1# Copyright (c) 2023 Huawei Device Co., Ltd.
2# Licensed under the Apache License, Version 2.0 (the "License");
3# you may not use this file except in compliance with the License.
4# You may obtain a copy of the License at
5#
6#     http://www.apache.org/licenses/LICENSE-2.0
7#
8# Unless required by applicable law or agreed to in writing, software
9# distributed under the License is distributed on an "AS IS" BASIS,
10# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11# See the License for the specific language governing permissions and
12# limitations under the License.
13
14#avc:denied { call } scontext=u:r:nfc_service:s0 tcontext=u:r:normal_hap:s0 tclass=binder
15#avc:denied { transfer } scontext=u:r:nfc_service:s0 tcontext=u:r:normal_hap:s0 tclass=binder
16allow nfc_service hap_domain:binder { transfer call };
17#avc:denied { getattr } scontext=u:r:nfc_service:s0 tcontext=u:object_r:vendor_etc_file:s0 tclass=dir
18#avc:denied { search } scontext=u:r:nfc_service:s0 tcontext=u:object_r:vendor_etc_file:s0 tclass=dir
19allow nfc_service vendor_etc_file:dir { getattr search };
20allow nfc_service sys_file:file { read };
21allow nfc_service dev_kmsg_file:chr_file { open write };
22#avc:denied { map } scontext=u:r:nfc_service:s0 tcontext=u:object_r:persist_param:s0 tclass=file
23#avc:denied { open } scontext=u:r:nfc_service:s0 tcontext=u:object_r:persist_param:s0 tclass=file
24#avc:denied { read } scontext=u:r:nfc_service:s0 tcontext=u:object_r:persist_param:s0 tclass=file
25allow nfc_service persist_param:file { map open read };
26allow nfc_service hiview_file:dir { open read remove_name search write };
27allow nfc_service hiview_file:file { getattr open read unlink };
28#avc:denied { write } scontext=u:r:nfc_service:s0 tcontext=u:object_r:data_nfc:s0 tclass=dir
29#avc:denied { add_name } scontext=u:r:nfc_service:s0 tcontext=u:object_r:data_nfc:s0 tclass=dir
30#avc:denied { remove_name } scontext=u:r:nfc_service:s0 tcontext=u:object_r:data_nfc:s0 tclass=dir
31allow nfc_service data_nfc:dir { write add_name remove_name };
32#avc:denied { create write open } scontext=u:r:nfc_service:s0 tcontext=u:object_r:data_nfc:s0 tclass=file
33#avc:denied { getattr ioctl setattr } scontext=u:r:nfc_service:s0 tcontext=u:object_r:data_nfc:s0 tclass=file
34#avc:denied { read rename unlink } scontext=u:r:nfc_service:s0 tcontext=u:object_r:data_nfc:s0 tclass=file
35allow nfc_service data_nfc:file { create write open getattr ioctl setattr read rename unlink };
36allowxperm nfc_service data_nfc:file ioctl { 0x5413 };
37#avc:denied { getattr } scontext=u:r:nfc_service:s0 tcontext=u:object_r:vendor_etc_file:s0 tclass=dir
38#avc:denied { search } scontext=u:r:nfc_service:s0 tcontext=u:object_r:vendor_etc_file:s0 tclass=dir
39allow nfc_service vendor_etc_file:dir { getattr search };
40allow nfc_service vendor_bin_file:dir {search};
41
42
43