1# Copyright (c) 2022-2023 Huawei Device Co., Ltd. 2# Licensed under the Apache License, Version 2.0 (the "License"); 3# you may not use this file except in compliance with the License. 4# You may obtain a copy of the License at 5# 6# http://www.apache.org/licenses/LICENSE-2.0 7# 8# Unless required by applicable law or agreed to in writing, software 9# distributed under the License is distributed on an "AS IS" BASIS, 10# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11# See the License for the specific language governing permissions and 12# limitations under the License 13 14allow hiprofiler_plugins data_file:dir search; 15allow hiprofiler_plugins data_init_agent:dir search; 16allow hiprofiler_plugins data_init_agent:file { append ioctl open read }; 17allow hiprofiler_plugins dev_unix_socket:sock_file write; 18allow hiprofiler_plugins devpts:chr_file { read write }; 19allow hiprofiler_plugins hdcd:unix_stream_socket { read write }; 20allow hiprofiler_plugins hdcd:fifo_file write; 21allow hiprofiler_plugins tty_device:chr_file { read write }; 22allow hiprofiler_plugins dev_unix_socket:dir search; 23allow hiprofiler_plugins proc_cpuinfo_file:file { open read }; 24allow hiprofiler_plugins system_bin_file:dir search; 25allow hiprofiler_plugins data_local:dir search; 26allow hiprofiler_plugins hiprofilerd:unix_stream_socket connectto; 27allow hiprofiler_plugins hiprofilerd:fd { use }; 28 29allow hiprofiler_plugins appspawn:file read; 30allow hiprofiler_plugins hdcd:fd use; 31allow hiprofiler_plugins hdf_devmgr:file read; 32allow hiprofiler_plugins hilog_param:file { map open read }; 33allow hiprofiler_plugins init:file { getattr open read }; 34allow hiprofiler_plugins kernel:file read; 35allow hiprofiler_plugins net_param:file read; 36allow hiprofiler_plugins net_tcp_param:file read; 37allow hiprofiler_plugins ohos_boot_param:file { map open read }; 38allow hiprofiler_plugins ohos_param:file { map open read }; 39allow hiprofiler_plugins param_watcher:file read; 40allow hiprofiler_plugins persist_param:file { map open read }; 41allow hiprofiler_plugins persist_sys_param:file read; 42allow hiprofiler_plugins proc_stat_file:file { getattr open read }; 43allow hiprofiler_plugins samgr:file read; 44allow hiprofiler_plugins security_param:file { map open read }; 45allow hiprofiler_plugins storage_manager:file read; 46allow hiprofiler_plugins sys_param:file { map open read }; 47allow hiprofiler_plugins sys_usb_param:file read; 48allow hiprofiler_plugins sysfs_devices_system_cpu:dir { open read }; 49allow hiprofiler_plugins sysfs_devices_system_cpu:file { getattr read }; 50allow hiprofiler_plugins tmpfs:file write; 51allow hiprofiler_plugins udevd:file read; 52allow hiprofiler_plugins watchdog_service:file read; 53 54allow hiprofiler_plugins const_param:file read; 55allow hiprofiler_plugins const_postinstall_param:file read; 56allow hiprofiler_plugins hw_sc_build_os_param:file read; 57allow hiprofiler_plugins hw_sc_build_param:file read; 58allow hiprofiler_plugins hw_sc_param:file { map open read }; 59allow hiprofiler_plugins init_param:file read; 60allow hiprofiler_plugins init_svc_param:file read; 61allow hiprofiler_plugins net_param:file { map open }; 62allow hiprofiler_plugins net_tcp_param:file { map open }; 63allow hiprofiler_plugins sys_usb_param:file { map open }; 64 65allow hiprofiler_plugins const_param:file { map open }; 66allow hiprofiler_plugins hw_sc_build_os_param:file { map open }; 67allow hiprofiler_plugins hw_sc_build_param:file { map open }; 68allow hiprofiler_plugins init_param:file { map open }; 69allow hiprofiler_plugins init_svc_param:file { map open }; 70allow hiprofiler_plugins const_postinstall_param:file open; 71 72allow hiprofiler_plugins const_allow_mock_param:file read; 73allow hiprofiler_plugins const_allow_param:file { open read }; 74allow hiprofiler_plugins const_build_param:file read; 75allow hiprofiler_plugins const_postinstall_fstab_param:file { map open read }; 76allow hiprofiler_plugins const_postinstall_param:file map; 77allow hiprofiler_plugins const_product_param:file read; 78allow hiprofiler_plugins debug_param:file read; 79allow hiprofiler_plugins persist_sys_param:file open; 80allow hiprofiler_plugins startup_param:file read; 81allow hiprofiler_plugins bootevent_param:file read; 82allow hiprofiler_plugins bootevent_samgr_param:file read; 83allow hiprofiler_plugins build_version_param:file read; 84allow hiprofiler_plugins const_allow_mock_param:file open; 85allow hiprofiler_plugins const_allow_param:file map; 86allow hiprofiler_plugins const_build_param:file open; 87allow hiprofiler_plugins const_product_param:file open; 88allow hiprofiler_plugins debug_param:file open; 89allow hiprofiler_plugins persist_sys_param:file map; 90allow hiprofiler_plugins startup_param:file open; 91 92allow hiprofiler_plugins bootevent_param:file { map open }; 93allow hiprofiler_plugins bootevent_samgr_param:file open; 94allow hiprofiler_plugins build_version_param:file { map open }; 95allow hiprofiler_plugins const_allow_mock_param:file map; 96allow hiprofiler_plugins const_build_param:file map; 97allow hiprofiler_plugins const_product_param:file map; 98allow hiprofiler_plugins debug_param:file map; 99allow hiprofiler_plugins startup_param:file map; 100 101allow hiprofiler_plugins bootevent_samgr_param:file map; 102allow hiprofiler_plugins const_display_brightness_param:file { map open read }; 103allow hiprofiler_plugins distributedsche_param:file { map open read }; 104allow hiprofiler_plugins input_pointer_device_param:file { map open read }; 105 106allow hiprofiler_plugins default_param:file { map open read }; 107 108allow hiprofiler_plugins accessibility:file { getattr open read }; 109allow hiprofiler_plugins distributeddata:file { getattr read }; 110allow hiprofiler_plugins hilog_exec:file { execute execute_no_trans getattr map open read }; 111allow hiprofiler_plugins init:dir { open read }; 112allow hiprofiler_plugins kernel:file { getattr open }; 113allow hiprofiler_plugins media_service:dir search; 114allow hiprofiler_plugins proc_meminfo_file:file { getattr open read }; 115allow hiprofiler_plugins proc_vmstat_file:file { getattr open read }; 116allow hiprofiler_plugins sysfs_block_zram:file { open read }; 117allow hiprofiler_plugins sysfs_devices_system_cpu:file open; 118 119allow hiprofiler_plugins tracefs:file write; 120 121allow hiprofiler_plugins init:dir search; 122allow hiprofiler_plugins init:unix_stream_socket connectto; 123allow hiprofiler_plugins mmi_uinput_service:file read; 124 125allow hiprofiler_plugins accountmgr:file read; 126allow hiprofiler_plugins deviceauth_service:file read; 127allow hiprofiler_plugins huks_service:file read; 128allow hiprofiler_plugins locationhub:file read; 129allow hiprofiler_plugins memmgrservice:file read; 130allow hiprofiler_plugins multimodalinput:file read; 131allow hiprofiler_plugins resource_schedule_service:file read; 132allow hiprofiler_plugins storage_daemon:file read; 133 134allow hiprofiler_plugins bgtaskmgr_service:file read; 135allow hiprofiler_plugins bluetooth_service:file read; 136allow hiprofiler_plugins device_usage_stats_service:file read; 137allow hiprofiler_plugins pasteboard_service:file read; 138allow hiprofiler_plugins pulseaudio:file read; 139 140allow hiprofiler_plugins audio_policy:file read; 141allow hiprofiler_plugins download_server:file read; 142allow hiprofiler_plugins edm_sa:file read; 143allow hiprofiler_plugins msdp_sa:file read; 144allow hiprofiler_plugins screenlock_server:file read; 145allow hiprofiler_plugins time_service:file read; 146allow hiprofiler_plugins tty_device:chr_file open; 147allow hiprofiler_plugins wallpaper_service:file read; 148 149allow hiprofiler_plugins codec_host:file read; 150allow hiprofiler_plugins face_auth_host:file read; 151allow hiprofiler_plugins fingerprint_auth_host:file read; 152allow hiprofiler_plugins hdcd:fifo_file ioctl; 153allow hiprofiler_plugins hilog_control_socket:sock_file write; 154allow hiprofiler_plugins light_host:file read; 155allow hiprofiler_plugins location_host:file read; 156allow hiprofiler_plugins pin_auth_host:file read; 157allow hiprofiler_plugins sensor_host:file read; 158allow hiprofiler_plugins user_auth_host:file read; 159allow hiprofiler_plugins vibrator_host:file read; 160 161allow hiprofiler_plugins audio_host:file read; 162allow hiprofiler_plugins blue_host:file read; 163allow hiprofiler_plugins camera_host:file read; 164allow hiprofiler_plugins allocator_host:file read; 165allow hiprofiler_plugins input_user_host:file read; 166allow hiprofiler_plugins power_host:file read; 167allow hiprofiler_plugins usb_host:file read; 168allow hiprofiler_plugins wifi_host:file read; 169 170allow hiprofiler_plugins camera_service:file read; 171allow hiprofiler_plugins faultloggerd:file read; 172allow hiprofiler_plugins media_service:file read; 173allow hiprofiler_plugins render_service:file read; 174allow hiprofiler_plugins useriam:file read; 175allow hiprofiler_plugins wifi_hal_service:file read; 176 177allow hiprofiler_plugins distributedsche:file read; 178allow hiprofiler_plugins softbus_server:file read; 179allow hiprofiler_plugins ui_service:file read; 180 181allow hiprofiler_plugins hiview:file read; 182allow hiprofiler_plugins installs:file read; 183allow hiprofiler_plugins sensors:file read; 184 185allow hiprofiler_plugins foundation:file read; 186allow hiprofiler_plugins hdcd:file read; 187allow hiprofiler_plugins hidumper_service:file read; 188allow hiprofiler_plugins hiprofilerd:file read; 189allow hiprofiler_plugins kernel:dir search; 190allow hiprofiler_plugins pinauth:file read; 191allow hiprofiler_plugins wifi_manager_service:file read; 192 193allow hiprofiler_plugins proc_file:file write; 194allow hiprofiler_plugins udevd:file { getattr open }; 195 196allow hiprofiler_plugins deviceauth_service:dir search; 197allow hiprofiler_plugins deviceauth_service:file { getattr open }; 198allow hiprofiler_plugins resource_schedule_service:dir search; 199allow hiprofiler_plugins resource_schedule_service:file { getattr open }; 200allow hiprofiler_plugins storage_daemon:dir search; 201allow hiprofiler_plugins storage_daemon:file { getattr open }; 202 203allow hiprofiler_plugins hilogd:file getattr; 204allow hiprofiler_plugins system_bin_file:file execute; 205allow hiprofiler_plugins tmpfs:file { map read }; 206allow hiprofiler_plugins tracefs:dir search; 207allow hiprofiler_plugins tracefs:file { getattr read }; 208 209allow hiprofiler_plugins accountmgr:file getattr; 210allow hiprofiler_plugins bgtaskmgr_service:file getattr; 211allow hiprofiler_plugins bluetooth_service:file getattr; 212allow hiprofiler_plugins device_usage_stats_service:file getattr; 213allow hiprofiler_plugins hiprofiler_cmd:file getattr; 214allow hiprofiler_plugins hiprofilerd:file getattr; 215allow hiprofiler_plugins huks_service:file getattr; 216allow hiprofiler_plugins locationhub:file getattr; 217allow hiprofiler_plugins memmgrservice:file getattr; 218allow hiprofiler_plugins pasteboard_service:file getattr; 219allow hiprofiler_plugins proc_file:file { getattr open read }; 220allow hiprofiler_plugins pulseaudio:file getattr; 221allow hiprofiler_plugins tracefs:file open; 222 223allow hiprofiler_plugins proc_diskstats_file:file { open read }; 224allow hiprofiler_plugins rootfs:file getattr; 225 226allow hiprofiler_plugins hiprofiler_cmd:fd use; 227allow hiprofiler_plugins rootfs:file read; 228allow hiprofiler_plugins tty_device:chr_file ioctl; 229allow hiprofiler_plugins hilog_output_socket:sock_file write; 230 231allow hiprofiler_plugins proc_uptime_file:file { open read }; 232allow hiprofiler_plugins tracefs:dir { open read }; 233 234allow hiprofiler_plugins tracefs:file append; 235 236allow hiprofiler_plugins data_local_tmp:dir { getattr read watch watch_reads add_name write open search remove_name }; 237allow hiprofiler_plugins data_local_tmp:file { create read open write lock getattr unlink }; 238allow hiprofiler_plugins self:capability { sys_ptrace dac_read_search }; 239 240debug_only(` 241 allow hiprofiler_plugins self:capability { sys_admin }; 242 allow hiprofiler_plugins sh_exec:file { execute execute_no_trans map open read }; 243 allow hiprofiler_plugins self:capability setgid; 244 allow hiprofiler_plugins sh:fd use; 245 allow hiprofiler_plugins sh:dir { open read }; 246 allow hiprofiler_plugins sh:file { getattr open }; 247 allow hiprofiler_plugins console:file read; 248') 249 250allow hiprofiler_plugins domain:dir { open read getattr search }; 251allow hiprofiler_plugins domain:file { open read getattr }; 252 253allow hiprofiler_plugins data_local_tmp:file ioctl; 254allow hiprofiler_plugins hilogd:unix_stream_socket connectto; 255allow hiprofiler_plugins musl_param:file { open read }; 256 257neverallow hiprofiler_plugins *:process ptrace; 258allow hiprofiler_plugins musl_param:file map; 259allow hiprofiler_plugins dev_unix_file:sock_file write; 260allow hiprofiler_plugins hisysevent_exec:file { open read execute execute_no_trans map}; 261allow hiprofiler_plugins samgr:binder call; 262allow hiprofiler_plugins sa_sys_event_service:samgr_class get; 263allow hiprofiler_plugins hiview:binder { call transfer }; 264allow hiprofiler_plugins dev_console_file:chr_file { read write }; 265allow hiprofiler_plugins proc_diskstats_file:file getattr; 266allow hiprofiler_plugins proc_uptime_file:file getattr; 267 268allow hiprofiler_plugins appspawn_exec:file read; 269allow hiprofiler_plugins data_local_tmp:fifo_file { open read unlink write }; 270allow hiprofiler_plugins hiview_exec:file { getattr map open read }; 271allow hiprofiler_plugins self:perf_event write; 272allow hiprofiler_plugins storage_daemon_exec:file { getattr map open read }; 273allow hiprofiler_plugins vendor_bin_file:file { getattr map open read }; 274allow hiprofiler_plugins vendor_bin_file:dir search; 275allow hiprofiler_plugins dev_file:dir getattr; 276 277allow hiprofiler_plugins hisysevent:process sigkill; 278