# Copyright (c) 2021-2022 Huawei Device Co., Ltd.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

init_daemon_domain(ueventd);
allow ueventd dev_media_file:chr_file { getattr setattr unlink};
allow ueventd dev_video_file:chr_file { getattr setattr unlink};
allow ueventd musl_param:file { read };

allow ueventd accessibility_param:file { map open read };
allow ueventd bootevent_param:file { map open read };
allow ueventd bootevent_samgr_param:file { map open read };
allow ueventd build_version_param:file { map open read };
allow ueventd const_allow_mock_param:file { map open read };
allow ueventd const_allow_param:file { map open read };
allow ueventd const_build_param:file { map open read };
allow ueventd const_display_brightness_param:file { map open read };
allow ueventd const_param:file { map open read };
allow ueventd const_postinstall_fstab_param:file { map open read };
allow ueventd const_postinstall_param:file { map open read };
allow ueventd const_product_param:file { map open read };
allow ueventd debug_param:file { map open read };
allow ueventd default_param:file { map open read };
allow ueventd dev_ashmem_file:chr_file { relabelto };
allow ueventd dev_at_file:chr_file { relabelto };
allow ueventd dev_bbox:chr_file { relabelto };
allow ueventd dev_binder_file:chr_file { getattr setattr };
allow ueventd dev_block_file:blk_file { create getattr relabelto setattr };
allow ueventd dev_block_file:dir { add_name getattr search write };
allow ueventd dev_block_file:lnk_file { create };
allow ueventd dev_block_volfile:blk_file { create getattr relabelfrom setattr };
allow ueventd dev_block_volfile:dir { add_name getattr search write };
allow ueventd dev_bus:dir { getattr relabelto search };
allow ueventd dev_bus_usb_file:chr_file { create getattr relabelto setattr unlink };
allow ueventd dev_bus_usb_file:dir { add_name create getattr relabelto remove_name search write };
allow ueventd dev_console_file:chr_file { relabelto };
allow ueventd dev_cpu_dma_latency_file:chr_file { relabelto };
allow ueventd dev_dev_cec0:chr_file { relabelto };
allow ueventd dev_dma_heap_file:chr_file { create getattr relabelto setattr };
allow ueventd dev_dma_heap_file:dir { add_name getattr relabelto search write };
allow ueventd dev_dri_file:chr_file { create getattr relabelto setattr };
allow ueventd dev_dri_file:dir { add_name getattr relabelto search write };
allow ueventd dev_file:chr_file { create getattr relabelfrom setattr unlink };
allow ueventd dev_mapper_control_file:chr_file { create getattr relabelfrom setattr unlink };
allow ueventd dev_file:dir { add_name create getattr relabelfrom write remove_name };
allow ueventd dev_file:file { create read write open };
allow ueventd dev_full:chr_file { relabelto };
allow ueventd dev_fuse_file:chr_file { relabelto };
allow ueventd dev_gpiochip:chr_file { relabelto };
allow ueventd dev_graphics_file:chr_file { relabelto };
allow ueventd dev_graphics_file:dir { getattr relabelto search };
allow ueventd dev_hdf_audio_capture:chr_file { relabelto };
allow ueventd dev_hdf_audio_codec_primary:chr_file { relabelto };
allow ueventd dev_hdf_audio_codec_hdmi:chr_file { getattr open read write };
allow ueventd dev_hdf_audio_control:chr_file { relabelto };
allow ueventd dev_hdf_audio_render:chr_file { relabelto };
allow ueventd dev_hdf_bl:chr_file { relabelto };
allow ueventd dev_hdf_disp:chr_file { relabelto };
allow ueventd dev_hdf_file:chr_file { relabelto };
allow ueventd dev_hdf_i2c_mgr:chr_file { relabelto };
allow ueventd dev_hdf_input:chr_file { relabelto getattr setattr unlink };
allow ueventd dev_hdf_kevent:chr_file { relabelto };
allow ueventd dev_hdf_light:chr_file { relabelto };
allow ueventd dev_hdf_misc_vibrator:chr_file { relabelto };
allow ueventd dev_hdf_sensor_mgr:chr_file { relabelto };
allow ueventd dev_hdf_test:chr_file { relabelto };
allow ueventd dev_hdf_usb_pnp:chr_file { relabelto };
allow ueventd dev_hdmi_hdcp1x:chr_file { relabelto };
allow ueventd dev_xpm:chr_file { relabelto };
allow ueventd dev_hwbinder_file:chr_file { relabelto };
allow ueventd dev_hwrng:chr_file { relabelto };
allow ueventd dev_i2c:chr_file { relabelto };
allow ueventd dev_i2c_test:chr_file { relabelto };
allow ueventd dev_iio_file:chr_file { relabelto };
allow ueventd dev_input_file:chr_file { create getattr relabelto setattr unlink };
allow ueventd dev_input_file:dir { add_name getattr relabelto search write remove_name };
allow ueventd dev_kmsg_file:chr_file { getattr open setattr write };
allow ueventd dev_loop_control_file:chr_file { relabelto };
allow ueventd dev_mali:chr_file { relabelto };
allow ueventd dev_media_file:chr_file { relabelto };
allow ueventd dev_mem:chr_file { relabelto };
allow ueventd dev_mgr_file:chr_file { relabelto };
allow ueventd dev_mpp:chr_file { relabelto };
allow ueventd dev_null_file:chr_file { setattr };
allow ueventd dev_pm_test:chr_file { relabelto };
allow ueventd dev_port:chr_file { relabelto };
allow ueventd dev_ptmx:chr_file { relabelto };
allow ueventd dev_ptp:chr_file { relabelto };
allow ueventd dev_random_file:chr_file { setattr };
allow ueventd dev_rfkill:chr_file { relabelto };
allow ueventd dev_rga:chr_file { relabelto };
allow ueventd dev_rpmb_file:chr_file { relabelto };
allow ueventd dev_rtc_file:chr_file { relabelto };
allow ueventd dev_sample_svc:chr_file { relabelto };
allow ueventd dev_sched_rtg_ctrl:chr_file { relabelto };
allow ueventd dev_snapshot:chr_file { relabelto };
allow ueventd dev_svc_mgr_file:chr_file { relabelto };
allow ueventd dev_sw_sync:chr_file { relabelto };
allow ueventd dev_tee_file:chr_file { relabelto };
allow ueventd dev_ubi_file:chr_file { relabelto };
allow ueventd dev_uhid_file:chr_file { relabelto };
allow ueventd dev_tun_file:chr_file { relabelto };
allow ueventd dev_uinput:chr_file { relabelto };
allow ueventd dev_unix_socket:dir { search };
allow ueventd dev_vcs_file:chr_file { relabelto };
allow ueventd dev_v_file:chr_file { relabelto };
allow ueventd dev_vhci_file:chr_file { relabelto };
allow ueventd dev_video_file:chr_file { relabelto };
allow ueventd dev_vndbinder_file:chr_file { relabelto };
allow ueventd dev_watchdog_file:chr_file { relabelto };
allow ueventd dev_zero_file:chr_file { relabelto };
allow ueventd distributedsche_param:file { map open read };
allow ueventd hilog_param:file { map open read };
allow ueventd hw_sc_build_os_param:file { map open read };
allow ueventd hw_sc_build_param:file { map open read };
allow ueventd hw_sc_param:file { map open read };
allow ueventd init:netlink_kobject_uevent_socket { getopt };
allow ueventd init_param:file { map open read };
allow ueventd init_svc_param:file { map open read };
allow ueventd input_pointer_device_param:file { map open read };
allow ueventd net_param:file { map open read };
allow ueventd net_tcp_param:file { map open read };
allow ueventd ohos_boot_param:file { map open read };
allow ueventd ohos_param:file { map open read };
allow ueventd persist_param:file { map open read };
allow ueventd persist_sys_param:file { map open read };
allow ueventd proc_cmdline_file:file { open read };
allow ueventd security_param:file { map open read };
allow ueventd startup_param:file { map open read };
allow ueventd sys_file:dir { open read };
allow ueventd sys_file:file { open write };
allow ueventd sysfs_gadget_usb:dir { open read };
allow ueventd sysfs_block_file:dir { open read };
allow ueventd sysfs_block_file:file { open write };
allow ueventd sysfs_block_loop:dir { open read };
allow ueventd sysfs_block_loop:file { open write };
allow ueventd sysfs_block_zram:dir { open read };
allow ueventd sysfs_block_zram:file { open write };
allow ueventd sysfs_devices_system_cpu:dir { open read };
allow ueventd sysfs_devices_system_cpu:file { open write };
allow ueventd sysfs_extcon:dir { open read };
allow ueventd sysfs_leds:dir { open read };
allow ueventd sysfs_net:dir { open read };
allow ueventd sysfs_net:file { open write };
allow ueventd sysfs_rtc:dir { open read };
allow ueventd sysfs_wakeup:dir { open read };
allow ueventd sysfs_wakeup:file { open write };
allow ueventd sys_param:file { map open read };
allow ueventd system_bin_file:dir { search };
allow ueventd sys_usb_param:file { map open read };
allow ueventd tmpfs:dir { relabelfrom write };
allow ueventd tty_device:chr_file { getattr relabelto setattr };
allow ueventd ueventd:capability { chown fowner fsetid mknod setgid net_admin dac_override };
allow ueventd ueventd:netlink_kobject_uevent_socket { create setopt bind read };
allow ueventd vendor_etc_file:dir { search };
allow ueventd init:unix_dgram_socket { read write };
allow ueventd paramservice_socket:sock_file { write };
allow ueventd kernel:unix_stream_socket { connectto };
allow ueventd dev_block_file:blk_file { relabelfrom };
allow ueventd dev_block_file:lnk_file { relabelfrom getattr };
allow ueventd dev_block_file:dir { open read };
allow ueventd dev_block_volfile:lnk_file { setattr getattr relabelfrom};

# for hyperhold
allow ueventd zram_device:blk_file { relabelto getattr setattr };

# avc:  denied  { getattr } for  pid=250 comm="ueventd" path="/dev/block/mmcblk0p2" dev="tmpfs" ino=35 scontext=u:r:ueventd:s0 tcontext=u:object_r:updater_block_file:s0 tclass=blk_file permissive=0
# avc:  denied  { relabelfrom } for  pid=250 comm="ueventd" name="mmcblk0p2" dev="tmpfs" ino=35 scontext=u:r:ueventd:s0 tcontext=u:object_r:updater_block_file:s0 tclass=blk_file permissive=0
# avc:  denied  { setattr } for  pid=250 comm="ueventd" name="mmcblk0p2" dev="tmpfs" ino=35 scontext=u:r:ueventd:s0 tcontext=u:object_r:updater_block_file:s0 tclass=blk_file permissive=0
# avc:  denied  { relabelto } for  pid=245 comm="ueventd" name="mmcblk0p2" dev="tmpfs" ino=35 scontext=u:r:ueventd:s0 tcontext=u:object_r:updater_block_file:s0 tclass=blk_file permissive=1
allow ueventd updater_block_file:blk_file { getattr relabelfrom setattr relabelto };

# avc:  denied  { getattr } for  pid=242 comm="ueventd" path="/dev/block/mmcblk0p2" dev="tmpfs" ino=35 scontext=u:r:ueventd:s0 tcontext=u:object_r:tmpfs:s0 tclass=blk_file permissive=0
# avc:  denied  { relabelfrom } for  pid=242 comm="ueventd" name="mmcblk0p2" dev="tmpfs" ino=35 scontext=u:r:ueventd:s0 tcontext=u:object_r:tmpfs:s0 tclass=blk_file permissive=0
# avc:  denied  { setattr } for  pid=242 comm="ueventd" name="mmcblk0p2" dev="tmpfs" ino=35 scontext=u:r:ueventd:s0 tcontext=u:object_r:tmpfs:s0 tclass=blk_file permissive=0
allow ueventd tmpfs:blk_file { getattr relabelfrom setattr };

# avc:  denied  { getattr } for  pid=245 comm="ueventd" path="/dev/block/by-name/misc" dev="tmpfs" ino=37 scontext=u:r:ueventd:s0 tcontext=u:object_r:updater_block_file:s0 tclass=lnk_file permissive=1
allow ueventd updater_block_file:lnk_file { getattr };