1# Copyright (c) 2022-2023 Huawei Device Co., Ltd. 2# Licensed under the Apache License, Version 2.0 (the License); 3# you may not use this file except in compliance with the License. 4# You may obtain a copy of the License at 5# 6# http://www.apache.org/licenses/LICENSE-2.0 7# 8# Unless required by applicable law or agreed to in writing, software 9# distributed under the License is distributed on an "AS IS" BASIS, 10# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11# See the License for the specific language governing permissions and 12# limitations under the License. 13 14#avc: denied { add } for service=941 pid=919 scontext=u:r:pinauth:s0 tcontext=u:object_r:sa_useriam_pinauth_service:s0 tclass=samgr_class permissive=1 15allow pinauth sa_useriam_pinauth_service:samgr_class { add }; 16 17#avc: denied { get } for service=3503 pid=919 scontext=u:r:pinauth:s0 tcontext=u:object_r:sa_accesstoken_manager_service:s0 tclass=samgr_class permissive=1 18allow pinauth sa_accesstoken_manager_service:samgr_class { get }; 19 20#avc: denied { get } for service=3901 pid=919 scontext=u:r:pinauth:s0 tcontext=u:object_r:sa_param_watcher:s0 tclass=samgr_class permissive=1 21allow pinauth sa_param_watcher:samgr_class { get }; 22 23#avc: denied { get } for service=931 pid=919 scontext=u:r:pinauth:s0 tcontext=u:object_r:sa_useriam_authexecutormgr_service:s0 tclass=samgr_class permissive=1 24allow pinauth sa_useriam_authexecutormgr_service:samgr_class { get }; 25 26#avc: denied { get } for service=5100 pid=919 scontext=u:r:pinauth:s0 tcontext=u:object_r:sa_device_service_manager:s0 tclass=samgr_class permissive=1 27allow pinauth sa_device_service_manager:samgr_class { get }; 28 29#avc: denied { get } for service=pin_auth_interface_service pid=919 scontext=u:r:pinauth:s0 tcontext=u:object_r:hdf_pin_auth_interface_service:s0 tclass=hdf_devmgr_class permissive=1 30allow pinauth hdf_pin_auth_interface_service:hdf_devmgr_class { get }; 31 32allow pinauth system_core_hap_attr:binder { call transfer }; 33 34allow pinauth sa_miscdevice_service:samgr_class { get }; 35allow pinauth sensors:binder { call }; 36 37allow pinauth accesstoken_service:binder { call }; 38allow pinauth bootevent_param:file { map open read }; 39allow pinauth bootevent_samgr_param:file { map open read }; 40allow pinauth build_version_param:file { map open read }; 41allow pinauth const_allow_mock_param:file { map open read }; 42allow pinauth const_allow_param:file { map open read }; 43allow pinauth const_build_param:file { map open read }; 44allow pinauth const_display_brightness_param:file { map open read }; 45allow pinauth const_param:file { map open read }; 46allow pinauth const_postinstall_fstab_param:file { map open read }; 47allow pinauth const_postinstall_param:file { map open read }; 48allow pinauth const_product_param:file { map open read }; 49allow pinauth debug_param:file { map open read }; 50allow pinauth default_param:file { map open read }; 51allow pinauth dev_unix_socket:dir { search }; 52allow pinauth distributedsche_param:file { map open read }; 53allow pinauth hdf_devmgr:binder { call transfer }; 54allow pinauth hilog_param:file { map open read }; 55allow pinauth hw_sc_build_os_param:file { map open read }; 56allow pinauth hw_sc_build_param:file { map open read }; 57allow pinauth hw_sc_param:file { map open read }; 58allow pinauth init_param:file { map open read }; 59allow pinauth init_svc_param:file { map open read }; 60allow pinauth input_pointer_device_param:file { map open read }; 61allow pinauth net_param:file { map open read }; 62allow pinauth net_tcp_param:file { map open read }; 63allow pinauth ohos_boot_param:file { map open read }; 64allow pinauth ohos_param:file { map open read }; 65allow pinauth param_watcher:binder { call transfer }; 66allow pinauth persist_param:file { map open read }; 67allow pinauth persist_sys_param:file { map open read }; 68allow pinauth pin_auth_host:binder { call transfer }; 69allow pinauth pinauth:unix_dgram_socket { getopt setopt }; 70allow pinauth security_param:file { map open read }; 71allow pinauth startup_param:file { map open read }; 72allow pinauth sys_param:file { map open read }; 73allow pinauth system_basic_hap_attr:binder { call transfer }; 74allow pinauth system_bin_file:dir { search }; 75allow pinauth sys_usb_param:file { map open read }; 76allow pinauth tracefs:dir { search }; 77allow pinauth tracefs_trace_marker_file:file { open write }; 78allow pinauth useriam:binder { call transfer }; 79allow pinauth dev_at_file:chr_file { ioctl }; 80allow pinauth useriam_fwkready_param:parameter_service { set }; 81allow pinauth useriam_config_param:file { map open read }; 82allowxperm pinauth dev_at_file:chr_file ioctl { 0x4103 }; 83allow pinauth hdf_device_manager:hdf_devmgr_class { get }; 84allow pinauth paramservice_socket:sock_file { write }; 85allow pinauth kernel:unix_stream_socket { connectto }; 86