1# Copyright (c) 2022-2023 Huawei Device Co., Ltd. 2# Licensed under the Apache License, Version 2.0 (the "License"); 3# you may not use this file except in compliance with the License. 4# You may obtain a copy of the License at 5# 6# http://www.apache.org/licenses/LICENSE-2.0 7# 8# Unless required by applicable law or agreed to in writing, software 9# distributed under the License is distributed on an "AS IS" BASIS, 10# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11# See the License for the specific language governing permissions and 12# limitations under the License. 13 14allow accessibility data_app_el1_file:dir { search }; 15allow accessibility data_app_el1_file:file { getattr open read }; 16allow accessibility data_app_file:dir { search }; 17allow accessibility data_file:dir { search }; 18allow accessibility data_service_el1_file:dir { add_name getattr remove_name search write }; 19allow accessibility data_service_el1_file:file { create getattr ioctl open read rename setattr unlink write }; 20allow accessibility data_service_file:dir { search }; 21allow accessibility dev_unix_socket:dir { search }; 22allow accessibility foundation:binder { call transfer }; 23allow accessibility multimodalinput:binder { call }; 24allow accessibility multimodalinput:fd { use }; 25allow accessibility multimodalinput:unix_stream_socket { read write }; 26allow accessibility normal_hap_attr:binder { call }; 27allow accessibility param_watcher:binder { call transfer }; 28allow accessibility system_basic_hap_attr:binder { call }; 29allow accessibility system_bin_file:dir { search }; 30allow accessibility system_core_hap_attr:binder { call }; 31allow accessibility system_usr_file:dir { search }; 32allow accessibility system_usr_file:file { getattr map open read }; 33allow accessibility tracefs:dir { search }; 34allow accessibility tracefs_trace_marker_file:file { open write }; 35allow accessibility vendor_lib_file:dir { search }; 36allow accessibility vendor_lib_file:file { execute getattr map open read }; 37allow accessibility sa_foundation_abilityms:samgr_class { get }; 38allow accessibility kernel:unix_stream_socket { connectto }; 39allow accessibility paramservice_socket:sock_file { write }; 40allow accessibility accessibility_param:parameter_service { set }; 41allow accessibility persist_sys_param:parameter_service { set }; 42allow accessibility sa_powermgr_displaymgr_service:samgr_class { get }; 43binder_call(accessibility, powermgr); 44allowxperm accessibility data_service_el1_file:file ioctl { 0x5413 }; 45 46allow accessibility accessibility_param:file { map open read }; 47allow accessibility audio_server:binder { call transfer }; 48 49allow accessibility sa_resource_schedule:samgr_class { get }; 50allow accessibility sys_prod_file:dir { search }; 51allow accessibility data_storage:dir { search }; 52 53allow accessibility distributeddata:binder { call }; 54allow accessibility distributeddata:fd { use }; 55allow distributeddata accessibility:binder { transfer }; 56allow accessibility sa_distributeddata_service:samgr_class { get }; 57allow accessibility render_service:fd { use }; 58allow accessibility render_service:unix_stream_socket { read write }; 59allow accessibility dev_mali:chr_file { getattr ioctl map open read write }; 60allowxperm accessibility dev_mali:chr_file ioctl { 0x8000 0x8001 0x8002 0x8003 0x8005 0x8006 0x8007 0x800e 0x800f 0x8011 0x8016 0x8018 0x8019 0x801d 0x801e 0x8026 }; 61allow render_service accessibility:fd { use }; 62allow composer_host accessibility:fd { use }; 63allow accessibility allocator_host:fd { use }; 64allow accessibility resource_schedule_service:binder { call transfer }; 65allow accessibility sysfs_devices_system_cpu:dir { read open }; 66