• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# Copyright (c) 2022-2023 Huawei Device Co., Ltd.
2# Licensed under the Apache License, Version 2.0 (the "License");
3# you may not use this file except in compliance with the License.
4# You may obtain a copy of the License at
5#
6#     http://www.apache.org/licenses/LICENSE-2.0
7#
8# Unless required by applicable law or agreed to in writing, software
9# distributed under the License is distributed on an "AS IS" BASIS,
10# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11# See the License for the specific language governing permissions and
12# limitations under the License.
13
14#avc:  denied  { get } for service=5100 pid=622 scontext=u:r:foundation:s0 tcontext=u:object_r:sa_device_service_manager:s0 tclass=samgr_class permissive=1
15allow foundation sa_device_service_manager:samgr_class { get };
16
17#avc:  denied  { get } for service=3299 pid=622 scontext=u:r:foundation:s0 tcontext=u:object_r:sa_foundation_cesfwk_service:s0 tclass=samgr_class permissive=1
18allow foundation sa_foundation_cesfwk_service:samgr_class { get };
19
20#avc:  denied  { add } for service=3303 pid=536 scontext=u:r:foundation:s0 tcontext=u:object_r:sa_foundation_service:s0 tclass=samgr_class permissive=1
21allow foundation sa_foundation_thermal_service:samgr_class { add };
22
23#avc:  denied  { call } for  pid=472 comm="thermal" scontext=u:r:thermal:s0 tcontext=u:r:sh:s0 tclass=binder permissive=1
24debug_only(`
25    allow foundation sh:binder { call };
26')
27
28#avc:  denied  { call } for  pid=472 comm="thermal" scontext=u:r:thermal:s0 tcontext=u:r:normal_hap:s0 tclass=binder permissive=1
29allow foundation normal_hap_attr:binder { call };
30
31#avc:  denied  { get } for service=1906 pid=470 scontext=u:r:thermal:s0 tcontext=u:object_r:sa_resource_schedule_socperf_server:s0 tclass=samgr_class permissive=1
32allow foundation sa_resource_schedule_socperf_server:samgr_class { get };
33
34#avc:  denied  { call } for  pid=412 comm="thermal" scontext=u:r:thermal:s0 tcontext=u:r:resource_schedule_service:s0 tclass=binder permissive=1
35allow foundation resource_schedule_service:binder { call };
36
37#avc:  denied  { add } for service=3303 pid=530 scontext=u:r:thermal:s0 tcontext=u:object_r:vendor_etc_file:s0 tclass=file permissive=1
38allow foundation vendor_etc_file:file { getattr open read };
39
40#avc:  denied  { get } for service=3308 pid=471 scontext=u:r:thermal:s0 tcontext=u:object_r:sa_foundation_displaymgr_service:s0 tclass=samgr_class permissive=1
41allow foundation sa_foundation_displaymgr_service:samgr_class { get };
42
43#avc:  denied  { get } for service=3009 pid=2003 scontext=u:r:thermal:s0 tcontext=u:object_r:sa_audio_policy_service:s0 tclass=samgr_class permissive=1
44allow foundation sa_audio_policy_service:samgr_class { get };
45
46#avc:  denied  { call } for  pid=2298 comm="thermal" scontext=u:r:thermal:s0 tcontext=u:r:audio_policy:s0 tclass=binder permissive=1
47allow foundation audio_policy:binder { call };
48
49#avc:  denied  { add } for service=3303 pid=487 scontext=u:r:foundation:s0 tcontext=u:object_r:sa_thermal_service:s0 tclass=samgr_class permissive=1
50allow foundation sa_foundation_thermal_service:samgr_class { add };
51
52#avc:  denied  { search } for  pid=538 comm="foundation" name="thermal_config" dev="mmcblk0p6" ino=874 scontext=u:r:foundation:s0 tcontext=u:object_r:system_etc_thermal_file:s0 tclass=dir permissive=1
53allow foundation system_etc_thermal_file:dir { search };
54
55#avc:  denied  { get } for service=801 pid=510 scontext=u:r:foundation:s0 tcontext=u:object_r:sa_accessibleabilityms:s0 tclass=samgr_class permissive=1
56allow foundation sa_accessibleabilityms:samgr_class { get };
57
58#avc:  denied  { getattr } for  pid=493 comm="foundation" path="/system/etc/thermal_config/thermal_service_config.xml" dev="mmcblk0p6" ino=916 scontext=u:r:foundation:s0 tcontext=u:object_r:system_etc_thermal_file:s0 tclass=file permissive=1
59#avc:  denied  { read } for  pid=2200 comm="foundation" name="thermal_service_config.xml" dev="mmcblk0p6" ino=916 scontext=u:r:foundation:s0 tcontext=u:object_r:system_etc_thermal_file:s0 tclass=file permissive=1
60#avc:  denied  { open } for  pid=2205 comm="foundation" path="/system/etc/thermal_config/thermal_service_config.xml" dev="mmcblk0p6" ino=916 scontext=u:r:foundation:s0 tcontext=u:object_r:system_etc_thermal_file:s0 tclass=file permissive=1
61allow foundation system_etc_thermal_file:file { getattr read open };
62
63#avc:  denied  { search } for  pid=552 comm="foundation" name="el0" dev="mmcblk0p11" ino=8 scontext=u:r:foundation:s0 tcontext=u:object_r:data_service_el0_file:s0 tclass=dir permissive=1
64allow foundation data_service_el0_file:dir { search write add_name };
65
66#avc:  denied  { read } for  pid=458 comm="foundation" name="charge" dev="mmcblk0p11" ino=4494 scontext=u:r:foundation:s0 tcontext=u:object_r:data_service_el0_file:s0 tclass=file permissive=1
67allow foundation data_service_el0_file:file { create ioctl open read write };
68