1# Copyright (c) 2022-2023 Huawei Device Co., Ltd. 2# Licensed under the Apache License, Version 2.0 (the "License"); 3# you may not use this file except in compliance with the License. 4# You may obtain a copy of the License at 5# 6# http://www.apache.org/licenses/LICENSE-2.0 7# 8# Unless required by applicable law or agreed to in writing, software 9# distributed under the License is distributed on an "AS IS" BASIS, 10# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11# See the License for the specific language governing permissions and 12# limitations under the License. 13 14allow foundation accessibility:binder { call }; 15allow foundation accesstoken_service:binder { call }; 16allow foundation bootanimation:binder { call }; 17allow foundation data_file:dir { search }; 18allow foundation data_init_agent:dir { search }; 19allow foundation dev_ashmem_file:chr_file { open }; 20allow foundation dev_unix_socket:dir { search }; 21allow foundation foundation:binder { call transfer }; 22allow foundation hidumper_service:fd { use }; 23allow foundation kernel:unix_stream_socket { connectto }; 24allow foundation multimodalinput:binder { call }; 25allow foundation multimodalinput:unix_stream_socket { write }; 26allow foundation normal_hap_attr:binder { call }; 27allow foundation paramservice_socket:sock_file { write }; 28allow foundation proc_file:file { open read }; 29allow foundation render_service:binder { call transfer }; 30allow foundation render_service:fd { use }; 31allow foundation composer_host:fd { use }; 32allow foundation resource_schedule_service:binder { call transfer }; 33allow foundation sa_accesstoken_manager_service:samgr_class { get }; 34allow foundation sa_foundation_abilityms:samgr_class { get }; 35allow foundation sa_foundation_dms:samgr_class { add }; 36allow foundation sa_foundation_wms:samgr_class { add }; 37allow foundation sa_render_service:samgr_class { get }; 38allow foundation sa_msdp_motion_service:samgr_class { get }; 39allow foundation sa_msdp_motion_service:samgr_class { add }; 40allow foundation screenlock_server:binder { call transfer }; 41 42debug_only(` 43 allow foundation sh:binder { call transfer }; 44') 45 46allow foundation system_basic_hap_attr:binder { call }; 47allow foundation system_core_hap_attr:binder { call }; 48allow foundation system_usr_file:dir { search }; 49allow foundation system_usr_file:file { getattr map open read }; 50allow foundation ui_service:binder { call }; 51allow foundation vendor_lib_file:dir { search }; 52allow foundation vendor_lib_file:file { read }; 53allow foundation render_service:unix_stream_socket { read write }; 54allow foundation pasteboard_service:binder { call transfer }; 55allow foundation bootevent_wms_param:parameter_service { set }; 56allow bootanimation bootevent_wms_param:file { map open read }; 57allow foundation data_service_el1_file:file { rename }; 58 59