# Copyright (c) 2022-2023 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. #avc: denied { use } for pid=4361 comm="com.example.web" path="/data/storage/el1/bundle/entry/resources/rawfile/vp8.webm" dev="mmcblk0p11" ino=523748 scontext=u:r:media_service:s0 tcontext=u:r:normal_hap:s0 tclass=fd permissive=1 allow media_service normal_hap_attr:fd { use }; #avc: denied { read } for pid=4361 comm="com.example.web" path="/data/storage/el1/bundle/entry/resources/rawfile/vp8.webm" dev="mmcblk0p11" ino=523748 scontext=u:r:media_service:s0 tcontext=u:object_r:data_app_el1_file:s0 tclass=file permissive=1 allow media_service data_app_el1_file:file { read }; #avc: denied { use } for pid=2169 comm="com.example.web" path="/dmabuf:" dev="dmabuf" ino=523748 scontext=u:r:media_service:s0 tcontext=u:object_r:allocator_host:s0 tclass=fd permissive=1 allow media_service allocator_host:fd { use }; #avc: denied { write } for pid=464 comm="task3" name="dnsproxyd" dev="tmpfs" ino=376 scontext=u:r:media_service:s0 tcontext=u:object_r:dev_file:s0 tclass=sock_file permissive=0 allow media_service dev_file:sock_file { write }; #avc: denied { bind } for pid=474 comm="task3" scontext=u:r:media_service:s0 tcontext=u:r:media_service:s0 tclass=udp_socket permissive=1 #avc: denied { write } for pid=474 comm="task3" lport=40461 scontext=u:r:media_service:s0 tcontext=u:r:media_service:s0 tclass=udp_socket permissive=1 #avc: denied { read } for pid=474 comm="task3" lport=40461 scontext=u:r:media_service:s0 tcontext=u:r:media_service:s0 tclass=udp_socket permissive=1 #avc: denied { connect } for pid=474 comm="task3" scontext=u:r:media_service:s0 tcontext=u:r:media_service:s0 tclass=udp_socket permissive=1 #avc: denied { getattr } for pid=474 comm="task3" laddr=7.247.195.86 lport=33376 faddr=183.2.193.238 fport=65535 scontext=u:r:media_service:s0 tcontext=u:r:media_service:s0 tclass=udp_socket permissive=1 allow media_service media_service:udp_socket { bind write read connect getattr }; #avc: denied { connectto } for pid=474 comm="task3" path="/dev/dnsproxyd" scontext=u:r:media_service:s0 tcontext=u:r:netsysnative:s0 tclass=unix_stream_socket permissive=1 allow media_service netsysnative:unix_stream_socket { connectto }; #avc: denied { node_bind } for pid=474 comm="task3" scontext=u:r:media_service:s0 tcontext=u:object_r:node:s0 tclass=udp_socket permissive=1 allow media_service node:udp_socket { node_bind }; #avc: denied { getopt } for pid=474 comm="task3" laddr=7.247.195.86 lport=35616 faddr=49.7.37.71 fport=443 scontext=u:r:media_service:s0 tcontext=u:r:media_service:s0 tclass=tcp_socket permissive=1 #avc: denied { getattr } for pid=474 comm="task3" laddr=7.247.195.86 lport=35616 faddr=49.7.37.71 fport=443 scontext=u:r:media_service:s0 tcontext=u:r:media_service:s0 tclass=tcp_socket permissive=1 #avc: denied { write } for pid=474 comm="task3" path="socket:[31752]" dev="sockfs" ino=31752 scontext=u:r:media_service:s0 tcontext=u:r:media_service:s0 tclass=tcp_socket permissive=1 #avc: denied { read } for pid=474 comm="task3" path="socket:[31752]" dev="sockfs" ino=31752 scontext=u:r:media_service:s0 tcontext=u:r:media_service:s0 tclass=tcp_socket permissive=1 allow media_service media_service:tcp_socket { getattr getopt read write };