• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# Copyright (c) 2024 Huawei Device Co., Ltd.
2# Licensed under the Apache License, Version 2.0 (the "License");
3# you may not use this file except in compliance with the License.
4# You may obtain a copy of the License at
5#
6#     http://www.apache.org/licenses/LICENSE-2.0
7#
8# Unless required by applicable law or agreed to in writing, software
9# distributed under the License is distributed on an "AS IS" BASIS,
10# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11# See the License for the specific language governing permissions and
12# limitations under the License.
13
14neverallow { domain developer_only(`-uitest -wukong') debug_only(`-uitest -wukong') -SP_daemon } sa_test_server:samgr_class { get };
15allow test_server sa_test_server:samgr_class { add };
16allow test_server hilog_param:file { read open };
17allow test_server samgr:binder { call };
18allow test_server uitest:binder { call };
19allow test_server dev_unix_socket:dir { search };
20allow test_server aa:binder { call };
21allow test_server pasteboard_service:binder { call };
22allow test_server sa_pasteboard_service:samgr_class { get };
23allow test_server sa_foundation_cesfwk_service:samgr_class { get };
24allow test_server foundation:binder {call transfer};
25allow test_server SP_daemon:binder { call };
26allow test_server sa_resource_schedule_socperf_server:samgr_class { get };
27allow test_server resource_schedule_service:binder { call transfer };
28allow test_server samgr:binder { transfer };
29allow test_server sa_test_server:samgr_class { add };
30allow test_server hilog_param:file { read open };
31allow test_server samgr:binder { call };
32allow test_server uitest:binder { call };
33allow test_server dev_unix_socket:dir { search };
34allow test_server aa:binder { call };
35allow test_server pasteboard_service:binder { call };
36allow test_server sa_pasteboard_service:samgr_class { get };
37allow test_server sa_foundation_cesfwk_service:samgr_class { get };
38allow test_server foundation:binder {call transfer};
39allow test_server SP_daemon:binder { call };
40allow test_server sa_resource_schedule_socperf_server:samgr_class { get };
41allow test_server resource_schedule_service:binder { call transfer };
42allow test_server samgr:binder { transfer };
43
44allow test_server sh_exec:file { execute_no_trans execute open map read };
45allow test_server test_server:tcp_socket { accept bind listen };
46allow test_server node:tcp_socket { node_bind };
47allow test_server SP_daemon_exec:file { ioctl execute execute_no_trans getattr map open read };
48allow test_server persist_param:file { read open map };
49allow test_server sys_param:file { read open map };
50allow test_server persist_sys_param:file { read open map };
51allow test_server sysfs_devices_system_cpu:file { read open getattr };
52allow test_server tty_device:chr_file { open };
53allow test_server SP_daemon:process { siginh rlimitinh transition };
54allow test_server test_server:unix_dgram_socket { getopt setopt };
55allowxperm test_server SP_daemon_exec:file ioctl { 0x5413 };
56allow test_server SP_daemon:process { signal };
57allow test_server chip_prod_file:dir { search };
58allow test_server tty_device:chr_file { read write };
59allow test_server test_server:hmcap { supervsable };
60allow test_server SP_daemon:dir { getattr search };
61allow test_server SP_daemon:file { read open };
62allow test_server data_local:dir { search };
63allow test_server data_service_file:dir { search };
64allow test_server dev_kmsg_file:chr_file { write };
65allow test_server hidumper:dir { getattr search };
66allow test_server hidumper:file { open read };
67allow test_server proc_file:file { open read };
68allow test_server system_bin_file:lnk_file { read };
69allow test_server toybox_exec:file { execute execute_no_trans getattr map open read execute read };
70dontaudit test_server SP_daemon:process noatsecure;
71type_transition test_server SP_daemon_exec:process SP_daemon;
72