1# Copyright (c) 2024 Huawei Device Co., Ltd. 2# Licensed under the Apache License, Version 2.0 (the "License"); 3# you may not use this file except in compliance with the License. 4# You may obtain a copy of the License at 5# 6# http://www.apache.org/licenses/LICENSE-2.0 7# 8# Unless required by applicable law or agreed to in writing, software 9# distributed under the License is distributed on an "AS IS" BASIS, 10# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11# See the License for the specific language governing permissions and 12# limitations under the License. 13 14type sharing_service, sadomain, domain; 15allow sharing_service foundation:binder { call transfer }; 16allow sharing_service hilog_param:file { map read open }; 17allow sharing_service media_service:binder { call }; 18allow sharing_service net_param:file { map open read }; 19allow sharing_service net_tcp_param:file { map open read }; 20allow sharing_service ohos_param:file { map open read }; 21allow sharing_service sa_accesstoken_manager_service:samgr_class { get }; 22allow sharing_service sa_sharing_service:samgr_class { add }; 23allow sharing_service sa_device_service_manager:samgr_class { get }; 24allow sharing_service sa_foundation_dms:samgr_class { get }; 25allow sharing_service security_param:file { map open read }; 26allow sharing_service startup_param:file { map open read }; 27allow sharing_service dev_unix_socket:dir { search }; 28allow sharing_service debug_param:file { map open read }; 29allow sharing_service sys_param:file { map open read }; 30allow sharing_service persist_param:file { map open read }; 31allow sharing_service persist_sys_param:file { map open read }; 32allow sharing_service system_bin_file:dir { search }; 33allow sharing_service system_core_hap_attr:binder { call transfer }; 34allow sharing_service tracefs:dir { search }; 35allow sharing_service dev_console_file:chr_file { read write }; 36allow sharing_service tracefs_trace_marker_file:file { open write }; 37allow sharing_service sa_audio_policy_service:samgr_class { get }; 38allow sharing_service sa_media_service:samgr_class { get }; 39allow sharing_service sa_softbus_service:samgr_class { get }; 40allow sharing_service sa_foundation_devicemanager_service:samgr_class { get }; 41allow sharing_service device_manager:binder { call transfer }; 42allow sharing_service softbus_server:binder { call transfer }; 43allow sharing_service softbus_server:fd { use }; 44allow sharing_service softbus_server:tcp_socket { read write setopt shutdown }; 45allow sharing_service media_service:binder { call transfer }; 46allow sharing_service sharing_service:unix_dgram_socket { getopt setopt }; 47allow sharing_service sysfs_devices_system_cpu:file { getattr read open }; 48allow sharing_service sharing_service:udp_socket { write read bind create setopt getattr connect shutdown}; 49allow sharing_service sharing_service:tcp_socket { write read bind create setopt getattr connect listen accept shutdown }; 50allow sharing_service node:udp_socket { node_bind }; 51allow sharing_service node:tcp_socket { node_bind }; 52allow sharing_service wifi_manager_service:binder { call transfer}; 53allow wifi_manager_service sharing_service:binder { call transfer }; 54allow sharing_service resource_schedule_service:binder { call }; 55allow sharing_service sa_resource_schedule:samgr_class { get }; 56allow sharing_service av_codec_service:binder { call transfer }; 57allow sharing_service av_codec_service:fd { use }; 58allow sharing_service codec_host:fd { use }; 59allow sharing_service sa_av_codec_service:samgr_class { get }; 60allow sharing_service sa_wifi_p2p_ability:samgr_class { get }; 61allow sharing_service sa_sharing_service:samgr_class { get add }; 62allow sharing_service sa_sharing_service_domain:samgr_class { get add }; 63allow sharing_service arkcompiler_param:file { map open read }; 64allow sharing_service dev_kmsg_file:chr_file { open read write }; 65allow sharing_service tty_device:chr_file { open read write }; 66allow sharing_service chip_prod_file:dir { search }; 67allow sharing_service dev_ashmem_file:chr_file { open }; 68allow foundation sharing_service:binder { call }; 69allow sharing_service sa_pulseaudio_audio_service:samgr_class { get }; 70allow sharing_service sa_media_monitor:samgr_class { get }; 71allow sharing_service sa_foundation_bms:samgr_class { get }; 72allow sharing_service audio_server:fd { use }; 73allow sharing_service audio_server:binder { call transfer }; 74allow sharing_service sa_render_service:samgr_class { get }; 75allow sharing_service sa_powermgr_powermgr_service:samgr_class { get }; 76allow sharing_service powermgr:binder { call }; 77allow sharing_service render_service:binder { call }; 78allow sharing_service render_service:fd { use }; 79allow sharing_service sa_render_service:samgr_class { get }; 80allow sharing_service render_service:binder { transfer }; 81allow render_service sharing_service:binder { call }; 82allow render_service sharing_service:binder { transfer }; 83allow sharing_service sa_wifi_device_ability:samgr_class { get }; 84allow sharing_service port:tcp_socket { name_connect }; 85allow sharing_service sharing_service:udp_socket { ioctl }; 86allowxperm sharing_service sharing_service:udp_socket ioctl { 0x8915 }; 87allow sharing_service data_file:dir { search }; 88allow sharing_service data_service_file:dir { search }; 89allow sharing_service data_service_el1_file:dir { search }; 90allow sharing_service data_service_el1_public_sharing_service_file:dir { search write add_name remove_name }; 91allow sharing_service data_service_el1_public_sharing_service_file:file { create open read write lock getattr setattr ioctl rename unlink }; 92allowxperm sharing_service data_service_el1_public_sharing_service_file:file ioctl { 0x5413 }; 93allow sharing_service sa_accountmgr:samgr_class { get }; 94allow sharing_service sa_distributeddata_service:samgr_class { get }; 95allow sharing_service distributeddata:binder { call }; 96allow sharing_service accountmgr:binder { call }; 97 98#avc: denied { get } for service=1909 sid=u:r:sharing_service:s0 scontext=u:r:sharing_service:s0 tcontext=u:object_r:sa_memory_manager_service:s0 tclass=samgr_class permissive=0 99allow sharing_service sa_memory_manager_service:samgr_class { get }; 100allow sharing_service memmgrservice:binder { call }; 101