1# Copyright (c) 2022-2023 Huawei Device Co., Ltd. 2# Licensed under the Apache License, Version 2.0 (the "License"); 3# you may not use this file except in compliance with the License. 4# You may obtain a copy of the License at 5# 6# http://www.apache.org/licenses/LICENSE-2.0 7# 8# Unless required by applicable law or agreed to in writing, software 9# distributed under the License is distributed on an "AS IS" BASIS, 10# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11# See the License for the specific language governing permissions and 12# limitations under the License. 13 14allow softbus_server bluetooth_service:fd { use }; 15allow softbus_server bluetooth_service:unix_stream_socket { read read write setopt shutdown write }; 16 17#avc: denied { call } for pid=496 comm="softbus_server" scontext=u:r:softbus_server:s0 tcontext=u:r:dcamera:s0 tclass=binder permissive=0 18allow softbus_server dcamera:binder { call transfer }; 19 20#avc: denied { call } for pid=471 comm="softbus_server" scontext=u:r:softbus_server:s0 tcontext=u:r:dscreen:s0 tclass=binder permissive=0 21allow softbus_server dscreen:binder { call }; 22 23allow softbus_server d-bms:binder { call }; 24 25#avc: denied { transfer } for pid=558 comm="softbus_server" scontext=u:r:softbus_server:s0 tcontext=u:r:normal_hap:s0 tclass=binder permissive=0 26#avc: denied { transfer } for pid=471 comm="softbus_server" scontext=u:r:softbus_server:s0 tcontext=u:r:normal_hap:s0 tclass=binder permissive=0 27allow softbus_server normal_hap_attr:binder { call transfer }; 28 29#avc: denied { use } for pid=1537 comm="com.ohos.settin" path="/dev/ashmem" dev="tmpfs" ino=178 scontext=u:r:softbus_server:s0 tcontext=u:r:normal_hap:s0 tclass=fd permissive=0 30#avc: denied { use } for pid=1601 comm="com.ohos.settin" path="/dev/ashmem" dev="tmpfs" ino=177 scontext=u:r:softbus_server:s0 tcontext=u:r:normal_hap:s0 tclass=fd permissive=0 31allow softbus_server normal_hap_attr:fd { use }; 32 33allow softbus_server sa_accesstoken_manager_service:samgr_class { get }; 34allow softbus_server sa_accountmgr:samgr_class { get }; 35allow softbus_server sa_bluetooth_server:samgr_class { get }; 36allow softbus_server sa_foundation_abilityms:samgr_class { get }; 37allow softbus_server sa_foundation_cesfwk_service:samgr_class { get }; 38allow softbus_server sa_param_watcher:samgr_class { get }; 39 40#avc: denied { get } for service=3505 pid=532 scontext=u:r:softbus_server:s0 tcontext=u:object_r:sa_privacy_service:s0 tclass=samgr_class permissive=0 41allow softbus_server sa_privacy_service:samgr_class { get }; 42 43allow softbus_server softbus_server:netlink_route_socket { nlmsg_readpriv }; 44allow softbus_server sa_softbus_service:samgr_class { add get }; 45allow softbus_server sa_wifi_device_ability:samgr_class { get }; 46allow softbus_server sa_wifi_hotspot_ability:samgr_class { get }; 47allow softbus_server sa_wifi_p2p_ability:samgr_class { get }; 48allow softbus_server sa_wifi_scan_ability:samgr_class { get }; 49debug_only(` 50 allow softbus_server sh:binder { call transfer }; 51') 52 53#avc: denied { create } for pid=540 comm="softbus_server" scontext=u:r:softbus_server:s0 tcontext=u:r:softbus_server:s0 tclass=socket permissive=0 54allow softbus_server softbus_server:socket { bind create ioctl setopt shutdown getattr connect accept listen read write getopt }; 55 56#avc: denied { getopt } for pid=482 comm="THREAD_POOL" scontext=u:r:softbus_server:s0 tcontext=u:r:softbus_server:s0 tclass=tcp_socket permissive=1 57allow softbus_server softbus_server:tcp_socket { getopt }; 58 59#avc: denied { ioctl } for pid=526 comm="softbus_server" path="socket:[36080]" dev="sockfs" ino=36080 ioctlcmd=0x8933 scontext=u:r:softbus_server:s0 tcontext=u:r:softbus_server:s0 tclass=socket permissive=0 60allowxperm softbus_server softbus_server:socket ioctl { 0x8933 0x8916 0x890B 0x8913 0x8936 0x890c }; 61 62#avc: denied { call } for pid=509 comm="0IPC_686" scontext=u:r:softbus_server:s0 tcontext=u:r:system_core_hap:s0 tclass=binder permissive=0 63allow softbus_server system_core_hap_attr:binder { call }; 64 65binder_call(softbus_server, privacy_service); 66binder_call(softbus_server, accountmgr); 67binder_call(softbus_server, netmanager); 68 69allow softbus_server musl_param:file { open map read }; 70 71#avc: denied { use } for pid=530 comm="IPC_0_952" path="/dev/ashmem" dev="tmpfs" ino=184 scontext=u:r:softbus_server:s0 tcontext=u:r:distributeddata:s0 tclass=fd permissive=1 72allow softbus_server distributeddata:fd { use }; 73 74#avc: denied { get } for service=1301 pid=494 scontext=u:r:softbus_server:s0 tcontext=u:object_r:sa_distributeddata_service:s0 tclass=samgr_class permissive=0 75allow softbus_server sa_distributeddata_service:samgr_class { get }; 76 77#avc: denied { get } for service=182 pid=522 scontext=u:r:softbus_server:s0 tcontext=u:object_r:sa_dataobs_mgr_service_service:s0 tclass=samgr_class permissive=0 78allow softbus_server sa_dataobs_mgr_service_service:samgr_class { get }; 79 80#avc: denied { get } for service=401 pid=512 scontext=u:r:softbus_server:s0 tcontext=u:object_r:sa_foundation_bms:s0 tclass=samgr_class permissive=0 81allow softbus_server sa_foundation_bms:samgr_class { get }; 82 83#avc: denied { get } for service=6001 pid=1248 scontext=u:r:softbus_server:s0 tcontext=u:object_r:sa_device_profile_service:s0 tclass=samgr_class permissive=1 84allow softbus_server sa_device_profile_service:samgr_class { get }; 85 86#avc: denied { get } for service=1151 pid=602 scontext=u:r:softbus_server:s0 tcontext=u:object_r:sa_net_conn_manager:s0 tclass=samgr_class permissive=0 87allow softbus_server sa_net_conn_manager:samgr_class { get }; 88 89# avc: denied { read write } for pid=2312 comm="SaInit0" name="btdev0" dev="tmpfs" ino=184 scontext =u:r:softbus_server:s0 tcontext=u:object_r:dev_file:s0 tclass=chr_file permissive=0 90debug_only(` 91 allow softbus_server dev_file:chr_file { read write open ioctl }; 92') 93 94#avc: denied { read } for pid=456 comm="softbus_server" name="af_ninet" dev="sysfs" ino=13529 scontext=u:r:softbus_server:s0 tcontext=u:object_r:sys_file:s0 tclass=file permissive=0 95allow softbus_server sys_file:file { open read }; 96 97#avc: denied { call } for pid=2167 scontext=u:r:softbus_server:s0 tcontext=u:r:pasteboard_service:s0 tclass=binder permissive=1 98#avc: denied { transfer } for pid=2167 scontext=u:r:softbus_server:s0 tcontext=u:r:pasteboard_service:s0 tclass=binder permissive=1 99allow softbus_server pasteboard_service:binder { call transfer }; 100 101#avc: denied { read } for pid=497 comm="softbus_server" name="nip_route" dev="proc" ino=4026532651 scontext=u:r:softbus_server:s0 tcontext=u:object_r:proc_net:s0 tclass=file permissive=0 102#avc: denied { getattr } for pid=540 comm="SaInit0" path="/proc/540/net/nip_route" dev="proc" ino=4026532673 scontext=u:r:softbus_server:s0 tcontext=u:object_r:proc_net:s0 tclass=file permissive=0 103allow softbus_server proc_net:file { open getattr read }; 104 105#avc: denied { get } for service=1203 pid=1219 scontext=u:r:softbus_server:s0 tcontext=u:object_r:sa_sys_event_service:s0 tclass=samgr_class permissive=0 106allow softbus_server sa_sys_event_service:samgr_class { get }; 107 108#avc: denied { transfer } for pid=1480 comm="IPC_0_1595" scontext=u:r:softbus_server:s0 tcontext=u:r:hiview:s0 tclass=binder permissive=0 109allow softbus_server hiview:binder { transfer }; 110 111#avc: denied { use } for pid=516 comm="IPC_5_2079" path="/dev/ashmem" dev="tmpfs" ino=677 scontext=u:r:softbus_server:s0 tcontext=u:r:hiview:s0 tclass=fd permissive=0 112allow softbus_server hiview:fd { use }; 113 114#avc: denied { transfer } for pid=1421 comm="SaInit0" scontext=u:r:softbus_server:s0 tcontext=u:r:distributeddata:s0 tclass=binder permissive=0 115allow softbus_server distributeddata:binder { transfer }; 116 117#avc: denied { get } for service=501 pid=1448 scontext=u:r:softbus_server:s0 tcontext=u:object_r:sa_foundation_appms:s0 tclass=samgr_class permissive=0 118allow softbus_server sa_foundation_appms:samgr_class { get }; 119 120#avc: denied { setattr } for pid=4233 comm="IPC_1_4241" name="gen_natural_store.db" dev="sdd78" ino=56915 scontext=u:r:softbus_server:s0 tcontext=u:object_r:data_service_el1_file:s0 tclass=file permissive=1 121allow softbus_server data_service_el1_file:file { map setattr }; 122 123#avc: denied { getattr } for pid=1032 comm="IPC_2_1941" path="/data/service/el1/public/database/dsoftbus/kvdb/4cee433d3b0a6fca315f8eff4d59b13eaa177772d85bde578b7bf9fe1ea3a4dc/single_ver/main" dev="sdd78" ino=5376 scontext=u:r:softbus_server:s0 tcontext=u:object_r:data_service_el1_file:s0 tclass=dir permissive=0 124allow softbus_server data_service_el1_file:dir { create getattr }; 125 126allow softbus_server wifi_manager_service:fd { use }; 127