1# Copyright (c) 2021-2022 Huawei Device Co., Ltd.
2# Licensed under the Apache License, Version 2.0 (the "License");
3# you may not use this file except in compliance with the License.
4# You may obtain a copy of the License at
5#
6#     http://www.apache.org/licenses/LICENSE-2.0
7#
8# Unless required by applicable law or agreed to in writing, software
9# distributed under the License is distributed on an "AS IS" BASIS,
10# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11# See the License for the specific language governing permissions and
12# limitations under the License.
13
14init_daemon_domain(ueventd);
15allow ueventd dev_media_file:chr_file { getattr setattr unlink};
16allow ueventd dev_video_file:chr_file { getattr setattr unlink};
17allow ueventd musl_param:file { read };
18
19allow ueventd accessibility_param:file { map open read };
20allow ueventd bootevent_param:file { map open read };
21allow ueventd bootevent_samgr_param:file { map open read };
22allow ueventd build_version_param:file { map open read };
23allow ueventd const_allow_mock_param:file { map open read };
24allow ueventd const_allow_param:file { map open read };
25allow ueventd const_build_param:file { map open read };
26allow ueventd const_display_brightness_param:file { map open read };
27allow ueventd const_param:file { map open read };
28allow ueventd const_postinstall_fstab_param:file { map open read };
29allow ueventd const_postinstall_param:file { map open read };
30allow ueventd const_product_param:file { map open read };
31allow ueventd debug_param:file { map open read };
32allow ueventd default_param:file { map open read };
33allow ueventd dev_ashmem_file:chr_file { relabelto };
34allow ueventd dev_at_file:chr_file { relabelto };
35allow ueventd dev_bbox:chr_file { relabelto };
36allow ueventd dev_binder_file:chr_file { getattr setattr };
37allow ueventd dev_block_file:blk_file { create getattr relabelto setattr };
38allow ueventd dev_block_file:dir { add_name getattr search write };
39allow ueventd dev_block_file:lnk_file { create };
40allow ueventd dev_block_volfile:blk_file { create getattr relabelfrom setattr };
41allow ueventd dev_block_volfile:dir { add_name getattr search write };
42allow ueventd dev_bus:dir { getattr relabelto search };
43allow ueventd dev_bus_usb_file:chr_file { create getattr relabelto setattr unlink };
44allow ueventd dev_bus_usb_file:dir { add_name create getattr relabelto remove_name search write };
45allow ueventd dev_console_file:chr_file { relabelto };
46allow ueventd dev_cpu_dma_latency_file:chr_file { relabelto };
47allow ueventd dev_dev_cec0:chr_file { relabelto };
48allow ueventd dev_dma_heap_file:chr_file { create getattr relabelto setattr };
49allow ueventd dev_dma_heap_file:dir { add_name getattr relabelto search write };
50allow ueventd dev_dri_file:chr_file { create getattr relabelto setattr };
51allow ueventd dev_dri_file:dir { add_name getattr relabelto search write };
52allow ueventd dev_file:chr_file { create getattr relabelfrom setattr unlink };
53allow ueventd dev_mapper_control_file:chr_file { create getattr relabelfrom setattr unlink };
54allow ueventd dev_file:dir { add_name create getattr relabelfrom write remove_name };
55allow ueventd dev_file:file { create read write open };
56allow ueventd dev_full:chr_file { relabelto };
57allow ueventd dev_fuse_file:chr_file { relabelto };
58allow ueventd dev_gpiochip:chr_file { relabelto };
59allow ueventd dev_graphics_file:chr_file { relabelto };
60allow ueventd dev_graphics_file:dir { getattr relabelto search };
61allow ueventd dev_hdf_audio_capture:chr_file { relabelto };
62allow ueventd dev_hdf_audio_codec_primary:chr_file { relabelto };
63allow ueventd dev_hdf_audio_codec_hdmi:chr_file { getattr open read write };
64allow ueventd dev_hdf_audio_control:chr_file { relabelto };
65allow ueventd dev_hdf_audio_render:chr_file { relabelto };
66allow ueventd dev_hdf_bl:chr_file { relabelto };
67allow ueventd dev_hdf_disp:chr_file { relabelto };
68allow ueventd dev_hdf_file:chr_file { relabelto };
69allow ueventd dev_hdf_i2c_mgr:chr_file { relabelto };
70allow ueventd dev_hdf_input:chr_file { relabelto getattr setattr unlink };
71allow ueventd dev_hdf_kevent:chr_file { relabelto };
72allow ueventd dev_hdf_light:chr_file { relabelto };
73allow ueventd dev_hdf_misc_vibrator:chr_file { relabelto };
74allow ueventd dev_hdf_sensor_mgr:chr_file { relabelto };
75allow ueventd dev_hdf_test:chr_file { relabelto };
76allow ueventd dev_hdf_usb_pnp:chr_file { relabelto };
77allow ueventd dev_hdmi_hdcp1x:chr_file { relabelto };
78allow ueventd dev_xpm:chr_file { relabelto };
79allow ueventd dev_hwbinder_file:chr_file { relabelto };
80allow ueventd dev_hwrng:chr_file { relabelto };
81allow ueventd dev_i2c:chr_file { relabelto };
82allow ueventd dev_i2c_test:chr_file { relabelto };
83allow ueventd dev_iio_file:chr_file { relabelto };
84allow ueventd dev_input_file:chr_file { create getattr relabelto setattr unlink };
85allow ueventd dev_input_file:dir { add_name getattr relabelto search write remove_name };
86allow ueventd dev_kmsg_file:chr_file { getattr open setattr write };
87allow ueventd dev_loop_control_file:chr_file { relabelto };
88allow ueventd dev_mali:chr_file { relabelto };
89allow ueventd dev_media_file:chr_file { relabelto };
90allow ueventd dev_mem:chr_file { relabelto };
91allow ueventd dev_mgr_file:chr_file { relabelto };
92allow ueventd dev_mpp:chr_file { relabelto };
93allow ueventd dev_null_file:chr_file { setattr };
94allow ueventd dev_pm_test:chr_file { relabelto };
95allow ueventd dev_port:chr_file { relabelto };
96allow ueventd dev_ptmx:chr_file { relabelto };
97allow ueventd dev_ptp:chr_file { relabelto };
98allow ueventd dev_random_file:chr_file { setattr };
99allow ueventd dev_rfkill:chr_file { relabelto };
100allow ueventd dev_rga:chr_file { relabelto };
101allow ueventd dev_rpmb_file:chr_file { relabelto };
102allow ueventd dev_rtc_file:chr_file { relabelto };
103allow ueventd dev_sample_svc:chr_file { relabelto };
104allow ueventd dev_sched_rtg_ctrl:chr_file { relabelto };
105allow ueventd dev_snapshot:chr_file { relabelto };
106allow ueventd dev_svc_mgr_file:chr_file { relabelto };
107allow ueventd dev_sw_sync:chr_file { relabelto };
108allow ueventd dev_tee_file:chr_file { relabelto };
109allow ueventd dev_ubi_file:chr_file { relabelto };
110allow ueventd dev_uhid_file:chr_file { relabelto };
111allow ueventd dev_tun_file:chr_file { relabelto };
112allow ueventd dev_uinput:chr_file { relabelto };
113allow ueventd dev_unix_socket:dir { search };
114allow ueventd dev_vcs_file:chr_file { relabelto };
115allow ueventd dev_v_file:chr_file { relabelto };
116allow ueventd dev_vhci_file:chr_file { relabelto };
117allow ueventd dev_video_file:chr_file { relabelto };
118allow ueventd dev_vndbinder_file:chr_file { relabelto };
119allow ueventd dev_watchdog_file:chr_file { relabelto };
120allow ueventd dev_zero_file:chr_file { relabelto };
121allow ueventd distributedsche_param:file { map open read };
122allow ueventd hilog_param:file { map open read };
123allow ueventd hw_sc_build_os_param:file { map open read };
124allow ueventd hw_sc_build_param:file { map open read };
125allow ueventd hw_sc_param:file { map open read };
126allow ueventd init:netlink_kobject_uevent_socket { getopt };
127allow ueventd init_param:file { map open read };
128allow ueventd init_svc_param:file { map open read };
129allow ueventd input_pointer_device_param:file { map open read };
130allow ueventd net_param:file { map open read };
131allow ueventd net_tcp_param:file { map open read };
132allow ueventd ohos_boot_param:file { map open read };
133allow ueventd ohos_param:file { map open read };
134allow ueventd persist_param:file { map open read };
135allow ueventd persist_sys_param:file { map open read };
136allow ueventd proc_cmdline_file:file { open read };
137allow ueventd security_param:file { map open read };
138allow ueventd startup_param:file { map open read };
139allow ueventd sys_file:dir { open read };
140allow ueventd sys_file:file { open write };
141allow ueventd sysfs_gadget_usb:dir { open read };
142allow ueventd sysfs_block_file:dir { open read };
143allow ueventd sysfs_block_file:file { open write };
144allow ueventd sysfs_block_loop:dir { open read };
145allow ueventd sysfs_block_loop:file { open write };
146allow ueventd sysfs_block_zram:dir { open read };
147allow ueventd sysfs_block_zram:file { open write };
148allow ueventd sysfs_devices_system_cpu:dir { open read };
149allow ueventd sysfs_devices_system_cpu:file { open write };
150allow ueventd sysfs_extcon:dir { open read };
151allow ueventd sysfs_leds:dir { open read };
152allow ueventd sysfs_net:dir { open read };
153allow ueventd sysfs_net:file { open write };
154allow ueventd sysfs_rtc:dir { open read };
155allow ueventd sysfs_wakeup:dir { open read };
156allow ueventd sysfs_wakeup:file { open write };
157allow ueventd sys_param:file { map open read };
158allow ueventd system_bin_file:dir { search };
159allow ueventd sys_usb_param:file { map open read };
160allow ueventd tmpfs:dir { relabelfrom write };
161allow ueventd tty_device:chr_file { getattr relabelto setattr };
162allow ueventd ueventd:capability { chown fowner fsetid mknod setgid net_admin dac_override };
163allow ueventd ueventd:netlink_kobject_uevent_socket { create setopt bind read };
164allow ueventd vendor_etc_file:dir { search };
165allow ueventd init:unix_dgram_socket { read write };
166allow ueventd paramservice_socket:sock_file { write };
167allow ueventd kernel:unix_stream_socket { connectto };
168allow ueventd dev_block_file:blk_file { relabelfrom };
169allow ueventd dev_block_file:lnk_file { relabelfrom getattr };
170allow ueventd dev_block_file:dir { open read };
171allow ueventd dev_block_volfile:lnk_file { setattr getattr relabelfrom};
172
173# for hyperhold
174allow ueventd zram_device:blk_file { relabelto getattr setattr };
175
176# avc:  denied  { getattr } for  pid=250 comm="ueventd" path="/dev/block/mmcblk0p2" dev="tmpfs" ino=35 scontext=u:r:ueventd:s0 tcontext=u:object_r:updater_block_file:s0 tclass=blk_file permissive=0
177# avc:  denied  { relabelfrom } for  pid=250 comm="ueventd" name="mmcblk0p2" dev="tmpfs" ino=35 scontext=u:r:ueventd:s0 tcontext=u:object_r:updater_block_file:s0 tclass=blk_file permissive=0
178# avc:  denied  { setattr } for  pid=250 comm="ueventd" name="mmcblk0p2" dev="tmpfs" ino=35 scontext=u:r:ueventd:s0 tcontext=u:object_r:updater_block_file:s0 tclass=blk_file permissive=0
179# avc:  denied  { relabelto } for  pid=245 comm="ueventd" name="mmcblk0p2" dev="tmpfs" ino=35 scontext=u:r:ueventd:s0 tcontext=u:object_r:updater_block_file:s0 tclass=blk_file permissive=1
180allow ueventd updater_block_file:blk_file { getattr relabelfrom setattr relabelto };
181
182# avc:  denied  { getattr } for  pid=242 comm="ueventd" path="/dev/block/mmcblk0p2" dev="tmpfs" ino=35 scontext=u:r:ueventd:s0 tcontext=u:object_r:tmpfs:s0 tclass=blk_file permissive=0
183# avc:  denied  { relabelfrom } for  pid=242 comm="ueventd" name="mmcblk0p2" dev="tmpfs" ino=35 scontext=u:r:ueventd:s0 tcontext=u:object_r:tmpfs:s0 tclass=blk_file permissive=0
184# avc:  denied  { setattr } for  pid=242 comm="ueventd" name="mmcblk0p2" dev="tmpfs" ino=35 scontext=u:r:ueventd:s0 tcontext=u:object_r:tmpfs:s0 tclass=blk_file permissive=0
185allow ueventd tmpfs:blk_file { getattr relabelfrom setattr };
186
187# avc:  denied  { getattr } for  pid=245 comm="ueventd" path="/dev/block/by-name/misc" dev="tmpfs" ino=37 scontext=u:r:ueventd:s0 tcontext=u:object_r:updater_block_file:s0 tclass=lnk_file permissive=1
188allow ueventd updater_block_file:lnk_file { getattr };
189
190