1# Copyright (c) 2023 Huawei Device Co., Ltd. 2# Licensed under the Apache License, Version 2.0 (the "License"); 3# you may not use this file except in compliance with the License. 4# You may obtain a copy of the License at 5# 6# http://www.apache.org/licenses/LICENSE-2.0 7# 8# Unless required by applicable law or agreed to in writing, software 9# distributed under the License is distributed on an "AS IS" BASIS, 10# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11# See the License for the specific language governing permissions and 12# limitations under the License. 13 14developer_only(` 15(allow sh aa (process (transition siginh rlimitinh))) 16(allow sh aa_exec (file (ioctl read getattr map execute open))) 17(allow sh bm (process (transition siginh rlimitinh))) 18(allow sh bm_exec (file (ioctl read getattr map execute open))) 19(allow sh bytrace (process (transition siginh rlimitinh))) 20(allow sh bytrace_exec (file (ioctl read getattr map execute open))) 21(allow sh data_file (dir (getattr search))) 22(allow sh data_hilogd_file (dir (ioctl read getattr lock open watch watch_reads search))) 23(allow sh data_hilogd_file (file (ioctl read getattr lock map open watch watch_reads))) 24(allow sh data_local (dir (ioctl read getattr lock open watch watch_reads search))) 25(allow sh data_local_tmp (dir (ioctl read write create getattr setattr lock rename open watch watch_reads add_name remove_name reparent search rmdir))) 26(allow sh data_local_tmp (file (execute execute_no_trans ioctl read write create getattr setattr lock append map unlink rename open watch watch_reads))) 27(allow sh debug_param (file (read map open))) 28(allow sh dev_console_file (chr_file (read write getattr))) 29(allow sh dev_file (dir (search))) 30(allow sh dev_null_file (chr_file (read write open))) 31(allow sh dev_parameters_file (dir (search))) 32(allow sh dev_parameters_file (file (ioctl read getattr lock map open watch watch_reads))) 33(allow sh dev_unix_file (dir (search))) 34(allow sh dev_unix_socket (dir (search))) 35(allow sh developtools_hdc_control_param (file (read map open))) 36(allow sh devpts (chr_file (ioctl read write getattr))) 37(allow sh domain (dir (getattr search))) 38(allow sh domain (file (read open))) 39(allow sh domain (process (getattr))) 40(allow sh etc_file (lnk_file (read))) 41(allow sh hdcd (fd (use))) 42(allow sh hdcd (fifo_file (ioctl read write))) 43(allow sh hdcd (unix_stream_socket (read write))) 44(allow sh hidumper (process (transition siginh rlimitinh))) 45(allow sh hidumper_exec (file (ioctl read getattr map execute open))) 46(allow sh hilog_control_socket (sock_file (write))) 47(allow sh hilog_exec (file (read getattr map execute open execute_no_trans))) 48(allow sh hilog_input_socket (sock_file (write))) 49(allow sh hilog_output_socket (sock_file (write))) 50(allow sh hilog_param (file (read map open))) 51(allow sh hilog_param (parameter_service (set))) 52(allow sh hilogd (unix_dgram_socket (sendto))) 53(allow sh hilogd (unix_stream_socket (connectto))) 54(allow sh hiperf (process (transition siginh rlimitinh))) 55(allow sh hiperf_exec (file (ioctl read getattr map execute open))) 56(allow sh hiprofiler_cmd (process (transition siginh rlimitinh))) 57(allow sh hiprofiler_cmd_exec (file (ioctl read getattr map execute open))) 58(allow sh hisysevent (process (transition siginh rlimitinh))) 59(allow sh hisysevent_exec (file (ioctl read getattr map execute open))) 60(allow sh hitrace (process (transition siginh rlimitinh))) 61(allow sh hitrace_exec (file (ioctl read getattr map execute open))) 62(allow sh kernel (unix_stream_socket (connectto))) 63(allow sh lib_file (lnk_file (read))) 64(allow sh paramservice_socket (sock_file (write))) 65(allow sh proc_file (dir (read getattr open search))) 66(allow sh proc_file (lnk_file (read))) 67(allow sh processdump (process (transition sigchld share siginh rlimitinh))) 68(allow sh processdump_exec (file (ioctl read getattr map execute open))) 69(allow sh rootfs (dir (search))) 70(allow sh rootfs (lnk_file (read))) 71(allow sh self (dir (ioctl read getattr lock open watch watch_reads search))) 72(allow sh self (fd (use))) 73(allow sh self (fifo_file (ioctl read write getattr lock append map open watch watch_reads))) 74(allow sh self (file (ioctl read write getattr lock append map open watch watch_reads))) 75(allow sh self (lnk_file (ioctl read getattr lock map open watch watch_reads))) 76(allow sh self (process (fork sigchld sigkill sigstop signull signal getsched setsched getsession getpgid setpgid getcap setcap getattr setrlimit))) 77(allow sh self (unix_dgram_socket (write create connect))) 78(allow sh self (unix_stream_socket (read write create connect setopt))) 79(allow sh selinuxfs (filesystem (getattr))) 80(allow sh servicectrl_reboot_param (parameter_service (set))) 81(allow sh sh_exec (file (read getattr map execute open entrypoint))) 82(allow sh sys_file (dir (search))) 83(allow sh system_bin_file (dir (read getattr open search))) 84(allow sh system_bin_file (file (read getattr map execute open execute_no_trans))) 85(allow sh system_bin_file (lnk_file (read))) 86(allow sh system_etc_file (dir (search))) 87(allow sh system_etc_file (file (read getattr open))) 88(allow sh system_file (dir (search))) 89(allow sh system_lib_file (file (read getattr map execute open))) 90(allow sh tty_device (chr_file (ioctl read write getattr open))) 91(allow sh vendor_lib_file (dir (search))) 92(allow sh time_param (file (read map open))) 93(allow sh vendor_file (dir (search))) 94(allow sh system_lib_file (dir (search))) 95(allow sh hichecker_writable_param (parameter_service (set))) 96(allow sh arkui_param (parameter_service (set))) 97(allow sh devinfo_public_param (file (map open read))) 98(allow sh ark_profile (parameter_service (set))) 99(allow sh ark_writeable_param (parameter_service (set))) 100 101(allow sh SP_daemon (process (transition siginh rlimitinh))) 102(allow sh SP_daemon_exec (file (ioctl read getattr map execute open))) 103(allow sh atm (process (transition siginh rlimitinh))) 104(allow sh atm_exec (file (ioctl read getattr map execute open))) 105(allow sh uitest (process (transition siginh rlimitinh sigkill))) 106(allow sh uitest_exec (file (ioctl read getattr map execute open))) 107(allow sh wukong (process (transition siginh rlimitinh))) 108(allow sh wukong_exec (file (ioctl read getattr map execute open))) 109(allow sh snapshot_display (process (siginh transition rlimitinh getattr))) 110(allow sh snapshot_display_exec (file (read map execute getattr open ioctl))) 111(allow sh uinput (process (transition rlimitinh siginh getattr))) 112(allow sh uinput_exec (file (open map getattr ioctl read execute))) 113(allow sh lldb_server_file (dir (create setattr getattr add_name open write remove_name read search rmdir))) 114(allow sh lldb_server_file (file (open unlink create write setattr read getattr append))) 115(allow sh power_shell (process (transition siginh rlimitinh getattr))) 116(allow sh power_shell_exec (file (open map read ioctl execute getattr))) 117(allow sh power_shell (lnk_file (read))) 118(allow sh system_file (dir (search))) 119(allow sh system_fonts_file (dir (getattr search read open))) 120(allow sh system_fonts_file (file (getattr read open))) 121') 122