# Copyright (c) 2021-2023 Huawei Device Co., Ltd.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

common file
{
    ioctl
    read
    write
    create
    getattr
    setattr
    lock
    relabelfrom
    relabelto
    append
    map
    unlink
    link
    rename
    execute
    quotaon
    mounton
    audit_access
    open
    execmod
    watch
    watch_mount
    watch_sb
    watch_with_perm
    watch_reads
}
common socket
{
    ioctl
    read
    write
    create
    getattr
    setattr
    lock
    relabelfrom
    relabelto
    append
    map
    bind
    connect
    listen
    accept
    getopt
    setopt
    shutdown
    recvfrom
    sendto
    name_bind
}
common ipc
{
    create
    destroy
    getattr
    setattr
    read
    write
    associate
    unix_read
    unix_write
}
common cap
{
    chown
    dac_override
    dac_read_search
    fowner
    fsetid
    kill
    setgid
    setuid
    setpcap
    linux_immutable
    net_bind_service
    net_broadcast
    net_admin
    net_raw
    ipc_lock
    ipc_owner
    sys_module
    sys_rawio
    sys_chroot
    sys_ptrace
    sys_pacct
    sys_admin
    sys_boot
    sys_nice
    sys_resource
    sys_time
    sys_tty_config
    mknod
    lease
    audit_write
    audit_control
    setfcap
}
common cap2
{
    mac_override
    mac_admin
    syslog
    wake_alarm
    block_suspend
    audit_read
    checkpoint_restore
    perfmon
    bpf
}
class filesystem
{
    mount
    remount
    unmount
    getattr
    relabelfrom
    relabelto
    associate
    quotamod
    quotaget
    watch
}
class dir
inherits file
{
    add_name
    remove_name
    reparent
    search
    rmdir
}
class file
inherits file
{
    execute_no_trans
    entrypoint
}
class lnk_file
inherits file
class chr_file
inherits file
{
    execute_no_trans
    entrypoint
}
class blk_file
inherits file
class sock_file
inherits file
class fifo_file
inherits file
class fd
{
    use
}
class socket
inherits socket
class tcp_socket
inherits socket
{
    node_bind
    name_connect
}
class udp_socket
inherits socket
{
    node_bind
}
class rawip_socket
inherits socket
{
    node_bind
}
class node
{
    recvfrom
    sendto
}
class netif
{
    ingress
    egress
}
class netlink_socket
inherits socket
class packet_socket
inherits socket
class key_socket
inherits socket
class unix_stream_socket
inherits socket
{
    connectto
}
class unix_dgram_socket
inherits socket
class process
{
    fork
    transition
    sigchld
    sigkill
    sigstop
    signull
    signal
    ptrace
    getsched
    setsched
    getsession
    getpgid
    setpgid
    getcap
    setcap
    share
    getattr
    setexec
    setfscreate
    noatsecure
    siginh
    setrlimit
    rlimitinh
    dyntransition
    setcurrent
    execmem
    execstack
    execheap
    setkeycreate
    setsockcreate
    getrlimit
}
class process2
{
    nnp_transition
    nosuid_transition
}
class ipc
inherits ipc
class sem
inherits ipc
class msgq
inherits ipc
{
    enqueue
}
class msg
{
    send
    receive
}
class shm
inherits ipc
{
    lock
}
class security
{
    compute_av
    compute_create
    compute_member
    check_context
    load_policy
    compute_relabel
    compute_user
    setenforce
    setbool
    setsecparam
    setcheckreqprot
    read_policy
    validate_trans
}
class system
{
    ipc_info
    syslog_read
    syslog_mod
    syslog_console
    module_request
    module_load
}
class capability
inherits cap
class capability2
inherits cap2
class netlink_route_socket
inherits socket
{
    nlmsg_read
    nlmsg_write
    nlmsg_readpriv
}
class netlink_tcpdiag_socket
inherits socket
{
    nlmsg_read
    nlmsg_write
}
class netlink_nflog_socket
inherits socket
class netlink_xfrm_socket
inherits socket
{
    nlmsg_read
    nlmsg_write
}
class netlink_selinux_socket
inherits socket
class netlink_audit_socket
inherits socket
{
    nlmsg_read
    nlmsg_write
    nlmsg_relay
    nlmsg_readpriv
    nlmsg_tty_audit
}
class netlink_dnrt_socket
inherits socket
class association
{
    sendto
    recvfrom
    setcontext
    polmatch
}
class netlink_kobject_uevent_socket
inherits socket
class appletalk_socket
inherits socket
class packet
{
    send
    recv
    relabelto
    forward_in
    forward_out
}
class key
{
    view
    read
    write
    search
    link
    setattr
    create
}
class dccp_socket
inherits socket
{
    node_bind
    name_connect
}
class memprotect
{
    mmap_zero
}
class peer
{
    recv
}
class kernel_service
{
    use_as_override
    create_files_as
}
class tun_socket
inherits socket
{
    attach_queue
}
class binder
{
    impersonate
    call
    set_context_mgr
    transfer
}
class netlink_iscsi_socket
inherits socket
class netlink_fib_lookup_socket
inherits socket
class netlink_connector_socket
inherits socket
class netlink_netfilter_socket
inherits socket
class netlink_generic_socket
inherits socket
class netlink_scsitransport_socket
inherits socket
class netlink_rdma_socket
inherits socket
class netlink_crypto_socket
inherits socket
class infiniband_pkey
{
    access
}
class infiniband_endport
{
    manage_subnet
}
class cap_userns
inherits cap
class cap2_userns
inherits cap2
class sctp_socket
inherits socket
{
    node_bind
    name_connect
    association
}
class icmp_socket
inherits socket
{
    node_bind
}
class ax25_socket
inherits socket
class ipx_socket
inherits socket
class netrom_socket
inherits socket
class atmpvc_socket
inherits socket
class x25_socket
inherits socket
class rose_socket
inherits socket
class decnet_socket
inherits socket
class atmsvc_socket
inherits socket
class rds_socket
inherits socket
class irda_socket
inherits socket
class pppox_socket
inherits socket
class llc_socket
inherits socket
class can_socket
inherits socket
class tipc_socket
inherits socket
class bluetooth_socket
inherits socket
class iucv_socket
inherits socket
class rxrpc_socket
inherits socket
class isdn_socket
inherits socket
class phonet_socket
inherits socket
class ieee802154_socket
inherits socket
class caif_socket
inherits socket
class alg_socket
inherits socket
class nfc_socket
inherits socket
class vsock_socket
inherits socket
class kcm_socket
inherits socket
class qipcrtr_socket
inherits socket
class smc_socket
inherits socket
class bpf
{
    map_create
    map_read
    map_write
    prog_load
    prog_run
}
class xdp_socket
inherits socket
class parameter_service
{
    set
}
class samgr_class
{
    add
    get
    get_remote
    list
}
class hdf_devmgr_class
{
    add
    get
    list
}

class lockdown
{
    integrity
    confidentiality
}

class perf_event
{
    open
    cpu
    kernel
    tracepoint
    read
    write
}

class xpm
{
    exec_no_sign
    exec_anon_mem
    exec_in_jitfort
    exec_allow_debug_id
}

class hideaddr
{
    hide_exec_anon_mem
    hide_exec_anon_mem_debug
}

class code_sign
{
    add_cert_chain
    remove_cert_chain
}

class hmpsf
{
    map_create
    map_read
    map_write
    module_load
    module_run
}

class ced
{
    container_escape_check
}

class jit_memory
{
    exec_mem_ctrl
}

class hmcap
{
    supervsable
    pid_mem_read
    pid_mem_write
}