1# Copyright (c) 2022-2024 Huawei Device Co., Ltd. 2# Licensed under the Apache License, Version 2.0 (the License); 3# you may not use this file except in compliance with the License. 4# You may obtain a copy of the License at 5# 6# http://www.apache.org/licenses/LICENSE-2.0 7# 8# Unless required by applicable law or agreed to in writing, software 9# distributed under the License is distributed on an "AS IS" BASIS, 10# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11# See the License for the specific language governing permissions and 12# limitations under the License. 13 14init_daemon_domain(audio_server); 15 16debug_only(` 17 binder_call(audio_server, sh); 18') 19 20# core func 21 22allow audio_server sa_audio_policy_service:samgr_class { add get }; 23 24allow audio_server sa_pulseaudio_audio_service:samgr_class { get add }; 25 26binder_call(audio_server, audio_server); 27 28allow audio_server dev_unix_socket:dir { search }; 29allow audio_server dev_unix_socket:sock_file { write }; 30 31allow audio_server native_socket:sock_file { write }; 32 33allow audio_server init:unix_stream_socket { accept connectto getattr getopt listen setopt }; 34 35allow audio_server kernel:unix_stream_socket { connectto }; 36 37allow audio_server audio_server:unix_dgram_socket { getopt setopt }; 38 39allow audio_server audio_server:netlink_kobject_uevent_socket { getattr read bind create setopt }; 40 41# dir or file access 42 43allow audio_server data_data_pulse_dir:dir { add_name getattr open read remove_name search setattr write }; 44allow audio_server data_data_pulse_dir:fifo_file { create getattr open read write setattr unlink }; 45allow audio_server data_data_pulse_dir:file { create getattr ioctl read write open lock setattr unlink }; 46allow audio_server data_data_pulse_dir:sock_file { create setattr unlink write }; 47allowxperm audio_server data_data_pulse_dir:file ioctl { 0x5413 }; 48 49allow audio_server system_bin_file:dir { getattr search }; 50 51allow audio_server data_file:dir { search }; 52 53allow audio_server data_data_file:dir { search }; 54 55allow audio_server data_init_agent:dir { search }; 56allow audio_server data_init_agent:file { ioctl open read append }; 57allowxperm audio_server data_init_agent:file ioctl { 0x5413 }; 58 59allow audio_server data_service_file:dir { search }; 60allow audio_server data_service_el1_file:dir { add_name create getattr open read remove_name rmdir search setattr write }; 61allow audio_server data_service_el1_file:file { create getattr ioctl lock map open read rename setattr unlink write }; 62 63allow audio_server vendor_file:file { execute getattr map open read }; 64 65allow audio_server vendor_bin_file:dir { search }; 66 67allow audio_server vendor_etc_file:dir { search }; 68allow audio_server vendor_etc_file:file { getattr read open }; 69 70allow audio_server vendor_lib_file:file { read open getattr map execute }; 71allow audio_server vendor_lib_file:dir { search }; 72 73allow audio_server musl_param:file { open map read }; 74 75allow audio_server dev_ashmem_file:chr_file { open }; 76 77allow audio_server rootfs:chr_file { ioctl read write }; 78allowxperm audio_server rootfs:chr_file ioctl { 0x5413 }; 79 80# /dev/input/ 81allow audio_server dev_input_file:dir { search }; 82allow audio_server dev_input_file:chr_file { read open }; 83 84# /dev/bus/ 85allow audio_server dev_bus:dir { search }; 86allow audio_server dev_bus_usb_file:dir { open read search }; 87allow audio_server dev_bus_usb_file:chr_file { getattr read open }; 88 89# /sys/class/switch/ 90allow audio_server sysfs_switch:file { open read getattr }; 91 92# for application call 93 94binder_call(audio_server, normal_hap_attr); 95 96binder_call(audio_server, system_core_hap_attr); 97 98binder_call(audio_server, system_basic_hap_attr); 99 100# for audio hdf 101 102allow audio_server hdf_audio_hdi_service:hdf_devmgr_class { get }; 103 104allow audio_server hdf_audio_hdi_usb_service:hdf_devmgr_class { get }; 105 106allow audio_server hdf_audio_hdi_a2dp_service:hdf_devmgr_class { get }; 107 108allow audio_server hdf_audio_bluetooth_hdi_service:hdf_devmgr_class { get }; 109 110allow audio_server hdf_audio_manager_service:hdf_devmgr_class { get }; 111 112allow audio_server hdf_effect_model_service:hdf_devmgr_class { get }; 113 114binder_call(audio_server, audio_host); 115 116binder_call(audio_server, a2dp_host); 117 118binder_call(audio_server, hdf_devmgr); 119 120# interact with others 121 122binder_call(audio_server, media_service); 123 124allow audio_server sa_media_monitor:samgr_class { get }; 125binder_call(audio_server, media_monitor); 126 127binder_call(audio_server, bluetooth_service); 128 129binder_call(audio_server, intell_voice_service); 130 131allow audio_server sa_distributeddata_service:samgr_class { get }; 132binder_call(audio_server, distributeddata); 133 134binder_call(audio_server, hdcd); 135 136allow audio_server hidumper_service:fifo_file { write }; 137binder_call(audio_server, hidumper_service); 138 139allow audio_server multimodalinput:unix_stream_socket { read write }; 140allow audio_server sa_multimodalinput_service:samgr_class { get }; 141binder_call(audio_server, multimodalinput); 142 143allow audio_server sa_param_watcher:samgr_class { get }; 144binder_call(audio_server, param_watcher); 145 146allow audio_server sa_accesstoken_manager_service:samgr_class { get }; 147 148allow audio_server sa_powermgr_powermgr_service:samgr_class { get }; 149binder_call(audio_server, powermgr); 150 151allow audio_server sa_device_service_manager:samgr_class { get }; 152 153binder_call(audio_server, accesstoken_service); 154 155allow audio_server accessibility_param:file { map open read }; 156allow audio_server sa_accessibleabilityms:samgr_class { get }; 157binder_call(audio_server, accessibility); 158 159allow audio_server sa_privacy_service:samgr_class { get }; 160binder_call(audio_server, privacy_service); 161 162allow audio_server persist_audio_param:parameter_service { set }; 163allow audio_server persist_param:parameter_service { set }; 164 165allow audio_server paramservice_socket:sock_file { write }; 166 167allow audio_server sa_foundation_devicemanager_service:samgr_class { get }; 168 169binder_call(audio_server, foundation); 170 171allow audio_server sa_foundation_abilityms:samgr_class { get }; 172 173allow audio_server sa_foundation_bms:samgr_class { get }; 174 175allow audio_server sa_foundation_dms:samgr_class { get }; 176 177allow audio_server sa_dataobs_mgr_service_service:samgr_class { get }; 178 179binder_call(audio_server, device_manager); 180 181allow audio_server sa_resource_schedule:samgr_class { get }; 182 183allow audio_server sa_sensor_service:samgr_class { get }; 184binder_call(audio_server, sensors); 185 186allow audio_server sa_accountmgr:samgr_class { get }; 187binder_call(audio_server, accountmgr); 188 189binder_call(audio_server, camera_service); 190 191allow audio_server sa_foundation_cesfwk_service:samgr_class { get }; 192 193# others 194allow domain persist_audio_param:file { map open read }; 195