# Copyright (c) 2022-2023 Huawei Device Co., Ltd.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

allow netmanager accesstoken_service:binder { call };
allow netmanager fs_bpf:dir { search };
allow netmanager fs_bpf:file { read };
allow netmanager netsysnative:bpf { map_read };
allow netmanager data_data_file:dir { search };
allow netmanager data_data_file:file { open read };
allow netmanager data_file:dir { remove_name rmdir search };
allow netmanager data_init_agent:dir { search };
allow netmanager data_init_agent:file { ioctl open read append };
allow netmanager data_service_el1_file:dir { add_name create getattr ioctl lock open read remove_name search setattr unlink write rmdir };
allow netmanager data_service_el1_file:file { append create getattr ioctl lock map open read setattr unlink write };
allow netmanager data_service_file:dir { add_name create getattr ioctl lock open read remove_name search setattr unlink write };
allow netmanager data_system:dir { add_name search write };
allow netmanager data_system:file { ioctl };
allow netmanager dev_unix_socket:dir { search };
allow netmanager download_server:binder { call };
allow netmanager foundation:binder { call transfer };
allow netmanager kernel:unix_stream_socket { connectto };
allow netmanager musl_param:file { read };
allow netmanager netmanager:capability { net_admin };
allow netmanager netmanager:capability { net_raw };
allow netmanager netmanager:netlink_route_socket { create nlmsg_read nlmsg_readpriv read write };
allow netmanager netmanager:packet_socket { bind create read write };
allow netmanager netmanager:tcp_socket { connect create getattr getopt read setopt write };
allow netmanager netmanager:udp_socket { bind connect create getattr ioctl read write setopt getopt };
allow netmanager netmanager:rawip_socket { write setopt create read };
allow netmanager netmanager:unix_dgram_socket { ioctl };
allow netmanager netsysnative:binder { call };
allow netmanager node:udp_socket { node_bind };
allow netmanager port:tcp_socket { name_connect };
allow netmanager port:udp_socket { name_bind };
allow netmanager system_bin_file:dir { search };
allow netmanager system_bin_file:file { execute execute_no_trans map read open };
allow netmanager toybox_exec:file { execute execute_no_trans map read open };
allow netmanager system_core_hap_attr:binder { call };
allow netmanager telephony_sa:binder { call };
allow netmanager time_service:binder { call };
allow netmanager wifi_manager_service:binder { call transfer };
allow netmanager sa_comm_net_tethering_manager_service:samgr_class { add };
allow netmanager sa_net_conn_manager:samgr_class { get };
allow netmanager sa_wifi_hotspot_ability:samgr_class { get };
allow netmanager sa_wifi_p2p_ability:samgr_class { get };
allow netmanager sa_wifi_scan_ability:samgr_class { get };
allow netmanager sa_wifi_device_ability:samgr_class { get };
allow netmanager sa_bluetooth_server:samgr_class { get };
allow netmanager bluetooth_service:binder { call transfer };
allow system_core_hap_attr sa_comm_net_tethering_manager_service:samgr_class { get };
allow netmanager kernel:system { module_request };
allow netmanager accessibility_param:file { read open map };
allow netmanager fwmark_service:sock_file { write };
allow netmanager dnsproxy_service:sock_file { write };
allow netmanager netmanager:process { setfscreate };
allow netmanager usb_service:binder { call };
allow netmanager sa_usb_service:samgr_class { get };
allow netmanager sa_telephony_tel_core_service:samgr_class { get };
allow init configfs:dir { rmdir };
allowxperm netmanager data_service_el1_file:file ioctl { 0x5413 0xf546 0xf547 };
allowxperm netmanager data_init_agent:file ioctl { 0x5413 };
allowxperm netmanager netmanager:udp_socket ioctl { 0x8910 0x8915 0x8916 0x891b 0x891c 0x8933 };
allowxperm netmanager netmanager:unix_dgram_socket ioctl { 0x8910 };
allow netsysnative netmanager:fd { use };
allow netsysnative netmanager:tcp_socket { read write bind getopt setopt connect };
allow netmanager data_service_el1_file:file { rename };
allow netmanager sa_foundation_appms:samgr_class { get };

allow netmanager sa_comm_vpn_manager_service:samgr_class { add };
allow netmanager dev_console_file:chr_file { read write };
allow netmanager sa_accountmgr:samgr_class { get };
allow netmanager accountmgr:binder { call };
allow accountmgr netmanager:binder { transfer };
allow netmanager sa_foundation_bms:samgr_class { get };

debug_only(`
    allow netmanager sh:binder { call };
')

allow sa_comm_ethernet_manager_service sa_comm_ethernet_manager_service:samgr_class { add get };
allow system_basic_hap_attr sa_comm_ethernet_manager_service:samgr_class { add get };
allow system_core_hap_attr sa_comm_ethernet_manager_service:samgr_class { add get };
allow netmanager updater_sa:binder { call };
allow netmanager musl_param:file { read open map };
allow netmanager distributeddata:binder { call transfer };
allow netmanager distributeddata:fd use;
allow netmanager sa_dataobs_mgr_service_service:samgr_class get;
allow netmanager sa_distributeddata_service:samgr_class get;
allow netmanager mdnsmanager:binder { call };

allow netmanager sa_netsys_ext_service:samgr_class { add get };
allow netmanager sa_distributed_net_service:samgr_class { add get };

allow netmanager wifi_hal_service:binder { transfer call };
allow netmanager sa_dhcp_client:samgr_class { add get };
allow netmanager sa_dhcp_server:samgr_class { add get };
allow netmanager sa_huks_service:samgr_class { get };
allow netmanager huks_service:binder { call };
allow netmanager dev_ashmem_file:chr_file { open };
allow netmanager foundation:fd { use };
allow netmanager proc_net:file { open write };
allow netmanager softbus_server:binder { call transfer };