• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# Copyright (c) 2022-2024 Huawei Device Co., Ltd.
2# Licensed under the Apache License, Version 2.0 (the "License");
3# you may not use this file except in compliance with the License.
4# You may obtain a copy of the License at
5#
6#     http://www.apache.org/licenses/LICENSE-2.0
7#
8# Unless required by applicable law or agreed to in writing, software
9# distributed under the License is distributed on an "AS IS" BASIS,
10# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11# See the License for the specific language governing permissions and
12# limitations under the License
13
14neverallow hiprofiler_plugins *:process ptrace;
15
16allow domain hiviewdfx_profiler_param:file { map open read };
17
18developer_only(`
19    allow hiprofiler_plugins data_file:dir search;
20    allow hiprofiler_plugins data_init_agent:dir search;
21    allow hiprofiler_plugins data_init_agent:file { append ioctl open read };
22    allow hiprofiler_plugins dev_unix_socket:sock_file { unlink create getattr setattr write };
23    allow hiprofiler_plugins devpts:chr_file { read write };
24    allow hiprofiler_plugins hdcd:unix_stream_socket { read write };
25    allow hiprofiler_plugins hdcd:fifo_file write;
26    allow hiprofiler_plugins tty_device:chr_file { read write };
27    allow hiprofiler_plugins dev_unix_socket:dir { add_name remove_name write search };
28    allow hiprofiler_plugins proc_cpuinfo_file:file { open read };
29    allow hiprofiler_plugins system_bin_file:dir search;
30    allow hiprofiler_plugins data_local:dir search;
31    allow hiprofiler_plugins hiprofilerd:unix_stream_socket connectto;
32    allow hiprofiler_plugins hiprofilerd:fd { use };
33    allow hiprofiler_plugins system_bin_file:file execute;
34
35    allow hiprofiler_plugins appspawn:file read;
36    allow hiprofiler_plugins hdcd:fd use;
37    allow hiprofiler_plugins hdf_devmgr:file read;
38    allow hiprofiler_plugins hilog_param:file { map open read };
39    allow hiprofiler_plugins init:file { getattr open read };
40    allow hiprofiler_plugins kernel:file read;
41    allow hiprofiler_plugins net_param:file read;
42    allow hiprofiler_plugins net_tcp_param:file read;
43    allow hiprofiler_plugins ohos_boot_param:file { map open read };
44    allow hiprofiler_plugins ohos_param:file { map open read };
45    allow hiprofiler_plugins param_watcher:file read;
46    allow hiprofiler_plugins persist_param:file { map open read };
47    allow hiprofiler_plugins persist_sys_param:file read;
48    allow hiprofiler_plugins proc_stat_file:file { getattr open read };
49    allow hiprofiler_plugins samgr:file read;
50    allow hiprofiler_plugins security_param:file { map open read };
51    allow hiprofiler_plugins storage_manager:file read;
52    allow hiprofiler_plugins sys_file:file { getattr open read };
53    allow hiprofiler_plugins sys_param:file { map open read };
54    allow hiprofiler_plugins sys_usb_param:file read;
55    allow hiprofiler_plugins sysfs_devices_system_cpu:dir { open read };
56    allow hiprofiler_plugins sysfs_devices_system_cpu:file { getattr read };
57    allow hiprofiler_plugins tmpfs:file write;
58    allow hiprofiler_plugins udevd:file read;
59    allow hiprofiler_plugins watchdog_service:file read;
60
61    allow hiprofiler_plugins const_param:file read;
62    allow hiprofiler_plugins const_postinstall_param:file read;
63    allow hiprofiler_plugins hw_sc_build_os_param:file read;
64    allow hiprofiler_plugins hw_sc_build_param:file read;
65    allow hiprofiler_plugins hw_sc_param:file { map open read };
66    allow hiprofiler_plugins init_param:file read;
67    allow hiprofiler_plugins init_svc_param:file read;
68    allow hiprofiler_plugins net_param:file { map open };
69    allow hiprofiler_plugins net_tcp_param:file { map open };
70    allow hiprofiler_plugins sys_usb_param:file { map open };
71
72    allow hiprofiler_plugins const_param:file { map open };
73    allow hiprofiler_plugins hw_sc_build_os_param:file { map open };
74    allow hiprofiler_plugins hw_sc_build_param:file { map open };
75    allow hiprofiler_plugins init_param:file { map open };
76    allow hiprofiler_plugins init_svc_param:file { map open };
77    allow hiprofiler_plugins const_postinstall_param:file open;
78
79    allow hiprofiler_plugins const_allow_mock_param:file read;
80    allow hiprofiler_plugins const_allow_param:file { open read };
81    allow hiprofiler_plugins const_build_param:file read;
82    allow hiprofiler_plugins const_postinstall_fstab_param:file { map open read };
83    allow hiprofiler_plugins const_postinstall_param:file map;
84    allow hiprofiler_plugins const_product_param:file read;
85    allow hiprofiler_plugins debug_param:file read;
86    allow hiprofiler_plugins persist_sys_param:file open;
87    allow hiprofiler_plugins startup_param:file read;
88    allow hiprofiler_plugins bootevent_param:file read;
89    allow hiprofiler_plugins bootevent_samgr_param:file read;
90    allow hiprofiler_plugins build_version_param:file read;
91    allow hiprofiler_plugins const_allow_mock_param:file open;
92    allow hiprofiler_plugins const_allow_param:file map;
93    allow hiprofiler_plugins const_build_param:file open;
94    allow hiprofiler_plugins const_product_param:file open;
95    allow hiprofiler_plugins debug_param:file open;
96    allow hiprofiler_plugins persist_sys_param:file map;
97    allow hiprofiler_plugins startup_param:file open;
98
99    allow hiprofiler_plugins bootevent_param:file { map open };
100    allow hiprofiler_plugins bootevent_samgr_param:file open;
101    allow hiprofiler_plugins build_version_param:file { map open };
102    allow hiprofiler_plugins const_allow_mock_param:file map;
103    allow hiprofiler_plugins const_build_param:file map;
104    allow hiprofiler_plugins const_product_param:file map;
105    allow hiprofiler_plugins debug_param:file map;
106    allow hiprofiler_plugins startup_param:file map;
107
108    allow hiprofiler_plugins bootevent_samgr_param:file map;
109    allow hiprofiler_plugins const_display_brightness_param:file { map open read };
110    allow hiprofiler_plugins distributedsche_param:file { map open read };
111    allow hiprofiler_plugins input_pointer_device_param:file { map open read };
112
113    allow hiprofiler_plugins default_param:file { map open read };
114
115    allow hiprofiler_plugins accessibility:file { getattr open read };
116    allow hiprofiler_plugins distributeddata:file { getattr read };
117    allow hiprofiler_plugins hilog_exec:file { getattr map open read execute execute_no_trans };
118    allow hiprofiler_plugins init:dir { open read };
119    allow hiprofiler_plugins kernel:file { getattr open };
120    allow hiprofiler_plugins media_service:dir search;
121    allow hiprofiler_plugins proc_meminfo_file:file { getattr open read };
122    allow hiprofiler_plugins proc_vmstat_file:file { getattr open read };
123    allow hiprofiler_plugins sysfs_block_zram:file { getattr open read };
124    allow hiprofiler_plugins sysfs_devices_system_cpu:file open;
125
126    allow hiprofiler_plugins tracefs:file write;
127
128    allow hiprofiler_plugins init:dir search;
129    allow hiprofiler_plugins init:unix_stream_socket connectto;
130    allow hiprofiler_plugins mmi_uinput_service:file read;
131
132    allow hiprofiler_plugins accountmgr:file read;
133    allow hiprofiler_plugins deviceauth_service:file read;
134    allow hiprofiler_plugins huks_service:file read;
135    allow hiprofiler_plugins locationhub:file read;
136    allow hiprofiler_plugins memmgrservice:file read;
137    allow hiprofiler_plugins multimodalinput:file read;
138    allow hiprofiler_plugins resource_schedule_service:file read;
139    allow hiprofiler_plugins storage_daemon:file read;
140
141    allow hiprofiler_plugins bgtaskmgr_service:file read;
142    allow hiprofiler_plugins bluetooth_service:file read;
143    allow hiprofiler_plugins device_usage_stats_service:file read;
144    allow hiprofiler_plugins pasteboard_service:file read;
145
146    allow hiprofiler_plugins audio_server:file read;
147    allow hiprofiler_plugins download_server:file read;
148    allow hiprofiler_plugins edm_sa:file read;
149    allow hiprofiler_plugins msdp_sa:file read;
150    allow hiprofiler_plugins screenlock_server:file read;
151    allow hiprofiler_plugins time_service:file read;
152    allow hiprofiler_plugins tty_device:chr_file open;
153    allow hiprofiler_plugins wallpaper_service:file read;
154
155    allow hiprofiler_plugins codec_host:file read;
156    allow hiprofiler_plugins face_auth_host:file read;
157    allow hiprofiler_plugins fingerprint_auth_host:file read;
158    allow hiprofiler_plugins hdcd:fifo_file ioctl;
159    allow hiprofiler_plugins hilog_control_socket:sock_file write;
160    allow hiprofiler_plugins light_host:file read;
161    allow hiprofiler_plugins location_host:file read;
162    allow hiprofiler_plugins pin_auth_host:file read;
163    allow hiprofiler_plugins sensor_host:file read;
164    allow hiprofiler_plugins user_auth_host:file read;
165    allow hiprofiler_plugins vibrator_host:file read;
166
167    allow hiprofiler_plugins audio_host:file read;
168    allow hiprofiler_plugins blue_host:file read;
169    allow hiprofiler_plugins clearplay_host:file read;
170    allow hiprofiler_plugins camera_host:file read;
171    allow hiprofiler_plugins allocator_host:file read;
172    allow hiprofiler_plugins input_user_host:file read;
173    allow hiprofiler_plugins power_host:file read;
174    allow hiprofiler_plugins usb_host:file read;
175    allow hiprofiler_plugins wifi_host:file read;
176
177    allow hiprofiler_plugins camera_service:file read;
178    allow hiprofiler_plugins faultloggerd:file read;
179    allow hiprofiler_plugins drm_service:file read;
180    allow hiprofiler_plugins media_service:file read;
181    allow hiprofiler_plugins render_service:file read;
182    allow hiprofiler_plugins useriam:file read;
183    allow hiprofiler_plugins wifi_hal_service:file read;
184
185    allow hiprofiler_plugins distributedsche:file read;
186    allow hiprofiler_plugins softbus_server:file read;
187    allow hiprofiler_plugins ui_service:file read;
188
189    allow hiprofiler_plugins hiview:file read;
190    allow hiprofiler_plugins installs:file read;
191    allow hiprofiler_plugins sensors:file read;
192
193    allow hiprofiler_plugins foundation:file read;
194    allow hiprofiler_plugins hdcd:file read;
195    allow hiprofiler_plugins hidumper_service:file read;
196    allow hiprofiler_plugins hiprofilerd:file read;
197    allow hiprofiler_plugins kernel:dir search;
198    allow hiprofiler_plugins pinauth:file read;
199    allow hiprofiler_plugins wifi_manager_service:file read;
200
201    allow hiprofiler_plugins proc_file:file write;
202    allow hiprofiler_plugins udevd:file { getattr open };
203
204    allow hiprofiler_plugins deviceauth_service:dir search;
205    allow hiprofiler_plugins deviceauth_service:file { getattr open };
206    allow hiprofiler_plugins resource_schedule_service:dir search;
207    allow hiprofiler_plugins resource_schedule_service:file { getattr open };
208    allow hiprofiler_plugins storage_daemon:dir search;
209    allow hiprofiler_plugins storage_daemon:file { getattr open };
210
211    allow hiprofiler_plugins hilogd:file getattr;
212    allow hiprofiler_plugins toybox_exec:file { execute execute_no_trans getattr map open read };
213    allow hiprofiler_plugins tmpfs:file { map read };
214    allow hiprofiler_plugins tracefs:dir search;
215    allow hiprofiler_plugins tracefs:file { getattr read };
216
217    allow hiprofiler_plugins accountmgr:file getattr;
218    allow hiprofiler_plugins bgtaskmgr_service:file getattr;
219    allow hiprofiler_plugins bluetooth_service:file getattr;
220    allow hiprofiler_plugins device_usage_stats_service:file getattr;
221    allow hiprofiler_plugins hiprofiler_cmd:file getattr;
222    allow hiprofiler_plugins hiprofilerd:file getattr;
223    allow hiprofiler_plugins huks_service:file getattr;
224    allow hiprofiler_plugins locationhub:file getattr;
225    allow hiprofiler_plugins memmgrservice:file getattr;
226    allow hiprofiler_plugins pasteboard_service:file getattr;
227    allow hiprofiler_plugins proc_file:file { getattr open read };
228    allow hiprofiler_plugins audio_server:file getattr;
229    allow hiprofiler_plugins tracefs:file open;
230
231    allow hiprofiler_plugins proc_diskstats_file:file { open read };
232    allow hiprofiler_plugins rootfs:file getattr;
233
234    allow hiprofiler_plugins self:unix_dgram_socket { getopt setopt };
235    allow hiprofiler_plugins hiview:unix_dgram_socket { sendto };
236
237    allow hiprofiler_plugins hiprofiler_cmd:fd use;
238    allow hiprofiler_plugins rootfs:file read;
239    allow hiprofiler_plugins tty_device:chr_file ioctl;
240    allow hiprofiler_plugins hilog_output_socket:sock_file write;
241
242    allow hiprofiler_plugins proc_uptime_file:file { open read };
243    allow hiprofiler_plugins tracefs:dir { open read };
244
245    allow hiprofiler_plugins tracefs:file append;
246
247    allow hiprofiler_plugins data_local_tmp:dir { getattr read watch watch_reads add_name write open search remove_name };
248    allow hiprofiler_plugins data_local_tmp:file { create read open write lock getattr unlink };
249    allow hiprofiler_plugins self:capability { sys_ptrace dac_read_search };
250
251    allow hiprofiler_plugins domain:dir { open read getattr search };
252
253    allow hiprofiler_plugins domain:file { open read getattr };
254
255    allow hiprofiler_plugins data_local_tmp:file ioctl;
256    allow hiprofiler_plugins hilogd:unix_stream_socket connectto;
257    allow hiprofiler_plugins musl_param:file { open read };
258
259    allow hiprofiler_plugins musl_param:file map;
260    allow hiprofiler_plugins dev_unix_file:sock_file write;
261    allow hiprofiler_plugins hisysevent_exec:file { open read map execute execute_no_trans };
262    allow hiprofiler_plugins samgr:binder call;
263    allow hiprofiler_plugins sa_sys_event_service:samgr_class get;
264    allow hiprofiler_plugins sa_hiview_service:samgr_class get;
265    allow hiprofiler_plugins hiview:binder { call transfer };
266    allow hiprofiler_plugins dev_console_file:chr_file { read write };
267    allow hiprofiler_plugins proc_diskstats_file:file getattr;
268    allow hiprofiler_plugins proc_uptime_file:file getattr;
269
270    allow hiprofiler_plugins appspawn_exec:file read;
271    allow hiprofiler_plugins data_local_tmp:fifo_file { open read unlink write };
272    allow hiprofiler_plugins hiview_exec:file { getattr map open read };
273    allow hiprofiler_plugins self:perf_event write;
274    allow hiprofiler_plugins storage_daemon_exec:file { getattr map open read };
275    allow hiprofiler_plugins vendor_bin_file:file { getattr map open read };
276    allow hiprofiler_plugins vendor_bin_file:dir search;
277    allow hiprofiler_plugins dev_file:dir getattr;
278
279    allow hiprofiler_plugins hisysevent:process sigkill;
280    allow hiprofiler_plugins sa_accountmgr:samgr_class get;
281    allow hiprofiler_plugins sa_foundation_bms:samgr_class get;
282    allow hiprofiler_plugins hiview:fd use;
283
284    allow samgr hiprofiler_plugins:dir { search };
285    allow samgr hiprofiler_plugins:file { read open };
286    allow samgr hiprofiler_plugins:process { getattr };
287    allow samgr hiprofiler_plugins:binder { call transfer };
288    allow hiprofiler_plugins arkcompiler_param:file { read open map };
289    allow hiprofiler_plugins ark_writeable_param:file { read open map };
290    allow hiprofiler_plugins accountmgr:binder { call };
291    allow hiprofiler_plugins foundation:binder { call };
292    allow accountmgr hiprofiler_plugins:binder { transfer };
293    allow hiprofiler_plugins system_bin_file:lnk_file read;
294    allow hiprofiler_plugins toybox_exec:lnk_file read;
295    allow hiprofiler_plugins SP_daemon_exec:file { getattr open read map execute execute_no_trans };
296
297    allow hiprofiler_plugins sa_render_service:samgr_class get;
298    allow hiprofiler_plugins render_service:binder { call transfer };
299    allow hiprofiler_plugins normal_hap_attr:unix_stream_socket { connectto };
300
301    allow hiprofiler_plugins system_usr_file:dir { search };
302    allow hiprofiler_plugins system_usr_file:file { getattr map open read };
303    allow hiprofiler_plugins SP_daemon:process { rlimitinh siginh transition sigkill signal };
304    allow hiprofiler_plugins dev_ashmem_file:chr_file { open };
305    allow hiprofiler_plugins hiviewdfx_profiler_param:parameter_service { set };
306    allow hiprofiler_plugins hitrace_param:parameter_service { set };
307    allow hiprofiler_plugins paramservice_socket:sock_file { read write };
308    allow hiprofiler_plugins kernel:unix_stream_socket { connectto };
309    allow hap_domain hiviewdfx_profiler_param:file { map open read };
310    allow hap_domain hiprofiler_plugins:unix_stream_socket { connectto read write };
311    allow hap_domain hiprofiler_plugins:fd { use };
312    allow hiprofiler_plugins data_hilogd_file:dir { getattr open read search };
313    allow hiprofiler_plugins data_hilogd_file:file { getattr open read };
314    allow sadomain hiviewdfx_profiler_param:file { map open read };
315
316    allow hiprofiler_plugins netmanager:binder { call };
317    allow hiprofiler_plugins sa_comm_net_stats_manager_service:samgr_class { get };
318')
319