• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# Copyright (c) 2023 Huawei Device Co., Ltd.
2# Licensed under the Apache License, Version 2.0 (the "License");
3# you may not use this file except in compliance with the License.
4# You may obtain a copy of the License at
5#
6#     http://www.apache.org/licenses/LICENSE-2.0
7#
8# Unless required by applicable law or agreed to in writing, software
9# distributed under the License is distributed on an "AS IS" BASIS,
10# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11# See the License for the specific language governing permissions and
12# limitations under the License.
13
14updater_only(`
15
16# avc_audit_slow:267] avc: denied { map } for pid=793, comm="/bin/updater_binary"  path="/dev/__parameters__/u:object_r:persist_param:s0" dev="" ino=179 scontext=u:r:updater_binary:s0 tcontext=u:object_r:persist_param:s0 tclass=file permissive=1
17# avc_audit_slow:267] avc: denied { open } for pid=793, comm="/bin/updater_binary"  path="/dev/__parameters__/u:object_r:persist_param:s0" dev="" ino=179 scontext=u:r:updater_binary:s0 tcontext=u:object_r:persist_param:s0 tclass=file permissive=1
18allow updater_binary persist_param:file { map open };
19
20#avc: denied { search } for pid=281 comm="updater" name="/" dev="rootfs" ino=1 scontext=u:object_r:updater_binary:s0 tcontext=u:object_r:rootfs:s0 tclass=dir permissive=1
21# avc:  denied  { read write } for  pid=273 comm="updater_binary" name="updater" dev="rootfs" ino=20121 scontext=u:r:updater_binary:s0 tcontext=u:object_r:rootfs:s0 tclass=dir permissive=0
22# avc:  denied  { add_name } for  pid=269 comm="updater_binary" name="loadScript.us" scontext=u:r:updater_binary:s0 tcontext=u:object_r:rootfs:s0 tclass=dir permissive=0
23# avc: denied { create } for pid=264 comm="updater_binary" name="update_tmp" scontext=u:r:updater_binary:s0 tcontext=u:object_r:rootfs:s0 tclass=dir permissive=1
24# avc: denied { open } for pid=264 comm="updater_binary" path="/data/updater/update_tmp" dev="rootfs" ino=20420 scontext=u:r:updater_binary:s0 tcontext=u:object_r:rootfs:s0 tclass=dir permissive=1
25# avc: denied { remove_name } for pid=264 comm="updater_binary" name="system" dev="rootfs" ino=20402 scontext=u:r:updater_binary:s0 tcontext=u:object_r:rootfs:s0 tclass=dir permissive=1
26allow updater_binary rootfs:dir { search read write add_name create open remove_name };
27
28#avc: denied { execute } for pid=279 comm="updater" name="ld-musl-arm.so.1" dev="rootfs" ino=596 scontext=u:r:updater_binary:s0 tcontext=u:object_r:rootfs:s0 tclass=file permissive=1
29#avc: denied { read open } for pid=279 comm="updater" path="/lib/ld-musl-arm.so.1" dev="rootfs" ino=596 scontext=u:r:updater_binary:s0 tcontext=u:object_r:rootfs:s0 tclass=file permissive=1
30#avc: denied { map } for pid=279 comm="updater_binary" path="/lib/ld-musl-arm.so.1" dev="rootfs" ino=596 scontext=u:r:updater_binary:s0 tcontext=u:object_r:rootfs:s0 tclass=file permissive=1
31#avc: denied { getattr } for pid=279 comm="updater_binary" path="/etc/ld-musl-namespace-arm.ini" dev="rootfs" ino=418 scontext=u:r:updater_binary:s0 tcontext=u:object_r:rootfs:s0 tclass=file permissive=1
32# avc:  denied  { execute_no_trans } for  pid=277 comm="updater_binary" path="/bin/processdump" dev="rootfs" ino=17428 scontext=u:r:updater_binary:s0 tcontext=u:object_r:rootfs:s0 tclass=file permissive=0
33# avc:  denied  { create } for  pid=267 comm="updater_binary" name="loadScript.us" scontext=u:r:updater_binary:s0 tcontext=u:object_r:rootfs:s0 tclass=file permissive=0
34# avc:  denied  { write } for  pid=269 comm="updater_binary" path="/data/updater/loadScript.us" dev="rootfs" ino=27819 scontext=u:r:updater_binary:s0 tcontext=u:object_r:rootfs:s0 tclass=file permissive=0
35# avc:  denied  { ioctl } for  pid=265 comm="updater_binary" path="/data/updater/Verse-script.us" dev="rootfs" ino=18908 ioctlcmd=0x5413 scontext=u:r:updater_binary:s0 tcontext=u:object_r:rootfs:s0 tclass=file permissive=0
36# avc: denied { ioctl } for pid=264 comm="updater_binary" path="/data/updater/system" dev="rootfs" ino=20402 ioctlcmd=0x5413 scontext=u:r:updater_binary:s0 tcontext=u:object_r:rootfs:s0 tclass=file permissive=1
37# avc: denied { rename } for pid=264 comm="updater_binary" name="system" dev="rootfs" ino=20402 scontext=u:r:updater_binary:s0 tcontext=u:object_r:rootfs:s0 tclass=file permissive=1
38allow updater_binary rootfs:file { execute read open map getattr execute_no_trans create write ioctl rename };
39
40# avc:  denied  { ioctl } for  pid=265 comm="updater_binary" path="/data/updater/Verse-script.us" dev="rootfs" ino=18908 ioctlcmd=0x5413 scontext=u:r:updater_binary:s0 tcontext=u:object_r:rootfs:s0 tclass=file permissive=0
41allowxperm updater_binary rootfs:file ioctl { 0x5413 };
42
43#avc: denied { ioctl } for pid=270 comm="updater_binary" path="/dev/console" dev="rootfs" ino=17411 ioctlcmd=0x5413 scontext=u:r:updater_binary:s0 tcontext=u:object_r:rootfs:s0 tclass=chr_file permissive=1
44#avc: denied { write } for pid=270 comm="updater_binary" path="/dev/console" dev="rootfs" ino=17411 scontext=u:r:updater_binary:s0 tcontext=u:object_r:rootfs:s0 tclass=chr_file permissive=1
45allow updater_binary rootfs:chr_file { ioctl write };
46allowxperm updater_binary rootfs:chr_file ioctl { 0x5413 };
47
48#avc: denied { search } for pid=281 comm="updater" name="/" dev="tmpfs" ino=1 scontext=u:object_r:updater_binary:s0 tcontext=u:object_r:tmpfs:s0 tclass=dir permissive=1
49#avc: denied { remove_name } for pid=725, comm="/tmp/updater_binary"  name="" dev="tmpfs" ino=0 scontext=u:r:updater_binary:s0 tcontext=u:object_r:tmpfs:s0 tclass=dir permissive=0
50allow updater_binary tmpfs:dir { search remove_name };
51
52#avc: denied { execute } for pid=279 comm="updater" name="updater_binary" dev="tmpfs" ino=6 scontext=u:r:updater_binary:s0 tcontext=u:object_r:tmpfs:s0 tclass=file permissive=1
53#avc: denied { open } for pid=279 comm="updater" path="/tmp/updater_binary" dev="tmpfs" ino=6 scontext=u:r:updater_binary:s0 tcontext=u:object_r:tmpfs:s0 tclass=file permissive=1
54#avc: denied { execute_no_trans } for pid=279 comm="updater" path="/tmp/updater_binary" dev="tmpfs" ino=6 scontext=u:r:updater_binary:s0 tcontext=u:object_r:tmpfs:s0 tclass=file permissive=1
55#avc: denied { read open } for pid=281 comm="updater" path="/tmp/updater_binary" dev="tmpfs" ino=5 scontext=u:object_r:updater_binary:s0 tcontext=u:object_r:tmpfs:s0 tclass=file permissive=1
56#avc: denied { append } for pid=270 comm="updater_binary" name="updater.log" dev="tmpfs" ino=2 scontext=u:r:updater_binary:s0 tcontext=u:object_r:tmpfs:s0 tclass=file permissive=1
57#avc: denied { getattr } for pid=270 comm="updater_binary" path="/tmp/updater.log" dev="tmpfs" ino=2 scontext=u:r:updater_binary:s0 tcontext=u:object_r:tmpfs:s0 tclass=file permissive=1
58#avc: denied { ioctl } for pid=270 comm="updater_binary" path="/tmp/updater.log" dev="tmpfs" ino=2 ioctlcmd=0x5413 scontext=u:r:updater_binary:s0 tcontext=u:object_r:tmpfs:s0 tclass=file permissive=1
59allow updater_binary tmpfs:file { unlink execute read open execute_no_trans append getattr ioctl create write};
60allowxperm updater_binary tmpfs:file ioctl { 0x5413 };
61
62# avc: denied { fork } for pid=281 comm="updater_binary" scontext=u:object_r:updater_binary:s0 tcontext=u:object_r:updater_binary:s0 tclass=process permissive=1
63allow updater_binary updater_binary:process { fork };
64
65# avc: denied { write } for pid=281 comm="updater_binary" path="pipe:[1664]" dev="pipefs" ino=1664 scontext=u:object_r:updater_binary:s0 tcontext=u:r:updater:s0 tclass=fifo_file permissive=1
66# avc: denied { getattr } for pid=270 comm="updater_binary" path="pipe:[18906]" dev="pipefs" ino=18906 scontext=u:r:updater_binary:s0 tcontext=u:r:updater:s0 tclass=fifo_file permissive=1
67# avc: denied { ioctl } for pid=270 comm="updater_binary" path="pipe:[20191]" dev="pipefs" ino=20191 ioctlcmd=0x5413 scontext=u:r:updater_binary:s0 tcontext=u:r:updater:s0 tclass=fifo_file permissive=1
68allow updater_binary updater:fifo_file { write getattr ioctl };
69allowxperm updater_binary updater:fifo_file ioctl { 0x5413 };
70
71# avc: denied { use } for pid=270 comm="updater_binary" path="pipe:[20191]" dev="pipefs" ino=20191 ioctlcmd=0x5413 scontext=u:r:updater_binary:s0 tcontext=u:r:updater:s0 tclass=fd permissive=1
72allow updater_binary updater:fd { use };
73
74#avc: denied { read } for pid=279 comm="updater_binary" name="u:object_r:ohos_boot_param:s0" dev="tmpfs" ino=18 scontext=u:r:updater_binary:s0 tcontext=u:object_r:ohos_boot_param:s0 tclass=file permissive=1
75#avc: denied { open } for pid=279 comm="updater_binary" path="/dev/__parameters__/u:object_r:ohos_boot_param:s0" dev="tmpfs" ino=18 scontext=u:r:updater_binary:s0 tcontext=u:object_r:ohos_boot_param:s0 tclass=file permissive=1
76#avc: denied { map } for pid=279 comm="updater_binary" path="/dev/__parameters__/u:object_r:ohos_boot_param:s0" dev="tmpfs" ino=18 scontext=u:r:updater_binary:s0 tcontext=u:object_r:ohos_boot_param:s0 tclass=file permissive=1
77allow updater_binary ohos_boot_param:file { open map read };
78
79# avc: denied { search } for pid=268 comm="updater_binary" name="/" dev="tmpfs" ino=1 scontext=u:object_r:updater_binary:s0 tcontext=u:object_r:dev_file:s0 tclass=dir permissive=1
80allow updater_binary dev_file:dir { search };
81
82#  avc: denied { read } for pid=268 comm="updater_binary" name="misc" dev="tmpfs" ino=128 scontext=u:object_r:updater_binary:s0 tcontext=u:object_r:dev_file:s0 tclass=lnk_file permissive=1
83allow updater_binary dev_file:lnk_file { read };
84
85#  avc: denied { read } for pid=268 comm="updater_binary" name="urandom" dev="tmpfs" ino=5 scontext=u:object_r:updater_binary:s0 tcontext=u:object_r:dev_random_file:s0 tclass=chr_file permissive=1
86allow updater_binary dev_random_file:chr_file { read };
87
88#avc: denied { search } for pid=268 comm="updater_binary" name="block" dev="tmpfs" ino=94 scontext=u:object_r:updater_binary:s0 tcontext=u:object_r:dev_block_volfile:s0 tclass=dir permissive=1
89allow updater_binary dev_block_volfile:dir { search };
90
91#avc: denied { read } for pid=268 comm="updater_binary" name="by-name" dev="tmpfs" ino=101 scontext=u:object_r:updater_binary:s0 tcontext=u:object_r:dev_block_volfile:s0 tclass=lnk_file permissive=1
92allow updater_binary dev_block_volfile:lnk_file { read };
93
94#avc: denied { read write } for pid=268 comm="updater_binary" name="mmcblk0p2" dev="tmpfs" ino=127 scontext=u:object_r:updater_binary:s0 tcontext=u:object_r:dev_block_file:s0 tclass=blk_file permissive=1
95#avc: denied { open } for pid=270 comm="updater_binary" path="/dev/block/mmcblk0p2" dev="tmpfs" ino=132 scontext=u:r:updater_binary:s0 tcontext=u:object_r:dev_block_file:s0 tclass=blk_file permissive=1
96# avc:  denied  { map } for  pid=267 comm="updater_binary" path="/dev/block/mmcblk0p6" dev="tmpfs" ino=122 scontext=u:r:updater:s0 tcontext=u:object_r:dev_block_file:s0 tclass=blk_file permissive=0
97# avc:  denied  { getattr } for  pid=266 comm="updater_binary" path="/dev/block/mmcblk0p2" dev="tmpfs" ino=128 scontext=u:r:updater_binary:s0 tcontext=u:object_r:dev_block_file:s0 tclass=blk_file permissive=0
98# avc:  denied  { ioctl } for  pid=266 comm="updater_binary" path="/dev/block/mmcblk0p8" dev="tmpfs" ino=120 ioctlcmd=0x1277 scontext=u:r:updater_binary:s0 tcontext=u:object_r:dev_block_file:s0 tclass=blk_file permissive=0
99allow updater_binary dev_block_file:blk_file { read write open map getattr ioctl };
100
101# avc:  denied  { ioctl } for  pid=266 comm="updater_binary" path="/dev/block/mmcblk0p8" dev="tmpfs" ino=120 ioctlcmd=0x1277 scontext=u:r:updater_binary:s0 tcontext=u:object_r:dev_block_file:s0 tclass=blk_file permissive=0
102allowxperm updater_binary dev_block_file:blk_file ioctl { 0x1277 };
103
104# avc: denied { search } for pid=282 comm="updater_binary" name="__parameters__" dev="tmpfs" ino=11 scontext=u:object_r:updater_binary:s0 tcontext=u:object_r:dev_parameters_file:s0 tclass=dir permissive=1
105allow updater_binary dev_parameters_file:dir { search };
106
107# avc: denied { read } for pid=282 comm="updater_binary" name="param_selinux" dev="tmpfs" ino=12 scontext=u:object_r:updater_binary:s0 tcontext=u:object_r:dev_parameters_file:s0 tclass=file permissive=1
108allow updater_binary dev_parameters_file:file { read };
109
110# avc: denied { search } for pid=282 comm="updater_binary" name="/" dev="proc" ino=1 scontext=u:object_r:updater_binary:s0 tcontext=u:object_r:proc_file:s0 tclass=dir permissive=1
111allow updater_binary proc_file:dir { search };
112
113#avc: denied { search } for pid=277 comm="updater_binary" name="277" dev="proc" ino=27311 scontext=u:object_r:updater_binary:s0 tcontext=u:object_r:updater_binary:s0 tclass=dir permissive=1
114allow updater_binary updater_binary:dir { search };
115
116#avc: denied { read } for pid=273 comm="updater_binary" name="by-name" dev="tmpfs" ino=105 scontext=u:object_r:updater_binary:s0 tcontext=u:object_r:dev_block_volfile:s0 tclass=lnk_file permissive=1
117allow updater_binary updater_binary:lnk_file { read };
118
119# avc: denied { search } for pid=277 comm="updater_binary" name="system" dev="rootfs" ino=18624 scontext=u:object_r:updater_binary:s0 tcontext=u:object_r:system_file:s0 tclass=dir permissive=1
120allow updater_binary system_file:dir { search };
121
122# avc: denied { read } for pid=277 comm="updater_binary" name="lib" dev="rootfs" ino=18625 scontext=u:object_r:updater_binary:s0 tcontext=u:object_r:system_lib_file:s0 tclass=lnk_file permissive=1
123allow updater_binary system_lib_file:lnk_file { read };
124
125# avc: denied { search } for pid=280 comm="updater_binary" name="vendor" dev="rootfs" ino=17285 scontext=u:object_r:updater_binary:s0 tcontext=u:object_r:vendor_file:s0 tclass=dir permissive=1
126allow updater_binary vendor_file:dir { search };
127
128# avc: denied { read } for pid=280 comm="updater_binary" name="u:object_r:hook_param:s0" dev="tmpfs" ino=35 scontext=u:object_r:updater_binary:s0 tcontext=u:object_r:hook_param:s0 tclass=file permissive=1
129# avc: denied { open } for pid=273 comm="updater_binary" path="/dev/__parameters__/u:object_r:hook_param:s0" dev="tmpfs" ino=35 scontext=u:object_r:updater_binary:s0 tcontext=u:object_r:hook_param:s0 tclass=file permissive=1
130allow updater_binary hook_param:file { read open };
131
132#avc: denied { read } for pid=279 comm="updater_binary" name="u:object_r:musl_param:s0" dev="tmpfs" ino=40 scontext=u:r:updater_binary:s0 tcontext=u:object_r:musl_param:s0 tclass=file permissive=1
133#avc: denied { open } for pid=270 comm="updater_binary" path="/dev/__parameters__/u:object_r:musl_param:s0" dev="tmpfs" ino=40 scontext=u:r:updater_binary:s0 tcontext=u:object_r:musl_param:s0 tclass=file permissive=1
134#avc: denied { map } for pid=270 comm="updater_binary" path="/dev/__parameters__/u:object_r:musl_param:s0" dev="tmpfs" ino=40 scontext=u:r:updater_binary:s0 tcontext=u:object_r:musl_param:s0 tclass=file permissive=1
135allow updater_binary musl_param:file { read open map };
136
137# avc: denied { read } for pid=270 comm="updater_binary" name="etc" dev="rootfs" ino=17415 scontext=u:r:updater_binary:s0 tcontext=u:object_r:system_etc_file:s0 tclass=lnk_file permissive=1
138allow updater_binary system_etc_file:lnk_file { read };
139
140# avc: denied { read } for pid=273 comm="updater_binary" name="u:object_r:time_param:s0" dev="tmpfs" ino=51 scontext=u:object_r:updater_binary:s0 tcontext=u:object_r:time_param:s0 tclass=file permissive=1
141allow updater_binary time_param:file { read };
142
143# avc: denied { create } for pid=273 comm="updater_binary" scontext=u:object_r:updater_binary:s0 tcontext=u:object_r:updater_binary:s0 tclass=unix_dgram_socket permissive=1
144allow updater_binary updater_binary:unix_dgram_socket { create };
145
146# avc: denied { search } for pid=274 comm="updater_binary" name="unix" dev="tmpfs" ino=7 scontext=u:object_r:updater_binary:s0 tcontext=u:object_r:dev_unix_file:s0 tclass=dir permissive=1
147allow updater_binary dev_unix_file:dir { search };
148
149#avc: denied { search } for pid=270 comm="updater_binary" name="socket" dev="tmpfs" ino=8 scontext=u:r:updater_binary:s0 tcontext=u:object_r:dev_unix_socket:s0 tclass=dir permissive=1
150allow updater_binary dev_unix_socket:dir { search };
151
152# avc: denied { write } for pid=274 comm="updater_binary" name="hilogInput" dev="tmpfs" ino=315 scontext=u:object_r:updater_binary:s0 tcontext=u:object_r:hilog_input_socket:s0 tclass=sock_file permissive=1
153allow updater_binary hilog_input_socket:sock_file { write };
154
155# avc: denied { use } for pid=274 comm="updater_binary" path="/dev/console" dev="rootfs" ino=17230 ioctlcmd=0x5413 scontext=u:object_r:updater_binary:s0 tcontext=u:r:kernel:s0 tclass=fd permissive=1
156allow updater_binary kernel:fd { use };
157
158# avc: denied { search } for pid=270 comm="updater_binary" name="/" dev="mmcblk0p12" ino=3 scontext=u:r:updater_binary:s0 tcontext=u:object_r:data_file:s0 tclass=dir permissive=1
159# avc:  denied  { add_name } for  pid=263 comm="updater_binary" name="updater" scontext=u:r:updater:s0 tcontext=u:object_r:data_file:s0 tclass=dir permissive=0
160# avc:  denied  { create } for  pid=271 comm="updater_binary" name="updater" scontext=u:r:updater:s0 tcontext=u:object_r:data_file:s0 tclass=dir permissive=0
161# avc:  denied  { getattr } for  pid=268 comm="updater_binary" path="/data" dev="mmcblk0p12" ino=3 scontext=u:r:updater_binary:s0 tcontext=u:object_r:data_file:s0 tclass=dir permissive=0
162# avc:  denied  { write } for  pid=266 comm="updater_binary" name="data" dev="rootfs" ino=2725 scontext=u:r:updater_binary:s0 tcontext=u:object_r:data_file:s0 tclass=dir permissive=0
163allow updater_binary data_file:dir { search add_name create getattr write };
164
165#avc: denied { add_name } for pid=279 comm="updater_binary" name="loadScript.us" scontext=u:r:updater_binary:s0 tcontext=u:object_r:data_updater_file:s0 tclass=dir permissive=1
166#avc: denied { search } for pid=270 comm="updater_binary" name="updater" dev="mmcblk0p12" ino=118 scontext=u:r:updater_binary:s0 tcontext=u:object_r:data_updater_file:s0 tclass=dir permissive=1
167#avc: denied { read write } for pid=270 comm="updater_binary" name="updater" dev="mmcblk0p12" ino=118 scontext=u:r:updater_binary:s0 tcontext=u:object_r:data_updater_file:s0 tclass=dir permissive=1
168#avc: denied { getattr } for pid=270 comm="updater_binary" path="/data/updater" dev="mmcblk0p12" ino=118 scontext=u:r:updater_binary:s0 tcontext=u:object_r:data_updater_file:s0 tclass=dir permissive=1
169# avc:  denied  { setattr } for  pid=263 comm="updater_binary" name="update_tmp" dev="mmcblk0p12" ino=3277 scontext=u:r:updater:s0 tcontext=u:object_r:data_updater_file:s0 tclass=dir permissive=0
170# avc:  denied  { remove_name } for  pid=267 comm="updater_binary" name="vendor" dev="mmcblk0p12" ino=4733 scontext=u:r:updater_binary:s0 tcontext=u:object_r:data_updater_file:s0 tclass=dir permissive=0
171# avc:  denied  { create } for  pid=268 comm="updater_binary" name="update_tmp" scontext=u:r:updater_binary:s0 tcontext=u:object_r:data_updater_file:s0 tclass=dir permissive=0
172# avc:  denied  { open } for  pid=270 comm="updater_binary" path="/data/updater/update_tmp" dev="mmcblk0p12" ino=1376 scontext=u:r:updater_binary:s0 tcontext=u:object_r:data_updater_file:s0 tclass=dir permissive=0
173allow updater_binary data_updater_file:dir { open create setattr add_name search read write getattr remove_name };
174allow updater_binary update_firmware_file:dir { open create setattr add_name search read write getattr remove_name };
175
176#avc: denied { read } for pid=270 comm="updater_binary" name="updater.zip" dev="mmcblk0p12" ino=4136 scontext=u:r:updater_binary:s0 tcontext=u:object_r:data_updater_file:s0 tclass=file permissive=1
177#avc: denied { open } for pid=270 comm="updater_binary" path="/data/updater/updater.zip" dev="mmcblk0p12" ino=4136 scontext=u:r:updater_binary:s0 tcontext=u:object_r:data_updater_file:s0 tclass=file permissive=1
178#avc: denied { getattr } for pid=270 comm="updater_binary" path="/data/updater/updater.zip" dev="mmcblk0p12" ino=4136 scontext=u:r:updater_binary:s0 tcontext=u:object_r:data_updater_file:s0 tclass=file permissive=1
179#avc: denied { write } for pid=270 comm="updater_binary" name="update.bin.tmp" dev="mmcblk0p12" ino=5916 scontext=u:r:updater_binary:s0 tcontext=u:object_r:data_updater_file:s0 tclass=file permissive=1
180#avc: denied { create } for pid=279 comm="updater_binary" name="loadScript.us" scontext=u:r:updater_binary:s0 tcontext=u:object_r:data_updater_file:s0 tclass=file permissive=1
181#denied { ioctl } for pid=281 comm="updater_binary" path="/data/updater/update.bin.tmp" dev="mmcblk0p12" ino=6829 ioctlcmd=0x5413 scontext=u:r:updater_binary:s0 tcontext=u:object_r:data_updater_file:s0 tclass=file permissive=1
182# avc:  denied  { rename } for  pid=268 comm="updater_binary" name="vendor" dev="mmcblk0p12" ino=1006 scontext=u:r:updater:s0 tcontext=u:object_r:data_updater_file:s0 tclass=file permissive=0
183# avc:  denied  { setattr } for  pid=268 comm="updater_binary" name="vendor_retry" dev="mmcblk0p12" ino=4748 scontext=u:r:updater_binary:s0 tcontext=u:object_r:data_updater_file:s0 tclass=file permissive=0
184# avc:  denied  { unlink } for  pid=269 comm="updater_binary" name="deaf4cd35457797973b4e888888560b4794df92865f14d616ae99853a484605b" dev="mmcblk0p12" ino=1918 scontext=u:r:updater_binary:s0 tcontext=u:object_r:data_updater_file:s0 tclass=file permissive=0
185allow updater_binary data_updater_file:file { read open getattr write create ioctl rename setattr unlink map};
186allowxperm updater_binary data_updater_file:file ioctl { 0x5413 };
187
188allow updater_binary update_firmware_file:file { read open getattr write create ioctl rename setattr unlink map};
189allowxperm updater_binary update_firmware_file:file ioctl { 0x5413 };
190
191# avc: denied { read } for pid=279 comm="processdump" name="u:object_r:hilog_param:s0" dev="tmpfs" ino=34 scontext=u:r:updater_binary:s0 tcontext=u:object_r:hilog_param:s0 tclass=file permissive=0
192# avc:  denied  { open } for  pid=278 comm="processdump" path="/dev/__parameters__/u:object_r:hilog_param:s0" dev="tmpfs" ino=34 scontext=u:r:updater_binary:s0 tcontext=u:object_r:hilog_param:s0 tclass=file permissive=0
193# avc:  denied  { map } for  pid=278 comm="processdump" path="/dev/__parameters__/u:object_r:hilog_param:s0" dev="tmpfs" ino=34 scontext=u:r:updater_binary:s0 tcontext=u:object_r:hilog_param:s0 tclass=file permissive=0
194allow updater_binary hilog_param:file { read open map };
195
196# avc:  denied  { read write } for  pid=272 comm="processdump" path="/data/log/faultlog/temp/cppcrash-265-1679413199123" dev="mmcblk0p12" ino=8782 scontext=u:r:updater_binary:s0 tcontext=u:object_r:faultloggerd_temp_file:s0 tclass=file permissive=0
197allow updater_binary faultloggerd_temp_file:file { read write };
198
199# avc:  denied  { search } for  pid=279 comm="updater_binary" name="/" dev="mmcblk1p1" ino=1 scontext=u:r:updater_binary:s0 tcontext=u:object_r:exfat:s0 tclass=dir permissive=0
200# avc:  denied  { read write } for  pid=281 comm="updater_binary" name="updater" dev="mmcblk1p1" ino=99 scontext=u:r:updater_binary:s0 tcontext=u:object_r:exfat:s0 tclass=dir permissive=0
201allow updater_binary exfat:dir { search read write };
202
203# avc:  denied  { read } for  pid=270 comm="updater_binary" name="updater.zip" dev="mmcblk1p1" ino=100 scontext=u:r:updater_binary:s0 tcontext=u:object_r:exfat:s0 tclass=file permissive=0
204# avc:  denied  { open } for  pid=270 comm="updater_binary" path="/sdcard/updater/updater.zip" dev="mmcblk1p1" ino=100 scontext=u:r:updater_binary:s0 tcontext=u:object_r:exfat:s0 tclass=file permissive=0
205# avc:  denied  { getattr } for  pid=265 comm="updater_binary" path="/sdcard/updater/updater.zip" dev="mmcblk1p1" ino=100 scontext=u:r:updater_binary:s0 tcontext=u:object_r:exfat:s0 tclass=file permissive=0
206# avc:  denied  { write } for  pid=265 comm="updater_binary" name="update.bin.tmp" dev="mmcblk1p1" ino=101 scontext=u:r:updater_binary:s0 tcontext=u:object_r:exfat:s0 tclass=file permissive=0
207# avc:  denied  { ioctl } for  pid=266 comm="updater_binary" path="/sdcard/updater/build_tools.zip.tmp" dev="mmcblk1p1" ino=102 ioctlcmd=0x5413 scontext=u:r:updater_binary:s0 tcontext=u:object_r:exfat:s0 tclass=file permissive=0
208allow updater_binary exfat:file { read open getattr write ioctl };
209allowxperm updater_binary exfat:file ioctl { 0x5413 };
210
211# avc:  denied  { read write } for  pid=262 comm="updater_binary" name="updater" dev="mmcblk1p1" ino=99 scontext=u:r:updater_binary:s0 tcontext=u:object_r:vfat:s0 tclass=dir permissive=0
212# avc:  denied  { search } for  pid=262 comm="updater_binary" name="/" dev="mmcblk1p1" ino=1 scontext=u:r:updater_binary:s0 tcontext=u:object_r:vfat:s0 tclass=dir permissive=0
213allow updater_binary vfat:dir { search read write };
214
215# avc:  denied  { read } for  pid=268 comm="updater_binary" name="updater.zip" dev="mmcblk1p1" ino=100 scontext=u:r:updater_binary:s0 tcontext=u:object_r:vfat:s0 tclass=file permissive=0
216# avc:  denied  { open } for  pid=267 comm="updater_binary" path="/sdcard/updater/updater.zip" dev="mmcblk1p1" ino=100 scontext=u:r:updater_binary:s0 tcontext=u:object_r:vfat:s0 tclass=file permissive=0
217# avc:  denied  { getattr } for  pid=261 comm="updater_binary" path="/sdcard/updater/updater.zip" dev="mmcblk1p1" ino=100 scontext=u:r:updater_binary:s0 tcontext=u:object_r:vfat:s0 tclass=file permissive=0
218# avc:  denied  { write } for  pid=261 comm="updater_binary" name="update.bin.tmp" dev="mmcblk1p1" ino=101 scontext=u:r:updater_binary:s0 tcontext=u:object_r:vfat:s0 tclass=file permissive=0
219# avc:  denied  { ioctl } for  pid=266 comm="updater_binary" path="/sdcard/updater/build_tools.zip.tmp" dev="mmcblk1p1" ino=102 ioctlcmd=0x5413 scontext=u:r:updater_binary:s0 tcontext=u:object_r:vfat:s0 tclass=file permissive=0
220allow updater_binary vfat:file { read open getattr write ioctl };
221
222# avc:  denied  { ioctl } for  pid=266 comm="updater_binary" path="/sdcard/updater/build_tools.zip.tmp" dev="mmcblk1p1" ino=102 ioctlcmd=0x5413 scontext=u:r:updater_binary:s0 tcontext=u:object_r:vfat:s0 tclass=file permissive=0
223allowxperm updater_binary vfat:file ioctl { 0x5413 };
224
225# avc:  denied  { search } for  pid=268 comm="updater_binary" name="/" dev="mmcblk1p1" ino=1 scontext=u:r:updater_binary:s0 tcontext=u:object_r:ntfs:s0 tclass=dir permissive=0
226allow updater_binary ntfs:dir { search read write };
227
228# avc:  denied  { read } for  pid=276 comm="updater_binary" name="updater.zip" dev="mmcblk1p1" ino=65 scontext=u:r:updater_binary:s0 tcontext=u:object_r:ntfs:s0 tclass=file permissive=0
229# avc:  denied  { ioctl } for  pid=268 comm="updater_binary" path="/sdcard/updater/build_tools.zip.tmp" dev="mmcblk1p1" ino=67 ioctlcmd=0x5413 scontext=u:r:updater_binary:s0 tcontext=u:object_r:ntfs:s0 tclass=file permissive=0
230allow updater_binary ntfs:file { read open getattr write ioctl };
231
232# avc:  denied  { ioctl } for  pid=268 comm="updater_binary" path="/sdcard/updater/build_tools.zip.tmp" dev="mmcblk1p1" ino=67 ioctlcmd=0x5413 scontext=u:r:updater_binary:s0 tcontext=u:object_r:ntfs:s0 tclass=file permissive=0
233allowxperm updater_binary ntfs:file ioctl { 0x5413 };
234
235allow updater_binary tmpfs:dir { read write add_name };
236
237# avc:  denied  { map } for  pid=272 comm="updater_binary" path="/dev/__parameters__/u:object_r:debug_param:s0" dev="tmpfs" ino=38 scontext=u:r:updater_binary:s0 tcontext=u:object_r:debug_param:s0 tclass=file permissive=1
238# avc:  denied  { open } for  pid=272 comm="updater_binary" path="/dev/__parameters__/u:object_r:debug_param:s0" dev="tmpfs" ino=38 scontext=u:r:updater_binary:s0 tcontext=u:object_r:debug_param:s0 tclass=file permissive=1
239# avc:  denied  { read } for  pid=272 comm="updater_binary" name="u:object_r:debug_param:s0" dev="tmpfs" ino=38 scontext=u:r:updater_binary:s0 tcontext=u:object_r:debug_param:s0 tclass=file permissive=1
240allow updater_binary debug_param:file { map open read };
241
242allow updater_binary data_file:file { setattr write create };
243
244allow updater_binary exfat:file { map };
245allow updater_binary ntfs:file { map };
246allow updater_binary vfat:file { map };
247
248# avc: denied { execute_no_trans } for pid=267 comm="updater" path="/tmp/updater_binary" dev="tmpfs" ino=5 scontext=u:r:updater_binary:s0 tcontext=u:object_r:updater_binary_exec:s0 tclass=file permissive=0
249allow updater_binary updater_binary_exec:file { execute_no_trans };
250
251# avc: denied { ioctl } for pid=267 comm="updater" path="/dev/dri/card0" dev="tmpfs" ino=93 ioctlcmd=0x6409 scontext=u:r:updater_binary:s0 tcontext=u:object_r:dev_dri_file:s0 tclass=chr_file permissive=0
252allow updater_binary dev_dri_file:chr_file { ioctl };
253
254# avc: denied { ioctl } for pid=267 comm="updater" path="/dev/dri/card0" dev="tmpfs" ino=93 ioctlcmd=0x6409 scontext=u:r:updater_binary:s0 tcontext=u:object_r:dev_dri_file:s0 tclass=chr_file permissive=0
255# avc: denied { ioctl } for pid=267 comm="updater" path="/dev/dri/card0" dev="tmpfs" ino=93 ioctlcmd=0x64af scontext=u:r:updater_binary:s0 tcontext=u:object_r:dev_dri_file:s0 tclass=chr_file permissive=0
256allowxperm updater_binary dev_dri_file:chr_file ioctl { 0x6409 0x64af };
257
258allow updater_binary updater_block_file:blk_file { read write open map getattr ioctl };
259allowxperm updater_binary updater_block_file:blk_file ioctl { 0x1277 };
260
261allow updater_binary data_updater_file:file { execute execute_no_trans };
262allow updater_binary samain_exec:file { read };
263
264# avc:  denied  { map } for  pid=217 comm="updater_binary" name="u:object_r:update_updater_param:s0" dev="tmpfs" ino=81 scontext=u:r:updater_binary:s0 tcontext=u:object_r:update_updater_param:s0 tclass=file permissive=0
265# avc:  denied  { open } for  pid=217 comm="updater_binary" name="u:object_r:update_updater_param:s0" dev="tmpfs" ino=81 scontext=u:r:updater_binary:s0 tcontext=u:object_r:update_updater_param:s0 tclass=file permissive=0
266# avc:  denied  { read } for  pid=217 comm="updater_binary" name="u:object_r:update_updater_param:s0" dev="tmpfs" ino=81 scontext=u:r:updater_binary:s0 tcontext=u:object_r:update_updater_param:s0 tclass=file permissive=0
267allow updater_binary update_updater_param:file { map open read };
268')
269allow updater_binary self:xpm { exec_no_sign };
270