1# Copyright (c) 2022-2023 Huawei Device Co., Ltd. 2# Licensed under the Apache License, Version 2.0 (the "License"); 3# you may not use this file except in compliance with the License. 4# You may obtain a copy of the License at 5# 6# http://www.apache.org/licenses/LICENSE-2.0 7# 8# Unless required by applicable law or agreed to in writing, software 9# distributed under the License is distributed on an "AS IS" BASIS, 10# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11# See the License for the specific language governing permissions and 12# limitations under the License. 13 14allow media_service accesstoken_service:binder { call }; 15allow media_service bootanimation:binder { call transfer }; 16allow media_service bootevent_param:file { map open read }; 17allow media_service bootevent_samgr_param:file { map open read }; 18allow media_service build_version_param:file { map open read }; 19allow media_service const_allow_mock_param:file { map open read }; 20allow media_service const_allow_param:file { map open read }; 21allow media_service const_build_param:file { map open read }; 22allow media_service const_display_brightness_param:file { map open read }; 23allow media_service const_param:file { map open read }; 24allow media_service const_postinstall_fstab_param:file { map open read }; 25allow media_service const_postinstall_param:file { map open read }; 26allow media_service const_product_param:file { map open read }; 27allow media_service data_app_el1_file:file { getattr }; 28allow media_service data_data_file:dir { search }; 29allow media_service data_file:dir { search }; 30allow media_service data_media:dir { search }; 31allow media_service data_service_el2_hmdfs:file { getattr read write }; 32allow media_service debug_param:file { map open read }; 33allow media_service default_param:file { map open read }; 34allow media_service dev_ashmem_file:chr_file { open }; 35allow media_service dev_dri_file:chr_file { getattr ioctl open read write }; 36allow media_service dev_dri_file:dir { search }; 37allow media_service dev_unix_socket:dir { search }; 38allow media_service dhardware:binder { call transfer }; 39allow media_service allocator_host:binder { call }; 40allow media_service allocator_host:fd { use }; 41allow media_service distributedsche_param:file { map open read }; 42allow media_service dscreen:binder { call transfer }; 43allow media_service hdf_devmgr:binder { call }; 44allow media_service hdf_allocator_service:hdf_devmgr_class { get }; 45allow media_service hilog_param:file { map open read }; 46allow media_service hmdfs:file { getattr read read write }; 47allow media_service hw_sc_build_os_param:file { map open read }; 48allow media_service hw_sc_build_param:file { map open read }; 49allow media_service hw_sc_param:file { map open read }; 50allow media_service init_param:file { map open read }; 51allow media_service init_svc_param:file { map open read }; 52allow media_service init:unix_stream_socket { connectto }; 53allow media_service input_pointer_device_param:file { map open read }; 54allow media_service media_service:unix_dgram_socket { getopt setopt }; 55allow media_service native_socket:sock_file { write }; 56allow media_service net_param:file { map open read }; 57allow media_service net_tcp_param:file { map open read }; 58allow media_service normal_hap_attr:binder { call transfer }; 59allow media_service ohos_boot_param:file { map open read }; 60allow media_service ohos_param:file { map open read }; 61allow media_service audio_server:unix_stream_socket { connectto }; 62allow media_service param_watcher:binder { call transfer }; 63allow media_service persist_param:file { map open read }; 64allow media_service persist_sys_param:file { map open read }; 65allow media_service proc_file:file { open read }; 66allow media_service render_service:binder { call }; 67allow media_service sa_accesstoken_manager_service:samgr_class { get }; 68allow media_service sa_device_service_manager:samgr_class { get }; 69allow media_service sa_media_service:samgr_class { add }; 70allow media_service sa_param_watcher:samgr_class { get }; 71allow media_service security_param:file { map open read }; 72allow media_service startup_param:file { map open read }; 73allow media_service sys_param:file { map open read }; 74allow media_service system_basic_hap_attr:binder { call transfer }; 75allow media_service system_bin_file:dir { search }; 76allow media_service system_core_hap_attr:binder { call transfer }; 77allow media_service system_core_hap_attr:fd { use }; 78allow media_service system_lib_file:dir { open read }; 79allow media_service sys_usb_param:file { map open read }; 80allow media_service tracefs:dir { search }; 81allow media_service tracefs_trace_marker_file:file { open write }; 82allowxperm media_service dev_dri_file:chr_file ioctl { 0x641f }; 83allow media_service sys_prod_file:dir { search }; 84allow media_service chip_prod_file:dir { search }; 85allow media_service vendor_etc_file:dir { search }; 86allow media_service sys_prod_file:file { map open read getattr }; 87allow media_service chip_prod_file:file { map open read getattr }; 88allow media_service vendor_etc_file:file { map open read getattr }; 89allow media_service system_file:file { map open read getattr }; 90allow media_service data_app_el1_file:file { map open read getattr }; 91allow media_service sa_memory_manager_service:samgr_class { get }; 92allow media_service memmgrservice:binder { call transfer }; 93