1# Copyright (c) 2022-2023 Huawei Device Co., Ltd. 2# Licensed under the Apache License, Version 2.0 (the "License"); 3# you may not use this file except in compliance with the License. 4# You may obtain a copy of the License at 5# 6# http://www.apache.org/licenses/LICENSE-2.0 7# 8# Unless required by applicable law or agreed to in writing, software 9# distributed under the License is distributed on an "AS IS" BASIS, 10# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11# See the License for the specific language governing permissions and 12# limitations under the License 13 14developer_only(` 15 allow hiprofilerd dev_unix_socket:dir search; 16 allow hiprofilerd devpts:chr_file { read write }; 17 allow hiprofilerd hdcd:fd use; 18 allow hiprofilerd hdcd:unix_stream_socket { read write }; 19 allow hiprofilerd hdcd:fifo_file write; 20 allow hiprofilerd node:tcp_socket node_bind; 21 allow hiprofilerd proc_cpuinfo_file:file { open read }; 22 allow hiprofilerd proc_file:file { getattr open read }; 23 allow hiprofilerd tty_device:chr_file { read write }; 24 allow hiprofilerd data_file:dir search; 25 allow hiprofilerd data_init_agent:dir search; 26 allow hiprofilerd data_init_agent:file { append ioctl open read }; 27 allow hiprofilerd self:tcp_socket { accept read write }; 28 allow hiprofilerd self:tcp_socket shutdown; 29 allow hiprofilerd self:tcp_socket { bind create getattr getopt listen setopt }; 30 allow hiprofilerd dev_unix_socket:dir { add_name remove_name write }; 31 allow hiprofilerd dev_unix_socket:sock_file { create unlink }; 32 allow hiprofilerd system_bin_file:dir search; 33 allow hiprofilerd data_local:dir search; 34 allow hiprofilerd tmpfs:file { map read write }; 35 36 allow hiprofilerd bootevent_samgr_param:file { map open read }; 37 allow hiprofilerd build_version_param:file { map open read }; 38 allow hiprofilerd const_product_param:file { map open read }; 39 40 allow hiprofilerd dev_file:sock_file write; 41 allow hiprofilerd distributedsche_param:file { open read }; 42 allow hiprofilerd hilog_param:file { map open read }; 43 allow hiprofilerd hw_sc_build_os_param:file read; 44 allow hiprofilerd hw_sc_build_param:file read; 45 allow hiprofilerd hw_sc_param:file { open read }; 46 allow hiprofilerd init_param:file read; 47 allow hiprofilerd net_param:file { open read }; 48 allow hiprofilerd net_tcp_param:file { map open read }; 49 allow hiprofilerd netsysnative:unix_stream_socket connectto; 50 allow hiprofilerd ohos_boot_param:file { map open read }; 51 allow hiprofilerd ohos_param:file { map open read }; 52 allow hiprofilerd persist_param:file read; 53 allow hiprofilerd security_param:file { map open read }; 54 allow hiprofilerd sys_param:file { map open read }; 55 allow hiprofilerd sys_usb_param:file { map open read }; 56 allow hiprofilerd hiprofiler_plugins:dir { search }; 57 allow hiprofilerd hiprofiler_plugins:file { open read getattr }; 58 59 allow hiprofilerd const_allow_param:file read; 60 allow hiprofilerd const_param:file read; 61 allow hiprofilerd const_postinstall_fstab_param:file read; 62 allow hiprofilerd const_postinstall_param:file read; 63 allow hiprofilerd hw_sc_build_os_param:file open; 64 allow hiprofilerd hw_sc_build_param:file open; 65 allow hiprofilerd hw_sc_param:file map; 66 allow hiprofilerd init_param:file open; 67 allow hiprofilerd init_svc_param:file read; 68 allow hiprofilerd net_param:file map; 69 70 allow hiprofilerd bootevent_param:file { open read }; 71 allow hiprofilerd const_allow_mock_param:file read; 72 allow hiprofilerd const_allow_param:file { map open }; 73 allow hiprofilerd const_param:file { map open }; 74 allow hiprofilerd const_postinstall_fstab_param:file { map open }; 75 allow hiprofilerd const_postinstall_param:file { map open }; 76 77 allow hiprofilerd debug_param:file { map open read }; 78 allow hiprofilerd distributedsche_param:file map; 79 allow hiprofilerd hw_sc_build_os_param:file map; 80 allow hiprofilerd hw_sc_build_param:file map; 81 allow hiprofilerd init_param:file map; 82 allow hiprofilerd init_svc_param:file { map open }; 83 allow hiprofilerd input_pointer_device_param:file { map open read }; 84 allow hiprofilerd persist_param:file { map open }; 85 allow hiprofilerd persist_sys_param:file { map open read }; 86 allow hiprofilerd startup_param:file { map open read }; 87 88 allow hiprofilerd bootevent_param:file map; 89 allow hiprofilerd const_allow_mock_param:file { map open }; 90 allow hiprofilerd const_build_param:file { map open read }; 91 allow hiprofilerd const_display_brightness_param:file { map open read }; 92 93 allow hiprofilerd default_param:file { map open read }; 94 allow hiprofilerd system_bin_file:file { map open read execute execute_no_trans }; 95 allow hiprofilerd toybox_exec:file { getattr map open read execute execute_no_trans }; 96 allow hiprofilerd dev_unix_socket:sock_file { getattr setattr }; 97 98 allow hiprofilerd hiprofiler_cmd:fd use; 99 allow hiprofilerd rootfs:file read; 100 101 allow hiprofilerd data_local_tmp:file { getattr read ioctl lock create read open write unlink }; 102 allow hiprofilerd data_local_tmp:dir { search add_name remove_name write open getattr }; 103 allow hiprofilerd dev_unix_socket:sock_file write; 104 allow hiprofilerd hiprofiler_cmd:unix_stream_socket connectto; 105 allow hiprofilerd ohos_dev_param:file { open read map}; 106 allow hiprofilerd system_bin_file:file getattr; 107 allow hiprofilerd system_bin_file:lnk_file read; 108 allow hiprofilerd toybox_exec:lnk_file read; 109 allow hiprofilerd tty_device:chr_file { ioctl open }; 110 allow hiprofilerd musl_param:file { map open read }; 111 allow hiprofilerd dev_unix_file:sock_file unlink; 112 allow hiprofilerd dev_ashmem_file:chr_file { open }; 113 allow hiprofilerd proc_file:file getattr; 114 115 allow hiprofilerd sa_foundation_bms:samgr_class get; 116 allow hiprofilerd sa_param_watcher:samgr_class get; 117 allow hiprofilerd samgr:binder { call }; 118 allow hiprofilerd foundation:binder call; 119 allow hiprofilerd dev_console_file:chr_file { read write }; 120 allow hiprofilerd param_watcher:binder { call }; 121 allow hiprofilerd tracefs:dir search; 122 allow hiprofilerd tracefs_trace_marker_file:file { open write }; 123 124 allow hiprofilerd vendor_bin_file:dir search; 125 allow hiprofilerd sysfs_devices_system_cpu:dir { read open }; 126 127 allow hiprofilerd hap_domain:dir { read open getattr search }; 128 allow hiprofilerd hap_domain:file { read open getattr map }; 129 allow hiprofilerd dev_file:dir getattr; 130 131 allow hiprofilerd sysfs_devices_system_cpu:file { read open getattr }; 132') 133 134