1# Copyright (c) 2021-2023 Huawei Device Co., Ltd. 2# Licensed under the Apache License, Version 2.0 (the "License"); 3# you may not use this file except in compliance with the License. 4# You may obtain a copy of the License at 5# 6# http://www.apache.org/licenses/LICENSE-2.0 7# 8# Unless required by applicable law or agreed to in writing, software 9# distributed under the License is distributed on an "AS IS" BASIS, 10# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11# See the License for the specific language governing permissions and 12# limitations under the License. 13 14allow foundation appspawn:unix_stream_socket { connectto }; 15allow foundation appspawn_socket:sock_file { write }; 16allow foundation configfs:dir { open read search }; 17allow foundation data_app_el1_file:dir { search }; 18allow foundation data_app_el1_file:file { getattr read }; 19allow foundation data_app_file:dir { search }; 20allow foundation data_service_el1_file:dir { add_name open read search write }; 21allow foundation data_service_el1_file:file { create getattr ioctl open read write }; 22allow foundation data_service_file:dir { search }; 23allow foundation data_storage:dir { search }; 24allow foundation data_system_ce:dir { add_name search write }; 25allow foundation data_system_ce:file { create getattr ioctl lock map open read write }; 26allow foundation dev_mali:chr_file { ioctl map read write }; 27allow foundation deviceauth_service:binder { call }; 28allow foundation distributeddata:binder { call transfer }; 29allow foundation distributedsche:binder { call transfer }; 30allow foundation distributedsche:fd { use }; 31allow foundation dscreen:binder { call transfer }; 32allow foundation edm_sa:binder { call }; 33allow foundation foundation:unix_dgram_socket { getopt setopt }; 34allow foundation hdf_devmgr:binder { call transfer }; 35allow foundation hiview:binder { transfer }; 36allow foundation inputmethod_service:binder { call }; 37allow foundation msdp_sa:binder { call transfer }; 38allow foundation multimodalinput:fd { use }; 39allow foundation multimodalinput:unix_stream_socket { read }; 40allow foundation normal_hap_attr:file { getattr read }; 41allow foundation normal_hap_attr:process { sigkill }; 42allow foundation ohos_param:parameter_service { set }; 43allow foundation param_watcher:binder { call transfer }; 44allow foundation power_host:binder { call transfer }; 45allow foundation sa_distributeschedule:samgr_class { get }; 46allow foundation softbus_server:binder { call }; 47allow foundation storage_manager:binder { call }; 48allow foundation sys_file:dir { open read }; 49allow foundation sys_file:file { open read }; 50allow foundation system_basic_hap_attr:dir { search }; 51allow foundation system_basic_hap_attr:file { getattr read }; 52allow foundation system_file:dir { getattr open read }; 53allow foundation system_file:file { getattr open read }; 54allow foundation telephony_sa:binder { call transfer }; 55allow foundation tracefs:dir { search }; 56allow foundation tracefs_trace_marker_file:file { open write }; 57allow foundation vendor_file:file { execute getattr map open read }; 58allow foundation vendor_etc_file:dir { search }; 59allow foundation vendor_etc_file:file { getattr open read }; 60allow foundation work_scheduler_service:binder { call }; 61