• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# Copyright (c) 2022 Huawei Device Co., Ltd.
2# Licensed under the Apache License, Version 2.0 (the "License");
3# you may not use this file except in compliance with the License.
4# You may obtain a copy of the License at
5#
6#     http://www.apache.org/licenses/LICENSE-2.0
7#
8# Unless required by applicable law or agreed to in writing, software
9# distributed under the License is distributed on an "AS IS" BASIS,
10# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11# See the License for the specific language governing permissions and
12# limitations under the License.
13
14debug_only(`
15    #avc:  denied  { read } for  pid=2050 comm="ps" scontext=u:r:sh:s0 tcontext=u:r:device_manager:s0 tclass=file permissive=1
16    #avc:  denied  { open } for  pid=2057 comm="ps" path="/proc/489/stat" dev="proc" ino=39097 scontext=u:r:sh:s0 tcontext=u:r:device_manager:s0 tclass=file permissive=1
17    allow sh device_manager:file { read open };
18')
19
20debug_only(`
21    #avc:  denied  { getattr } for  pid=2057 comm="ps" path="/proc/489" dev="proc" ino=35768 scontext=u:r:sh:s0 tcontext=u:r:device_manager:s0 tclass=dir permissive=1
22    #avc:  denied  { search } for  pid=2057 comm="ps" name="489" dev="proc" ino=35768 scontext=u:r:sh:s0 tcontext=u:r:device_manager:s0 tclass=dir permissive=1
23    allow sh device_manager:dir { getattr search };
24')
25
26debug_only(`
27    #avc:  denied  { call } for  pid=1952 comm="credentialtest" scontext=u:r:sh:s0 tcontext=u:r:device_manager:s0 tclass=binder permissive=1
28    #avc:  denied  { transfer } for  pid=1952 comm="credentialtest" scontext=u:r:sh:s0 tcontext=u:r:device_manager:s0 tclass=binder permissive=1
29    allow sh device_manager:binder { call transfer };
30')
31
32debug_only(`
33    #avc:  denied  { get } for service=4802 pid=2136 scontext=u:r:sh:s0 tcontext=u:object_r:sa_foundation_devicemanager_service:s0 tclass=samgr_class permissive=1
34    allow sh sa_foundation_devicemanager_service:samgr_class { get };
35')
36
37debug_only(`
38    #avc:  denied  { get } for service=4801 pid=1855 scontext=u:r:sh:s0 tcontext=u:object_r:sa_dhardware_service:s0 tclass=samgr_class permissive=1
39    allow sh sa_dhardware_service:samgr_class { get };
40')
41