 50') 51 52#avc: denied { create } for pid=540 comm="softbus_server" scontext=u:r:softbus_server:s0 tcontext=u:r:softbus_server:s0 tclass=socket permissive=0 53allow softbus_server softbus_server:socket { bind create ioctl setopt shutdown getattr connect accept listen read write getopt }; 54 55#avc: denied { getopt } for pid=482 comm="THREAD_POOL" scontext=u:r:softbus_server:s0 tcontext=u:r:softbus_server:s0 tclass=tcp_socket permissive=1 56allow softbus_server softbus_server:tcp_socket { getopt }; 57 58#avc: denied { ioctl } for pid=526 comm="softbus_server" path="socket:[36080]" dev="sockfs" ino=36080 ioctlcmd=0x8933 scontext=u:r:softbus_server:s0 tcontext=u:r:softbus_server:s0 tclass=socket permissive=0 59allowxperm softbus_server softbus_server:socket ioctl { 0x8933 0x8916 0x890B 0x8913 0x8936 0x890c }; 60 61#avc: denied { call } for pid=509 comm="0IPC_686" scontext=u:r:softbus_server:s0 tcontext=u:r:system_core_hap:s0 tclass=binder permissive=0 62allow softbus_server system_core_hap_attr:binder { call }; 63 64binder_call(softbus_server, privacy_service); 65 66allow softbus_server musl_param:file { open map read }; 67 68#avc: denied { use } for pid=530 comm="IPC_0_952" path="/dev/ashmem" dev="tmpfs" ino=184 scontext=u:r:softbus_server:s0 tcontext=u:r:distributeddata:s0 tclass=fd permissive=1 69allow softbus_server distributeddata:fd { use }; 70 71#avc: denied { get } for service=1301 pid=494 scontext=u:r:softbus_server:s0 tcontext=u:object_r:sa_distributeddata_service:s0 tclass=samgr_class permissive=0 72allow softbus_server sa_distributeddata_service:samgr_class { get }; 73 74#avc: denied { get } for service=182 pid=522 scontext=u:r:softbus_server:s0 tcontext=u:object_r:sa_dataobs_mgr_service_service:s0 tclass=samgr_class permissive=0 75allow softbus_server sa_dataobs_mgr_service_service:samgr_class { get }; 76 77#avc: denied { get } for service=401 pid=512 scontext=u:r:softbus_server:s0 tcontext=u:object_r:sa_foundation_bms:s0 tclass=samgr_class permissive=0 78allow softbus_server sa_foundation_bms:samgr_class { get }; 79 80# avc: denied { read write } for pid=2312 comm="SaInit0" name="btdev0" dev="tmpfs" ino=184 scontext =u:r:softbus_server:s0 tcontext=u:object_r:dev_file:s0 tclass=chr_file permissive=0 81debug_only(` 82 allow softbus_server dev_file:chr_file { read write open ioctl }; 83') 84 85#avc: denied { read } for pid=456 comm="softbus_server" name="af_ninet" dev="sysfs" ino=13529 scontext=u:r:softbus_server:s0 tcontext=u:object_r:sys_file:s0 tclass=file permissive=0 86allow softbus_server sys_file:file { open read }; 87 88#avc: denied { read } for pid=497 comm="softbus_server" name="nip_route" dev="proc" ino=4026532651 scontext=u:r:softbus_server:s0 tcontext=u:object_r:proc_net:s0 tclass=file permissive=0 89#avc: denied { getattr } for pid=540 comm="SaInit0" path="/proc/540/net/nip_route" dev="proc" ino=4026532673 scontext=u:r:softbus_server:s0 tcontext=u:object_r:proc_net:s0 tclass=file permissive=0 90allow softbus_server proc_net:file { open getattr read }; 91