xref: /ohos5.0/base/security/selinux_adapter/sepolicy/ohos_policy/multimodalinput/input/system/udevd.te

# Copyright (c) 2021 Huawei Device Co., Ltd.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

init_daemon_domain(udevd);

allow udevd data_file:dir { open search getattr rmdir };
allow udevd data_file:file { open };
allow udevd data_service_el1_file:dir { search write add_name create getattr remove_name read open watch rmdir };
allow udevd data_service_el1_file:file { create unlink write open ioctl read rename };
allow udevd data_service_el1_file:sock_file { create unlink };
allow udevd data_service_file:dir { search };
allow udevd data_udev:dir { rmdir };
allow udevd dev_bus_usb_file:chr_file { setattr };
allow udevd dev_char_file:dir { search write remove_name };
allow udevd dev_char_file:lnk_file { unlink };
allow udevd dev_dri_file:chr_file { getattr write };
allow udevd dev_dri_file:dir { add_name search write };
allow udevd dev_file:dir { add_name create write };
allow udevd dev_file:lnk_file { create getattr };
allow udevd dev_input_file:dir { remove_name rmdir };
allow udevd dev_input_file:lnk_file { getattr read write unlink rename };
allow udevd dev_ptmx:chr_file { write getattr };
#allow udevd sh_exec:file { read open execute execute_no_trans map };
allow udevd system_bin_file:dir { search };
allow udevd sys_file:file { getattr open read };
allow udevd tty_device:chr_file { open read write };
allow udevd udevd:capability { net_admin };
allow udevd udevd:netlink_kobject_uevent_socket { read create bind };
allow udevd udevd:netlink_kobject_uevent_socket { getattr setopt write };
allow udevd udevd:unix_dgram_socket { sendto read };
allow udevd vendor_lib_file:dir { search };
allowxperm udevd data_service_el1_file:file ioctl { 0x5413 };