1# Copyright (c) 2022-2024 Huawei Device Co., Ltd. 2# Licensed under the Apache License, Version 2.0 (the License); 3# you may not use this file except in compliance with the License. 4# You may obtain a copy of the License at 5# 6# http://www.apache.org/licenses/LICENSE-2.0 7# 8# Unless required by applicable law or agreed to in writing, software 9# distributed under the License is distributed on an "AS IS" BASIS, 10# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11# See the License for the specific language governing permissions and 12# limitations under the License. 13 14init_daemon_domain(audio_server); 15 16debug_only(` 17 binder_call(audio_server, sh); 18') 19 20# core func 21 22allow audio_server sa_audio_policy_service:samgr_class { add get }; 23 24allow audio_server sa_pulseaudio_audio_service:samgr_class { get add }; 25 26binder_call(audio_server, audio_server); 27 28allow audio_server dev_unix_socket:dir { search }; 29allow audio_server dev_unix_socket:sock_file { write }; 30 31allow audio_server native_socket:sock_file { write }; 32 33allow audio_server init:unix_stream_socket { accept connectto getattr getopt listen setopt }; 34 35allow audio_server kernel:unix_stream_socket { connectto }; 36 37allow audio_server audio_server:unix_dgram_socket { getopt setopt }; 38 39allow audio_server audio_server:netlink_kobject_uevent_socket { getattr read bind create setopt }; 40 41# dir or file access 42 43allow audio_server data_data_pulse_dir:dir { add_name getattr open read remove_name search setattr write }; 44allow audio_server data_data_pulse_dir:fifo_file { create getattr open read write setattr unlink }; 45allow audio_server data_data_pulse_dir:file { create getattr ioctl read write open lock setattr unlink }; 46allow audio_server data_data_pulse_dir:sock_file { create setattr unlink write }; 47allowxperm audio_server data_data_pulse_dir:file ioctl { 0x5413 }; 48 49allow audio_server system_bin_file:dir { getattr search }; 50 51allow audio_server data_log:file { write }; 52 53allow audio_server hiview:fd { use }; 54 55allow audio_server data_file:dir { search }; 56 57allow audio_server data_data_file:dir { search }; 58 59allow audio_server data_init_agent:dir { search }; 60allow audio_server data_init_agent:file { ioctl open read append }; 61allowxperm audio_server data_init_agent:file ioctl { 0x5413 }; 62 63allow audio_server data_service_file:dir { search }; 64allow audio_server data_service_el1_file:dir { add_name create getattr open read remove_name rmdir search setattr write }; 65allow audio_server data_service_el1_file:file { create getattr ioctl lock map open read rename setattr unlink write }; 66 67allow audio_server vendor_file:file { execute getattr map open read }; 68 69allow audio_server vendor_bin_file:dir { search }; 70 71allow audio_server vendor_etc_file:dir { search }; 72allow audio_server vendor_etc_file:file { getattr read open }; 73 74allow audio_server vendor_lib_file:file { read open getattr map execute }; 75allow audio_server vendor_lib_file:dir { search }; 76 77allow audio_server musl_param:file { open map read }; 78 79allow audio_server dev_ashmem_file:chr_file { open }; 80 81allow audio_server rootfs:chr_file { ioctl read write }; 82allowxperm audio_server rootfs:chr_file ioctl { 0x5413 }; 83 84# /dev/input/ 85allow audio_server dev_input_file:dir { search }; 86allow audio_server dev_input_file:chr_file { read open }; 87 88# /dev/bus/ 89allow audio_server dev_bus:dir { search }; 90allow audio_server dev_bus_usb_file:dir { open read search }; 91allow audio_server dev_bus_usb_file:chr_file { getattr read open }; 92 93# /sys/class/switch/ 94allow audio_server sysfs_switch:file { open read getattr }; 95 96# for application call 97 98binder_call(audio_server, normal_hap_attr); 99 100binder_call(audio_server, system_core_hap_attr); 101 102binder_call(audio_server, system_basic_hap_attr); 103 104# for audio hdf 105 106allow audio_server hdf_audio_hdi_service:hdf_devmgr_class { get }; 107 108allow audio_server hdf_audio_hdi_usb_service:hdf_devmgr_class { get }; 109 110allow audio_server hdf_audio_hdi_a2dp_service:hdf_devmgr_class { get }; 111 112allow audio_server hdf_audio_bluetooth_hdi_service:hdf_devmgr_class { get }; 113 114allow audio_server hdf_audio_manager_service:hdf_devmgr_class { get }; 115 116allow audio_server hdf_effect_model_service:hdf_devmgr_class { get }; 117 118binder_call(audio_server, audio_host); 119 120binder_call(audio_server, a2dp_host); 121 122binder_call(audio_server, hdf_devmgr); 123 124# interact with others 125 126binder_call(audio_server, media_service); 127 128allow audio_server sa_media_monitor:samgr_class { get }; 129binder_call(audio_server, media_monitor); 130 131binder_call(audio_server, bluetooth_service); 132 133binder_call(audio_server, intell_voice_service); 134 135allow audio_server sa_distributeddata_service:samgr_class { get }; 136binder_call(audio_server, distributeddata); 137 138binder_call(audio_server, hdcd); 139 140allow audio_server hidumper_service:fifo_file { write }; 141binder_call(audio_server, hidumper_service); 142 143allow audio_server multimodalinput:unix_stream_socket { read write }; 144allow audio_server sa_multimodalinput_service:samgr_class { get }; 145binder_call(audio_server, multimodalinput); 146 147allow audio_server sa_param_watcher:samgr_class { get }; 148binder_call(audio_server, param_watcher); 149 150allow audio_server sa_accesstoken_manager_service:samgr_class { get }; 151 152allow audio_server sa_powermgr_powermgr_service:samgr_class { get }; 153binder_call(audio_server, powermgr); 154 155allow audio_server sa_device_service_manager:samgr_class { get }; 156 157binder_call(audio_server, accesstoken_service); 158 159allow audio_server accessibility_param:file { map open read }; 160allow audio_server sa_accessibleabilityms:samgr_class { get }; 161binder_call(audio_server, accessibility); 162 163allow audio_server sa_privacy_service:samgr_class { get }; 164binder_call(audio_server, privacy_service); 165 166allow audio_server persist_audio_param:parameter_service { set }; 167allow audio_server persist_param:parameter_service { set }; 168 169allow audio_server paramservice_socket:sock_file { write }; 170 171allow audio_server sa_foundation_devicemanager_service:samgr_class { get }; 172 173binder_call(audio_server, foundation); 174 175allow audio_server sa_foundation_abilityms:samgr_class { get }; 176 177allow audio_server sa_foundation_bms:samgr_class { get }; 178 179allow audio_server sa_foundation_dms:samgr_class { get }; 180 181allow audio_server sa_dataobs_mgr_service_service:samgr_class { get }; 182 183binder_call(audio_server, device_manager); 184 185allow audio_server sa_resource_schedule:samgr_class { get }; 186 187allow audio_server sa_sensor_service:samgr_class { get }; 188binder_call(audio_server, sensors); 189 190allow audio_server sa_accountmgr:samgr_class { get }; 191binder_call(audio_server, accountmgr); 192 193binder_call(audio_server, camera_service); 194 195allow audio_server sa_foundation_cesfwk_service:samgr_class { get }; 196 197allow audio_server sa_memory_manager_service:samgr_class { get }; 198 199binder_call(audio_server, memmgrservice); 200 201allow audio_server sa_avsession_service:samgr_class { get }; 202 203binder_call(audio_server, av_session); 204 205allow audio_server sa_usb_service:samgr_class { get }; 206binder_call(audio_server, usb_service); 207 208# others 209allow domain persist_audio_param:file { map open read }; 210allow audio_server sa_foundation_ans:samgr_class { get }; 211 212