• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# Copyright (c) 2023 Huawei Device Co., Ltd.
2# Licensed under the Apache License, Version 2.0 (the "License");
3# you may not use this file except in compliance with the License.
4# You may obtain a copy of the License at
5#
6#     http://www.apache.org/licenses/LICENSE-2.0
7#
8# Unless required by applicable law or agreed to in writing, software
9# distributed under the License is distributed on an "AS IS" BASIS,
10# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11# See the License for the specific language governing permissions and
12# limitations under the License.
13
14debug_only(`
15    # avc:  denied  { getattr } for  pid=4565 comm="ps" path="/proc/3172" dev="proc" ino=34081 scontext=u:r:sh:s0 tcontext=u:r:isolated_render:s0 tclass=dir permissive=1
16    # avc:  denied  { search } for  pid=4565 comm="ps" name="3172" dev="proc" ino=34081 scontext=u:r:sh:s0 tcontext=u:r:isolated_render:s0 tclass=dir permissive=1
17    allow sh isolated_render:dir { getattr search };
18
19    # avc:  denied  { open } for  pid=4569 comm="ps" path="/proc/3172/stat" dev="proc" ino=34086 scontext=u:r:sh:s0 tcontext=u:r:isolated_render:s0 tclass=file permissive=1
20    # avc:  denied  { read } for  pid=4569 comm="ps" name="stat" dev="proc" ino=34086 scontext=u:r:sh:s0 tcontext=u:r:isolated_render:s0 tclass=file permissive=1
21    allow sh isolated_render:file { open read };
22
23    #avc: denied { open } for pid=3754 comm="sh" path="/proc/5054" dev="proc" ino=50017 scontext=u:r:sh:s0 tcontext=u:r:isolated_render:s0 tclass=dir permissive=1
24    #avc: denied { read } for pid=3754 comm="sh" name="5054" dev="proc" ino=50017 scontext=u:r:sh:s0 tcontext=u:r:isolated_render:s0 tclass=dir permissive=1
25    allow sh isolated_render:dir { open read };
26
27    #avc: denied { getattr } for pid=3754 comm="sh" path="/proc/5054/environ" dev="proc" ino=54679 scontext=u:r:sh:s0 tcontext=u:r:isolated_render:s0 tclass=file permissive=1
28    allow sh isolated_render:file { getattr };
29
30    #avc: denied { getattr } for pid=3754 comm="sh" path="/proc/5054/cwd" dev="proc" ino=54691 scontext=u:r:sh:s0 tcontext=u:r:isolated_render:s0 tclass=lnk_file permissive=1
31    #avc: denied { read } for pid=3754 comm="sh" name="root" dev="proc" ino=54692 scontext=u:r:sh:s0 tcontext=u:r:isolated_render:s0 tclass=lnk_file permissive=1
32    allow sh isolated_render:lnk_file { getattr read };
33
34    #avc: denied { getattr } for pid=4596 comm="ps" scontext=u:r:sh:s0 tcontext=u:r:isolated_render:s0 tclass=process permissive=1
35    allow sh isolated_render:process { getattr };
36')
37