1# Copyright (c) 2022-2023 Huawei Device Co., Ltd. 2# Licensed under the Apache License, Version 2.0 (the "License"); 3# you may not use this file except in compliance with the License. 4# You may obtain a copy of the License at 5# 6# http://www.apache.org/licenses/LICENSE-2.0 7# 8# Unless required by applicable law or agreed to in writing, software 9# distributed under the License is distributed on an "AS IS" BASIS, 10# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11# See the License for the specific language governing permissions and 12# limitations under the License. 13 14debug_only(` 15 #avc: denied { get } for service=3301 pid=1969 scontext=u:r:sh:s0 tcontext=u:object_r:sa_foundation_powermgr_service:s0 tclass=samgr_class permissive=1 16 allow sh sa_foundation_powermgr_service:samgr_class { get }; 17 18 #avc: denied { call } for pid=3190 comm="test_power_sett" scontext=u:r:sh:s0 tcontext=u:r:system_basic_hap:s0 tclass=binder permissive=1 19 #avc: denied { transfer } for pid=3190 comm="test_power_sett" scontext=u:r:sh:s0 tcontext=u:r:system_basic_hap:s0 tclass=binder permissive=1 20 allow sh system_basic_hap_attr:binder { call transfer }; 21 22 #avc: denied { call } for pid=4868 comm="test_power_sett" scontext=u:r:sh:s0 tcontext=u:r:normal_hap:s0 tclass=binder permissive=1 23 #avc: denied { transfer } for pid=4868 comm="test_power_sett" scontext=u:r:sh:s0 tcontext=u:r:normal_hap:s0 tclass=binder permissive=1 24 allow sh normal_hap_attr:binder { call transfer }; 25 26 #avc: denied { getattr } for pid=2030 comm="sh" path="/sys/power/wakeup_count" dev="sysfs" ino=4994 scontext=u:r:sh:s0 tcontext=u:object_r:sysfs_power:s0 tclass=file permissive=1 27 allow sh sysfs_power:file { getattr }; 28 29 #avc: denied { getattr } for pid=2030 comm="sh" path="/sys/power/wake_unlock" dev="sysfs" ino=4999 scontext=u:r:sh:s0 tcontext=u:object_r:sysfs_wake_lck:s0 tclass=file permissive=1 30 #avc: denied { open } for pid=2030 comm="sh" path="/sys/power/wake_lock" dev="sysfs" ino=4998 scontext=u:r:sh:s0 tcontext=u:object_r:sysfs_wake_lck:s0 tclass=file permissive=1 31 allow sh sysfs_wake_lck:file { getattr open }; 32 33 #avc: denied { getattr } for pid=1687 comm="power_mode_modu" path="/system/etc/power_config/power_mode_config.xml" dev="mmcblk0p7" ino=750 scontext=u:r:sh:s0 tcontext=u:object_r:system_etc_power_mode_config_file:s0 tclass=file permissive=1 34 #avc: denied { open } for pid=1687 comm="power_mode_modu" path="/system/etc/power_config/power_mode_config.xml" dev="mmcblk0p7" ino=750 scontext=u:r:sh:s0 tcontext=u:object_r:system_etc_power_mode_config_file:s0 tclass=file permissive=1 35 #avc: denied { read } for pid=2108 comm="IPC_1_2110" name="power_mode_config.xml" dev="mmcblk0p7" ino=750 scontext=u:r:sh:s0 tcontext=u:object_r:system_etc_power_mode_config_file:s0 tclass=file permissive=1 36 allow sh system_etc_power_mode_config_file:file { getattr open read }; 37 38 #avc: denied { create } for pid=2903 comm="mkdir" name="power_config" scontext=u:r:sh:s0 tcontext=u:object_r:vendor_etc_file:s0 tclass=dir permissive=1 39 allow sh vendor_etc_file:dir { create }; 40 allow sh power_shell_exec:file { execute execute_no_trans getattr map open read read open }; 41') 42