1# Copyright (c) 2022-2023 Huawei Device Co., Ltd. 2# Licensed under the Apache License, Version 2.0 (the "License"); 3# you may not use this file except in compliance with the License. 4# You may obtain a copy of the License at 5# 6# http://www.apache.org/licenses/LICENSE-2.0 7# 8# Unless required by applicable law or agreed to in writing, software 9# distributed under the License is distributed on an "AS IS" BASIS, 10# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11# See the License for the specific language governing permissions and 12# limitations under the License. 13 14allow netmanager port:tcp_socket name_bind; 15allow netmanager node:tcp_socket node_bind; 16allow netmanager self:tcp_socket { create bind connect listen accept read write getopt setopt shutdown }; 17allow netmanager bootevent_param:file { map open read }; 18allow netmanager bootevent_samgr_param:file { map open read }; 19allow netmanager build_version_param:file { map open read }; 20allow netmanager const_allow_mock_param:file { map open read }; 21allow netmanager const_allow_param:file { map open read }; 22allow netmanager const_build_param:file { map open read }; 23allow netmanager const_display_brightness_param:file { map open read }; 24allow netmanager const_param:file { map open read }; 25allow netmanager const_postinstall_fstab_param:file { map open read }; 26allow netmanager const_postinstall_param:file { map open read }; 27allow netmanager const_product_param:file { map open read }; 28allow netmanager data_data_file:dir { add_name write }; 29allow netmanager data_data_file:file { append create ioctl write }; 30allow netmanager data_ethernet:dir { getattr open read }; 31allow netmanager data_file:dir { add_name create getattr open read write }; 32allow netmanager data_log:file { read write }; 33allow netmanager data_system:file { create getattr read write open }; 34allow netmanager debug_param:file { map open read }; 35allow netmanager default_param:file { map open read }; 36allow netmanager dev_file:sock_file { write }; 37allow netmanager dev_unix_socket:sock_file { write }; 38allow netmanager distributedsche_param:file { map open read }; 39allow netmanager faultloggerd:fd { use }; 40allow netmanager faultloggerd:unix_stream_socket { connectto }; 41allow netmanager hilog_param:file { map open read }; 42allow netmanager hiview:binder { call }; 43allow netmanager hiview:unix_dgram_socket { sendto }; 44allow netmanager hw_sc_build_os_param:file { map open read }; 45allow netmanager hw_sc_build_param:file { map open read }; 46allow netmanager hw_sc_param:file { map open read }; 47allow netmanager init_param:file { map open read }; 48allow netmanager init_svc_param:file { map open read }; 49allow netmanager input_pointer_device_param:file { map open read }; 50allow netmanager netmanager:netlink_route_socket { bind setopt create write read nlmsg_read }; 51allow netmanager netmanager:udp_socket { ioctl }; 52allow netmanager netmanager:unix_dgram_socket { getopt setopt ioctl }; 53allow netmanager net_param:file { map open read }; 54allow netmanager netsysnative:binder { transfer }; 55allow netmanager netsysnative:unix_stream_socket { connectto }; 56allow netmanager net_tcp_param:file { map open read }; 57allow netmanager normal_hap_attr:binder { call }; 58allow netmanager ohos_boot_param:file { map open read }; 59allow netmanager ohos_param:file { map open read }; 60allow netmanager param_watcher:binder { call transfer }; 61allow netmanager persist_param:file { map open read }; 62allow netmanager persist_sys_param:file { map open read }; 63allow netmanager sa_accesstoken_manager_service:samgr_class { get }; 64allow netmanager sa_comm_dns_manager_service:samgr_class { add }; 65allow netmanager sa_comm_ethernet_manager_service:samgr_class { add }; 66allow netmanager sa_comm_mdns_manager_service:samgr_class { add }; 67allow netmanager sa_comm_net_stats_manager_service:samgr_class { add }; 68allow netmanager sa_foundation_cesfwk_service:samgr_class { get }; 69allow netmanager sa_net_conn_manager:samgr_class { add }; 70allow netmanager sa_net_policy_manager:samgr_class { add }; 71allow netmanager sa_netsys_native_manager:samgr_class { get }; 72allow netmanager sa_param_watcher:samgr_class { get }; 73allow netmanager security_param:file { map open read }; 74allow netmanager startup_param:file { map open read }; 75allow netmanager sys_file:file { open read }; 76allow netmanager sysfs_net:dir { open read }; 77allow netmanager sysfs_net:file { open read }; 78allow netmanager sys_param:file { map open read }; 79allow netmanager sys_usb_param:file { map open read }; 80allow netmanager tracefs:dir { search }; 81allow netmanager tracefs_trace_marker_file:file { open write }; 82allowxperm netmanager data_data_file:file ioctl { 0x5413 }; 83allowxperm netmanager netmanager:udp_socket ioctl { 0x8927 }; 84allowxperm netmanager netmanager:unix_dgram_socket ioctl { 0x8910 0x8933 }; 85