1# Copyright (c) 2022-2024 Huawei Device Co., Ltd. 2# Licensed under the Apache License, Version 2.0 (the License); 3# you may not use this file except in compliance with the License. 4# You may obtain a copy of the License at 5# 6# http://www.apache.org/licenses/LICENSE-2.0 7# 8# Unless required by applicable law or agreed to in writing, software 9# distributed under the License is distributed on an "AS IS" BASIS, 10# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11# See the License for the specific language governing permissions and 12# limitations under the License. 13 14init_daemon_domain(audio_server); 15 16debug_only(` 17 binder_call(audio_server, sh); 18') 19 20# core func 21 22allow audio_server sa_audio_policy_service:samgr_class { add get }; 23 24allow audio_server sa_pulseaudio_audio_service:samgr_class { get add }; 25 26binder_call(audio_server, audio_server); 27 28allow audio_server dev_unix_socket:dir { search }; 29allow audio_server dev_unix_socket:sock_file { write }; 30 31allow audio_server native_socket:sock_file { write }; 32 33allow audio_server init:unix_stream_socket { accept connectto getattr getopt listen setopt }; 34 35allow audio_server kernel:unix_stream_socket { connectto }; 36 37allow audio_server audio_server:unix_dgram_socket { getopt setopt }; 38 39allow audio_server audio_server:netlink_kobject_uevent_socket { getattr read bind create setopt }; 40 41# dir or file access 42 43allow audio_server data_data_pulse_dir:dir { add_name getattr open read remove_name search setattr write }; 44allow audio_server data_data_pulse_dir:fifo_file { create getattr open read write setattr unlink }; 45allow audio_server data_data_pulse_dir:file { create getattr ioctl read write open lock setattr unlink }; 46allow audio_server data_data_pulse_dir:sock_file { create setattr unlink write }; 47allowxperm audio_server data_data_pulse_dir:file ioctl { 0x5413 }; 48 49allow audio_server system_bin_file:dir { getattr search }; 50 51allow audio_server data_log:file { write }; 52 53allow audio_server hiview:fd { use }; 54 55allow audio_server data_file:dir { search }; 56 57allow audio_server data_data_file:dir { search }; 58 59allow audio_server data_init_agent:dir { search }; 60allow audio_server data_init_agent:file { ioctl open read append }; 61allowxperm audio_server data_init_agent:file ioctl { 0x5413 }; 62 63allow audio_server data_service_file:dir { search }; 64allow audio_server data_service_el1_file:dir { add_name create getattr open read remove_name rmdir search setattr write }; 65allow audio_server data_service_el1_file:file { create getattr ioctl lock map open read rename setattr unlink write }; 66 67allow audio_server vendor_file:file { execute getattr map open read }; 68 69allow audio_server vendor_bin_file:dir { search }; 70allow audio_server hdf_devhost_exec:dir { search }; 71 72allow audio_server vendor_etc_file:dir { search }; 73allow audio_server vendor_etc_file:file { getattr read open }; 74 75allow audio_server vendor_lib_file:file { read open getattr map execute }; 76allow audio_server vendor_lib_file:dir { search }; 77 78allow audio_server musl_param:file { open map read }; 79 80allow audio_server dev_ashmem_file:chr_file { open }; 81 82allow audio_server rootfs:chr_file { ioctl read write }; 83allowxperm audio_server rootfs:chr_file ioctl { 0x5413 }; 84 85# /dev/input/ 86allow audio_server dev_input_file:dir { search }; 87allow audio_server dev_input_file:chr_file { read open }; 88 89# /dev/bus/ 90allow audio_server dev_bus:dir { search }; 91allow audio_server dev_bus_usb_file:dir { open read search }; 92allow audio_server dev_bus_usb_file:chr_file { getattr read open }; 93 94# /sys/class/switch/ 95allow audio_server sysfs_switch:file { open read getattr }; 96 97# for application call 98 99binder_call(audio_server, normal_hap_attr); 100 101binder_call(audio_server, system_core_hap_attr); 102 103binder_call(audio_server, system_basic_hap_attr); 104 105# for audio hdf 106 107allow audio_server hdf_audio_hdi_service:hdf_devmgr_class { get }; 108 109allow audio_server hdf_audio_hdi_usb_service:hdf_devmgr_class { get }; 110 111allow audio_server hdf_audio_hdi_a2dp_service:hdf_devmgr_class { get }; 112 113allow audio_server hdf_audio_bluetooth_hdi_service:hdf_devmgr_class { get }; 114 115allow audio_server hdf_audio_manager_service:hdf_devmgr_class { get }; 116 117allow audio_server hdf_effect_model_service:hdf_devmgr_class { get }; 118 119binder_call(audio_server, audio_host); 120 121binder_call(audio_server, a2dp_host); 122 123binder_call(audio_server, hdf_devmgr); 124 125# interact with others 126 127binder_call(audio_server, media_service); 128 129allow audio_server sa_media_monitor:samgr_class { get }; 130binder_call(audio_server, media_monitor); 131 132binder_call(audio_server, bluetooth_service); 133 134binder_call(audio_server, intell_voice_service); 135 136allow audio_server sa_distributeddata_service:samgr_class { get }; 137binder_call(audio_server, distributeddata); 138 139binder_call(audio_server, hdcd); 140 141allow audio_server hidumper_service:fifo_file { write }; 142binder_call(audio_server, hidumper_service); 143 144allow audio_server multimodalinput:unix_stream_socket { read write }; 145allow audio_server sa_multimodalinput_service:samgr_class { get }; 146binder_call(audio_server, multimodalinput); 147 148allow audio_server sa_param_watcher:samgr_class { get }; 149binder_call(audio_server, param_watcher); 150 151allow audio_server sa_accesstoken_manager_service:samgr_class { get }; 152 153allow audio_server sa_powermgr_powermgr_service:samgr_class { get }; 154binder_call(audio_server, powermgr); 155 156allow audio_server sa_device_service_manager:samgr_class { get }; 157 158binder_call(audio_server, accesstoken_service); 159 160allow audio_server accessibility_param:file { map open read }; 161allow audio_server sa_accessibleabilityms:samgr_class { get }; 162binder_call(audio_server, accessibility); 163 164allow audio_server sa_privacy_service:samgr_class { get }; 165binder_call(audio_server, privacy_service); 166 167allow audio_server persist_audio_param:parameter_service { set }; 168allow audio_server persist_param:parameter_service { set }; 169 170allow audio_server paramservice_socket:sock_file { write }; 171 172allow audio_server sa_foundation_devicemanager_service:samgr_class { get }; 173 174binder_call(audio_server, foundation); 175 176allow audio_server sa_foundation_abilityms:samgr_class { get }; 177 178allow audio_server sa_foundation_bms:samgr_class { get }; 179 180allow audio_server sa_foundation_dms:samgr_class { get }; 181 182allow audio_server sa_dataobs_mgr_service_service:samgr_class { get }; 183 184binder_call(audio_server, device_manager); 185 186allow audio_server sa_resource_schedule:samgr_class { get }; 187 188allow audio_server sa_sensor_service:samgr_class { get }; 189binder_call(audio_server, sensors); 190 191allow audio_server sa_accountmgr:samgr_class { get }; 192binder_call(audio_server, accountmgr); 193 194binder_call(audio_server, camera_service); 195 196allow audio_server sa_foundation_cesfwk_service:samgr_class { get }; 197 198allow audio_server sa_memory_manager_service:samgr_class { get }; 199 200binder_call(audio_server, memmgrservice); 201 202allow audio_server sa_bgtaskmgr:samgr_class { get }; 203 204allow audio_server sa_avsession_service:samgr_class { get }; 205 206binder_call(audio_server, av_session); 207 208allow audio_server sa_usb_service:samgr_class { get }; 209binder_call(audio_server, usb_service); 210 211# others 212allow domain persist_audio_param:file { map open read }; 213allow audio_server sa_foundation_ans:samgr_class { get }; 214allow audio_server sa_foundation_appms:samgr_class { get }; 215allow audio_server audio_server:capability { sys_nice }; 216allow audio_server sa_storage_manager_service:samgr_class { get }; 217 218