1# Copyright (c) 2022-2023 Huawei Device Co., Ltd. 2# Licensed under the Apache License, Version 2.0 (the "License"); 3# you may not use this file except in compliance with the License. 4# You may obtain a copy of the License at 5# 6# http://www.apache.org/licenses/LICENSE-2.0 7# 8# Unless required by applicable law or agreed to in writing, software 9# distributed under the License is distributed on an "AS IS" BASIS, 10# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11# See the License for the specific language governing permissions and 12# limitations under the License. 13 14allow netmanager accesstoken_service:binder { call }; 15allow netmanager fs_bpf:dir { search }; 16allow netmanager fs_bpf:file { read }; 17allow netmanager netsysnative:bpf { map_read }; 18allow netmanager data_data_file:dir { search }; 19allow netmanager data_data_file:file { open read }; 20allow netmanager data_file:dir { remove_name rmdir search }; 21allow netmanager data_init_agent:dir { search }; 22allow netmanager data_init_agent:file { ioctl open read append }; 23allow netmanager data_service_el1_file:dir { add_name create getattr ioctl lock open read remove_name search setattr unlink write rmdir }; 24allow netmanager data_service_el1_file:file { append create getattr ioctl lock map open read setattr unlink write }; 25allow netmanager data_service_file:dir { add_name create getattr ioctl lock open read remove_name search setattr unlink write }; 26allow netmanager data_system:dir { add_name search write }; 27allow netmanager data_system:file { ioctl }; 28allow netmanager dev_unix_socket:dir { search }; 29allow netmanager download_server:binder { call }; 30allow netmanager foundation:binder { call transfer }; 31allow netmanager kernel:unix_stream_socket { connectto }; 32allow netmanager musl_param:file { read }; 33allow netmanager netmanager:capability { net_admin }; 34allow netmanager netmanager:capability { net_raw }; 35allow netmanager netmanager:netlink_route_socket { create nlmsg_read nlmsg_readpriv read write }; 36allow netmanager netmanager:packet_socket { bind create read write }; 37allow netmanager netmanager:tcp_socket { connect create getattr getopt read setopt write }; 38allow netmanager netmanager:udp_socket { bind connect create getattr ioctl read write setopt getopt }; 39allow netmanager netmanager:rawip_socket { write setopt create read }; 40allow netmanager netmanager:unix_dgram_socket { ioctl }; 41allow netmanager netsysnative:binder { call }; 42allow netmanager node:udp_socket { node_bind }; 43allow netmanager port:tcp_socket { name_connect }; 44allow netmanager port:udp_socket { name_bind }; 45allow netmanager system_bin_file:dir { search }; 46allow netmanager system_bin_file:file { execute execute_no_trans map read open }; 47allow netmanager toybox_exec:file { execute execute_no_trans map read open }; 48allow netmanager system_core_hap_attr:binder { call }; 49allow netmanager telephony_sa:binder { call }; 50allow netmanager time_service:binder { call }; 51allow netmanager wifi_manager_service:binder { call transfer }; 52allow netmanager sa_comm_net_tethering_manager_service:samgr_class { add }; 53allow netmanager sa_net_conn_manager:samgr_class { get }; 54allow netmanager sa_wifi_hotspot_ability:samgr_class { get }; 55allow netmanager sa_wifi_p2p_ability:samgr_class { get }; 56allow netmanager sa_wifi_scan_ability:samgr_class { get }; 57allow netmanager sa_wifi_device_ability:samgr_class { get }; 58allow netmanager sa_bluetooth_server:samgr_class { get }; 59allow netmanager bluetooth_service:binder { call transfer }; 60allow system_core_hap_attr sa_comm_net_tethering_manager_service:samgr_class { get }; 61allow netmanager kernel:system { module_request }; 62allow netmanager accessibility_param:file { read open map }; 63allow netmanager fwmark_service:sock_file { write }; 64allow netmanager dnsproxy_service:sock_file { write }; 65allow netmanager netmanager:process { setfscreate }; 66allow netmanager usb_service:binder { call }; 67allow netmanager sa_usb_service:samgr_class { get }; 68allow netmanager sa_telephony_tel_core_service:samgr_class { get }; 69allow init configfs:dir { rmdir }; 70allowxperm netmanager data_service_el1_file:file ioctl { 0x5413 0xf546 0xf547 }; 71allowxperm netmanager data_init_agent:file ioctl { 0x5413 }; 72allowxperm netmanager netmanager:udp_socket ioctl { 0x8910 0x8915 0x8916 0x891b 0x891c 0x8933 }; 73allowxperm netmanager netmanager:unix_dgram_socket ioctl { 0x8910 }; 74allow netsysnative netmanager:fd { use }; 75allow netsysnative netmanager:tcp_socket { read write bind getopt setopt connect }; 76allow netmanager data_service_el1_file:file { rename }; 77allow netmanager sa_foundation_appms:samgr_class { get }; 78 79allow netmanager sa_comm_vpn_manager_service:samgr_class { add }; 80allow netmanager dev_console_file:chr_file { read write }; 81allow netmanager sa_accountmgr:samgr_class { get }; 82allow netmanager accountmgr:binder { call }; 83allow accountmgr netmanager:binder { transfer }; 84allow netmanager sa_foundation_bms:samgr_class { get }; 85 86debug_only(` 87 allow netmanager sh:binder { call }; 88') 89 90allow sa_comm_ethernet_manager_service sa_comm_ethernet_manager_service:samgr_class { add get }; 91allow system_basic_hap_attr sa_comm_ethernet_manager_service:samgr_class { add get }; 92allow system_core_hap_attr sa_comm_ethernet_manager_service:samgr_class { add get }; 93allow netmanager updater_sa:binder { call }; 94allow netmanager musl_param:file { read open map }; 95allow netmanager distributeddata:binder { call transfer }; 96allow netmanager distributeddata:fd use; 97allow netmanager sa_dataobs_mgr_service_service:samgr_class get; 98allow netmanager sa_distributeddata_service:samgr_class get; 99allow netmanager mdnsmanager:binder { call }; 100 101allow netmanager sa_netsys_ext_service:samgr_class { add get }; 102allow netmanager sa_distributed_net_service:samgr_class { add get }; 103 104allow netmanager wifi_hal_service:binder { transfer call }; 105allow netmanager sa_dhcp_client:samgr_class { add get }; 106allow netmanager sa_dhcp_server:samgr_class { add get }; 107allow netmanager sa_huks_service:samgr_class { get }; 108allow netmanager huks_service:binder { call }; 109allow netmanager dev_ashmem_file:chr_file { open }; 110allow netmanager foundation:fd { use }; 111allow netmanager proc_net:file { open write }; 112allow netmanager softbus_server:binder { call transfer }; 113