1# Copyright (c) 2024 Huawei Device Co., Ltd. 2# Licensed under the Apache License, Version 2.0 (the "License"); 3# you may not use this file except in compliance with the License. 4# You may obtain a copy of the License at 5# 6# http://www.apache.org/licenses/LICENSE-2.0 7# 8# Unless required by applicable law or agreed to in writing, software 9# distributed under the License is distributed on an "AS IS" BASIS, 10# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11# See the License for the specific language governing permissions and 12# limitations under the License. 13 14type mediatool, native_system_domain, domain; 15type mediatool_exec, exec_attr, file_attr, system_file_attr; 16 17developer_only(` 18allow mediatool sh:fd { use }; 19allow mediatool medialibrary_hap:fd { use }; 20allow mediatool chip_prod_file:dir { search }; 21allow mediatool debug_param:file { read open map }; 22allow mediatool dev_unix_socket:dir { search }; 23allow mediatool hdcd:fd { use }; 24allow mediatool persist_param:file { read open map }; 25allow mediatool persist_sys_param:file { read open map }; 26allow mediatool samgr:binder { call }; 27allow mediatool sys_prod_file:dir { search }; 28allow mediatool system_usr_file:dir { search getattr }; 29allow mediatool tty_device:chr_file { read write }; 30allow mediatool dev_ptmx:chr_file { read write }; 31allow mediatool devpts:chr_file { read write }; 32allow mediatool system_usr_file:file { read getattr open map }; 33allow mediatool sa_storage_manager_service:samgr_class { get }; 34allow mediatool storage_manager:binder { call }; 35allow mediatool mediatool:unix_dgram_socket { getopt setopt }; 36allow mediatool hiview:unix_dgram_socket { sendto }; 37allow mediatool sa_foundation_abilityms:samgr_class { get }; 38allow mediatool foundation:binder { call transfer }; 39allow mediatool medialibrary_hap:binder { call transfer }; 40allow mediatool mimetype_file:file { read open getattr }; 41allow mediatool devpts:chr_file { ioctl }; 42allow mediatool hdcd:fifo_file { read write }; 43allowxperm mediatool devpts:chr_file ioctl 0x5413; 44allow foundation mediatool:binder { call transfer }; 45allow samgr mediatool:dir { search }; 46allow samgr mediatool:file { read open }; 47allow samgr mediatool:process { getattr }; 48allow samgr mediatool:binder { transfer }; 49allow medialibrary_hap mediatool:binder { transfer }; 50domain_auto_transition_pattern(sh, mediatool_exec, mediatool); 51') 52