1# Copyright (c) 2023 Huawei Device Co., Ltd.
2# Licensed under the Apache License, Version 2.0 (the "License");
3# you may not use this file except in compliance with the License.
4# You may obtain a copy of the License at
5#
6#     http://www.apache.org/licenses/LICENSE-2.0
7#
8# Unless required by applicable law or agreed to in writing, software
9# distributed under the License is distributed on an "AS IS" BASIS,
10# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11# See the License for the specific language governing permissions and
12# limitations under the License.
13
14updater_only(`
15
16# avc_audit_slow:267] avc: denied { map } for pid=793, comm="/bin/updater_binary"  path="/dev/__parameters__/u:object_r:persist_param:s0" dev="" ino=179 scontext=u:r:updater_binary:s0 tcontext=u:object_r:persist_param:s0 tclass=file permissive=1
17# avc_audit_slow:267] avc: denied { open } for pid=793, comm="/bin/updater_binary"  path="/dev/__parameters__/u:object_r:persist_param:s0" dev="" ino=179 scontext=u:r:updater_binary:s0 tcontext=u:object_r:persist_param:s0 tclass=file permissive=1
18allow updater_binary persist_param:file { map open };
19
20#avc: denied { search } for pid=281 comm="updater" name="/" dev="rootfs" ino=1 scontext=u:object_r:updater_binary:s0 tcontext=u:object_r:rootfs:s0 tclass=dir permissive=1
21# avc:  denied  { read write } for  pid=273 comm="updater_binary" name="updater" dev="rootfs" ino=20121 scontext=u:r:updater_binary:s0 tcontext=u:object_r:rootfs:s0 tclass=dir permissive=0
22# avc:  denied  { add_name } for  pid=269 comm="updater_binary" name="loadScript.us" scontext=u:r:updater_binary:s0 tcontext=u:object_r:rootfs:s0 tclass=dir permissive=0
23# avc: denied { create } for pid=264 comm="updater_binary" name="update_tmp" scontext=u:r:updater_binary:s0 tcontext=u:object_r:rootfs:s0 tclass=dir permissive=1
24# avc: denied { open } for pid=264 comm="updater_binary" path="/data/updater/update_tmp" dev="rootfs" ino=20420 scontext=u:r:updater_binary:s0 tcontext=u:object_r:rootfs:s0 tclass=dir permissive=1
25# avc: denied { remove_name } for pid=264 comm="updater_binary" name="system" dev="rootfs" ino=20402 scontext=u:r:updater_binary:s0 tcontext=u:object_r:rootfs:s0 tclass=dir permissive=1
26allow updater_binary rootfs:dir { search read write add_name create open remove_name };
27
28#avc: denied { execute } for pid=279 comm="updater" name="ld-musl-arm.so.1" dev="rootfs" ino=596 scontext=u:r:updater_binary:s0 tcontext=u:object_r:rootfs:s0 tclass=file permissive=1
29#avc: denied { read open } for pid=279 comm="updater" path="/lib/ld-musl-arm.so.1" dev="rootfs" ino=596 scontext=u:r:updater_binary:s0 tcontext=u:object_r:rootfs:s0 tclass=file permissive=1
30#avc: denied { map } for pid=279 comm="updater_binary" path="/lib/ld-musl-arm.so.1" dev="rootfs" ino=596 scontext=u:r:updater_binary:s0 tcontext=u:object_r:rootfs:s0 tclass=file permissive=1
31#avc: denied { getattr } for pid=279 comm="updater_binary" path="/etc/ld-musl-namespace-arm.ini" dev="rootfs" ino=418 scontext=u:r:updater_binary:s0 tcontext=u:object_r:rootfs:s0 tclass=file permissive=1
32# avc:  denied  { execute_no_trans } for  pid=277 comm="updater_binary" path="/bin/processdump" dev="rootfs" ino=17428 scontext=u:r:updater_binary:s0 tcontext=u:object_r:rootfs:s0 tclass=file permissive=0
33# avc:  denied  { create } for  pid=267 comm="updater_binary" name="loadScript.us" scontext=u:r:updater_binary:s0 tcontext=u:object_r:rootfs:s0 tclass=file permissive=0
34# avc:  denied  { write } for  pid=269 comm="updater_binary" path="/data/updater/loadScript.us" dev="rootfs" ino=27819 scontext=u:r:updater_binary:s0 tcontext=u:object_r:rootfs:s0 tclass=file permissive=0
35# avc:  denied  { ioctl } for  pid=265 comm="updater_binary" path="/data/updater/Verse-script.us" dev="rootfs" ino=18908 ioctlcmd=0x5413 scontext=u:r:updater_binary:s0 tcontext=u:object_r:rootfs:s0 tclass=file permissive=0
36# avc: denied { ioctl } for pid=264 comm="updater_binary" path="/data/updater/system" dev="rootfs" ino=20402 ioctlcmd=0x5413 scontext=u:r:updater_binary:s0 tcontext=u:object_r:rootfs:s0 tclass=file permissive=1
37# avc: denied { rename } for pid=264 comm="updater_binary" name="system" dev="rootfs" ino=20402 scontext=u:r:updater_binary:s0 tcontext=u:object_r:rootfs:s0 tclass=file permissive=1
38allow updater_binary rootfs:file { execute read open map getattr execute_no_trans create write ioctl rename };
39
40# avc:  denied  { ioctl } for  pid=265 comm="updater_binary" path="/data/updater/Verse-script.us" dev="rootfs" ino=18908 ioctlcmd=0x5413 scontext=u:r:updater_binary:s0 tcontext=u:object_r:rootfs:s0 tclass=file permissive=0
41allowxperm updater_binary rootfs:file ioctl { 0x5413 };
42
43#avc: denied { ioctl } for pid=270 comm="updater_binary" path="/dev/console" dev="rootfs" ino=17411 ioctlcmd=0x5413 scontext=u:r:updater_binary:s0 tcontext=u:object_r:rootfs:s0 tclass=chr_file permissive=1
44#avc: denied { write } for pid=270 comm="updater_binary" path="/dev/console" dev="rootfs" ino=17411 scontext=u:r:updater_binary:s0 tcontext=u:object_r:rootfs:s0 tclass=chr_file permissive=1
45allow updater_binary rootfs:chr_file { ioctl write };
46allowxperm updater_binary rootfs:chr_file ioctl { 0x5413 };
47
48#avc: denied { search } for pid=281 comm="updater" name="/" dev="tmpfs" ino=1 scontext=u:object_r:updater_binary:s0 tcontext=u:object_r:tmpfs:s0 tclass=dir permissive=1
49allow updater_binary tmpfs:dir { search };
50
51#avc: denied { execute } for pid=279 comm="updater" name="updater_binary" dev="tmpfs" ino=6 scontext=u:r:updater_binary:s0 tcontext=u:object_r:tmpfs:s0 tclass=file permissive=1
52#avc: denied { open } for pid=279 comm="updater" path="/tmp/updater_binary" dev="tmpfs" ino=6 scontext=u:r:updater_binary:s0 tcontext=u:object_r:tmpfs:s0 tclass=file permissive=1
53#avc: denied { execute_no_trans } for pid=279 comm="updater" path="/tmp/updater_binary" dev="tmpfs" ino=6 scontext=u:r:updater_binary:s0 tcontext=u:object_r:tmpfs:s0 tclass=file permissive=1
54#avc: denied { read open } for pid=281 comm="updater" path="/tmp/updater_binary" dev="tmpfs" ino=5 scontext=u:object_r:updater_binary:s0 tcontext=u:object_r:tmpfs:s0 tclass=file permissive=1
55#avc: denied { append } for pid=270 comm="updater_binary" name="updater.log" dev="tmpfs" ino=2 scontext=u:r:updater_binary:s0 tcontext=u:object_r:tmpfs:s0 tclass=file permissive=1
56#avc: denied { getattr } for pid=270 comm="updater_binary" path="/tmp/updater.log" dev="tmpfs" ino=2 scontext=u:r:updater_binary:s0 tcontext=u:object_r:tmpfs:s0 tclass=file permissive=1
57#avc: denied { ioctl } for pid=270 comm="updater_binary" path="/tmp/updater.log" dev="tmpfs" ino=2 ioctlcmd=0x5413 scontext=u:r:updater_binary:s0 tcontext=u:object_r:tmpfs:s0 tclass=file permissive=1
58allow updater_binary tmpfs:file { execute read open execute_no_trans append getattr ioctl create write};
59allowxperm updater_binary tmpfs:file ioctl { 0x5413 };
60
61# avc: denied { fork } for pid=281 comm="updater_binary" scontext=u:object_r:updater_binary:s0 tcontext=u:object_r:updater_binary:s0 tclass=process permissive=1
62allow updater_binary updater_binary:process { fork };
63
64# avc: denied { write } for pid=281 comm="updater_binary" path="pipe:[1664]" dev="pipefs" ino=1664 scontext=u:object_r:updater_binary:s0 tcontext=u:r:updater:s0 tclass=fifo_file permissive=1
65# avc: denied { getattr } for pid=270 comm="updater_binary" path="pipe:[18906]" dev="pipefs" ino=18906 scontext=u:r:updater_binary:s0 tcontext=u:r:updater:s0 tclass=fifo_file permissive=1
66# avc: denied { ioctl } for pid=270 comm="updater_binary" path="pipe:[20191]" dev="pipefs" ino=20191 ioctlcmd=0x5413 scontext=u:r:updater_binary:s0 tcontext=u:r:updater:s0 tclass=fifo_file permissive=1
67allow updater_binary updater:fifo_file { write getattr ioctl };
68allowxperm updater_binary updater:fifo_file ioctl { 0x5413 };
69
70# avc: denied { use } for pid=270 comm="updater_binary" path="pipe:[20191]" dev="pipefs" ino=20191 ioctlcmd=0x5413 scontext=u:r:updater_binary:s0 tcontext=u:r:updater:s0 tclass=fd permissive=1
71allow updater_binary updater:fd { use };
72
73#avc: denied { read } for pid=279 comm="updater_binary" name="u:object_r:ohos_boot_param:s0" dev="tmpfs" ino=18 scontext=u:r:updater_binary:s0 tcontext=u:object_r:ohos_boot_param:s0 tclass=file permissive=1
74#avc: denied { open } for pid=279 comm="updater_binary" path="/dev/__parameters__/u:object_r:ohos_boot_param:s0" dev="tmpfs" ino=18 scontext=u:r:updater_binary:s0 tcontext=u:object_r:ohos_boot_param:s0 tclass=file permissive=1
75#avc: denied { map } for pid=279 comm="updater_binary" path="/dev/__parameters__/u:object_r:ohos_boot_param:s0" dev="tmpfs" ino=18 scontext=u:r:updater_binary:s0 tcontext=u:object_r:ohos_boot_param:s0 tclass=file permissive=1
76allow updater_binary ohos_boot_param:file { open map read };
77
78# avc: denied { search } for pid=268 comm="updater_binary" name="/" dev="tmpfs" ino=1 scontext=u:object_r:updater_binary:s0 tcontext=u:object_r:dev_file:s0 tclass=dir permissive=1
79allow updater_binary dev_file:dir { search };
80
81#  avc: denied { read } for pid=268 comm="updater_binary" name="misc" dev="tmpfs" ino=128 scontext=u:object_r:updater_binary:s0 tcontext=u:object_r:dev_file:s0 tclass=lnk_file permissive=1
82allow updater_binary dev_file:lnk_file { read };
83
84#  avc: denied { read } for pid=268 comm="updater_binary" name="urandom" dev="tmpfs" ino=5 scontext=u:object_r:updater_binary:s0 tcontext=u:object_r:dev_random_file:s0 tclass=chr_file permissive=1
85allow updater_binary dev_random_file:chr_file { read };
86
87#avc: denied { search } for pid=268 comm="updater_binary" name="block" dev="tmpfs" ino=94 scontext=u:object_r:updater_binary:s0 tcontext=u:object_r:dev_block_volfile:s0 tclass=dir permissive=1
88allow updater_binary dev_block_volfile:dir { search };
89
90#avc: denied { read } for pid=268 comm="updater_binary" name="by-name" dev="tmpfs" ino=101 scontext=u:object_r:updater_binary:s0 tcontext=u:object_r:dev_block_volfile:s0 tclass=lnk_file permissive=1
91allow updater_binary dev_block_volfile:lnk_file { read };
92
93#avc: denied { read write } for pid=268 comm="updater_binary" name="mmcblk0p2" dev="tmpfs" ino=127 scontext=u:object_r:updater_binary:s0 tcontext=u:object_r:dev_block_file:s0 tclass=blk_file permissive=1
94#avc: denied { open } for pid=270 comm="updater_binary" path="/dev/block/mmcblk0p2" dev="tmpfs" ino=132 scontext=u:r:updater_binary:s0 tcontext=u:object_r:dev_block_file:s0 tclass=blk_file permissive=1
95# avc:  denied  { map } for  pid=267 comm="updater_binary" path="/dev/block/mmcblk0p6" dev="tmpfs" ino=122 scontext=u:r:updater:s0 tcontext=u:object_r:dev_block_file:s0 tclass=blk_file permissive=0
96# avc:  denied  { getattr } for  pid=266 comm="updater_binary" path="/dev/block/mmcblk0p2" dev="tmpfs" ino=128 scontext=u:r:updater_binary:s0 tcontext=u:object_r:dev_block_file:s0 tclass=blk_file permissive=0
97# avc:  denied  { ioctl } for  pid=266 comm="updater_binary" path="/dev/block/mmcblk0p8" dev="tmpfs" ino=120 ioctlcmd=0x1277 scontext=u:r:updater_binary:s0 tcontext=u:object_r:dev_block_file:s0 tclass=blk_file permissive=0
98allow updater_binary dev_block_file:blk_file { read write open map getattr ioctl };
99
100# avc:  denied  { ioctl } for  pid=266 comm="updater_binary" path="/dev/block/mmcblk0p8" dev="tmpfs" ino=120 ioctlcmd=0x1277 scontext=u:r:updater_binary:s0 tcontext=u:object_r:dev_block_file:s0 tclass=blk_file permissive=0
101allowxperm updater_binary dev_block_file:blk_file ioctl { 0x1277 };
102
103# avc: denied { search } for pid=282 comm="updater_binary" name="__parameters__" dev="tmpfs" ino=11 scontext=u:object_r:updater_binary:s0 tcontext=u:object_r:dev_parameters_file:s0 tclass=dir permissive=1
104allow updater_binary dev_parameters_file:dir { search };
105
106# avc: denied { read } for pid=282 comm="updater_binary" name="param_selinux" dev="tmpfs" ino=12 scontext=u:object_r:updater_binary:s0 tcontext=u:object_r:dev_parameters_file:s0 tclass=file permissive=1
107allow updater_binary dev_parameters_file:file { read };
108
109# avc: denied { search } for pid=282 comm="updater_binary" name="/" dev="proc" ino=1 scontext=u:object_r:updater_binary:s0 tcontext=u:object_r:proc_file:s0 tclass=dir permissive=1
110allow updater_binary proc_file:dir { search };
111
112#avc: denied { search } for pid=277 comm="updater_binary" name="277" dev="proc" ino=27311 scontext=u:object_r:updater_binary:s0 tcontext=u:object_r:updater_binary:s0 tclass=dir permissive=1
113allow updater_binary updater_binary:dir { search };
114
115#avc: denied { read } for pid=273 comm="updater_binary" name="by-name" dev="tmpfs" ino=105 scontext=u:object_r:updater_binary:s0 tcontext=u:object_r:dev_block_volfile:s0 tclass=lnk_file permissive=1
116allow updater_binary updater_binary:lnk_file { read };
117
118# avc: denied { search } for pid=277 comm="updater_binary" name="system" dev="rootfs" ino=18624 scontext=u:object_r:updater_binary:s0 tcontext=u:object_r:system_file:s0 tclass=dir permissive=1
119allow updater_binary system_file:dir { search };
120
121# avc: denied { read } for pid=277 comm="updater_binary" name="lib" dev="rootfs" ino=18625 scontext=u:object_r:updater_binary:s0 tcontext=u:object_r:system_lib_file:s0 tclass=lnk_file permissive=1
122allow updater_binary system_lib_file:lnk_file { read };
123
124# avc: denied { search } for pid=280 comm="updater_binary" name="vendor" dev="rootfs" ino=17285 scontext=u:object_r:updater_binary:s0 tcontext=u:object_r:vendor_file:s0 tclass=dir permissive=1
125allow updater_binary vendor_file:dir { search };
126
127# avc: denied { read } for pid=280 comm="updater_binary" name="u:object_r:hook_param:s0" dev="tmpfs" ino=35 scontext=u:object_r:updater_binary:s0 tcontext=u:object_r:hook_param:s0 tclass=file permissive=1
128# avc: denied { open } for pid=273 comm="updater_binary" path="/dev/__parameters__/u:object_r:hook_param:s0" dev="tmpfs" ino=35 scontext=u:object_r:updater_binary:s0 tcontext=u:object_r:hook_param:s0 tclass=file permissive=1
129allow updater_binary hook_param:file { read open };
130
131#avc: denied { read } for pid=279 comm="updater_binary" name="u:object_r:musl_param:s0" dev="tmpfs" ino=40 scontext=u:r:updater_binary:s0 tcontext=u:object_r:musl_param:s0 tclass=file permissive=1
132#avc: denied { open } for pid=270 comm="updater_binary" path="/dev/__parameters__/u:object_r:musl_param:s0" dev="tmpfs" ino=40 scontext=u:r:updater_binary:s0 tcontext=u:object_r:musl_param:s0 tclass=file permissive=1
133#avc: denied { map } for pid=270 comm="updater_binary" path="/dev/__parameters__/u:object_r:musl_param:s0" dev="tmpfs" ino=40 scontext=u:r:updater_binary:s0 tcontext=u:object_r:musl_param:s0 tclass=file permissive=1
134allow updater_binary musl_param:file { read open map };
135
136# avc: denied { read } for pid=270 comm="updater_binary" name="etc" dev="rootfs" ino=17415 scontext=u:r:updater_binary:s0 tcontext=u:object_r:system_etc_file:s0 tclass=lnk_file permissive=1
137allow updater_binary system_etc_file:lnk_file { read };
138
139# avc: denied { read } for pid=273 comm="updater_binary" name="u:object_r:time_param:s0" dev="tmpfs" ino=51 scontext=u:object_r:updater_binary:s0 tcontext=u:object_r:time_param:s0 tclass=file permissive=1
140allow updater_binary time_param:file { read };
141
142# avc: denied { create } for pid=273 comm="updater_binary" scontext=u:object_r:updater_binary:s0 tcontext=u:object_r:updater_binary:s0 tclass=unix_dgram_socket permissive=1
143allow updater_binary updater_binary:unix_dgram_socket { create };
144
145# avc: denied { search } for pid=274 comm="updater_binary" name="unix" dev="tmpfs" ino=7 scontext=u:object_r:updater_binary:s0 tcontext=u:object_r:dev_unix_file:s0 tclass=dir permissive=1
146allow updater_binary dev_unix_file:dir { search };
147
148#avc: denied { search } for pid=270 comm="updater_binary" name="socket" dev="tmpfs" ino=8 scontext=u:r:updater_binary:s0 tcontext=u:object_r:dev_unix_socket:s0 tclass=dir permissive=1
149allow updater_binary dev_unix_socket:dir { search };
150
151# avc: denied { write } for pid=274 comm="updater_binary" name="hilogInput" dev="tmpfs" ino=315 scontext=u:object_r:updater_binary:s0 tcontext=u:object_r:hilog_input_socket:s0 tclass=sock_file permissive=1
152allow updater_binary hilog_input_socket:sock_file { write };
153
154# avc: denied { use } for pid=274 comm="updater_binary" path="/dev/console" dev="rootfs" ino=17230 ioctlcmd=0x5413 scontext=u:object_r:updater_binary:s0 tcontext=u:r:kernel:s0 tclass=fd permissive=1
155allow updater_binary kernel:fd { use };
156
157# avc: denied { search } for pid=270 comm="updater_binary" name="/" dev="mmcblk0p12" ino=3 scontext=u:r:updater_binary:s0 tcontext=u:object_r:data_file:s0 tclass=dir permissive=1
158# avc:  denied  { add_name } for  pid=263 comm="updater_binary" name="updater" scontext=u:r:updater:s0 tcontext=u:object_r:data_file:s0 tclass=dir permissive=0
159# avc:  denied  { create } for  pid=271 comm="updater_binary" name="updater" scontext=u:r:updater:s0 tcontext=u:object_r:data_file:s0 tclass=dir permissive=0
160# avc:  denied  { getattr } for  pid=268 comm="updater_binary" path="/data" dev="mmcblk0p12" ino=3 scontext=u:r:updater_binary:s0 tcontext=u:object_r:data_file:s0 tclass=dir permissive=0
161# avc:  denied  { write } for  pid=266 comm="updater_binary" name="data" dev="rootfs" ino=2725 scontext=u:r:updater_binary:s0 tcontext=u:object_r:data_file:s0 tclass=dir permissive=0
162allow updater_binary data_file:dir { search add_name create getattr write };
163
164#avc: denied { add_name } for pid=279 comm="updater_binary" name="loadScript.us" scontext=u:r:updater_binary:s0 tcontext=u:object_r:data_updater_file:s0 tclass=dir permissive=1
165#avc: denied { search } for pid=270 comm="updater_binary" name="updater" dev="mmcblk0p12" ino=118 scontext=u:r:updater_binary:s0 tcontext=u:object_r:data_updater_file:s0 tclass=dir permissive=1
166#avc: denied { read write } for pid=270 comm="updater_binary" name="updater" dev="mmcblk0p12" ino=118 scontext=u:r:updater_binary:s0 tcontext=u:object_r:data_updater_file:s0 tclass=dir permissive=1
167#avc: denied { getattr } for pid=270 comm="updater_binary" path="/data/updater" dev="mmcblk0p12" ino=118 scontext=u:r:updater_binary:s0 tcontext=u:object_r:data_updater_file:s0 tclass=dir permissive=1
168# avc:  denied  { setattr } for  pid=263 comm="updater_binary" name="update_tmp" dev="mmcblk0p12" ino=3277 scontext=u:r:updater:s0 tcontext=u:object_r:data_updater_file:s0 tclass=dir permissive=0
169# avc:  denied  { remove_name } for  pid=267 comm="updater_binary" name="vendor" dev="mmcblk0p12" ino=4733 scontext=u:r:updater_binary:s0 tcontext=u:object_r:data_updater_file:s0 tclass=dir permissive=0
170# avc:  denied  { create } for  pid=268 comm="updater_binary" name="update_tmp" scontext=u:r:updater_binary:s0 tcontext=u:object_r:data_updater_file:s0 tclass=dir permissive=0
171# avc:  denied  { open } for  pid=270 comm="updater_binary" path="/data/updater/update_tmp" dev="mmcblk0p12" ino=1376 scontext=u:r:updater_binary:s0 tcontext=u:object_r:data_updater_file:s0 tclass=dir permissive=0
172allow updater_binary data_updater_file:dir { open create setattr add_name search read write getattr remove_name };
173allow updater_binary update_firmware_file:dir { open create setattr add_name search read write getattr remove_name };
174
175#avc: denied { read } for pid=270 comm="updater_binary" name="updater.zip" dev="mmcblk0p12" ino=4136 scontext=u:r:updater_binary:s0 tcontext=u:object_r:data_updater_file:s0 tclass=file permissive=1
176#avc: denied { open } for pid=270 comm="updater_binary" path="/data/updater/updater.zip" dev="mmcblk0p12" ino=4136 scontext=u:r:updater_binary:s0 tcontext=u:object_r:data_updater_file:s0 tclass=file permissive=1
177#avc: denied { getattr } for pid=270 comm="updater_binary" path="/data/updater/updater.zip" dev="mmcblk0p12" ino=4136 scontext=u:r:updater_binary:s0 tcontext=u:object_r:data_updater_file:s0 tclass=file permissive=1
178#avc: denied { write } for pid=270 comm="updater_binary" name="update.bin.tmp" dev="mmcblk0p12" ino=5916 scontext=u:r:updater_binary:s0 tcontext=u:object_r:data_updater_file:s0 tclass=file permissive=1
179#avc: denied { create } for pid=279 comm="updater_binary" name="loadScript.us" scontext=u:r:updater_binary:s0 tcontext=u:object_r:data_updater_file:s0 tclass=file permissive=1
180#denied { ioctl } for pid=281 comm="updater_binary" path="/data/updater/update.bin.tmp" dev="mmcblk0p12" ino=6829 ioctlcmd=0x5413 scontext=u:r:updater_binary:s0 tcontext=u:object_r:data_updater_file:s0 tclass=file permissive=1
181# avc:  denied  { rename } for  pid=268 comm="updater_binary" name="vendor" dev="mmcblk0p12" ino=1006 scontext=u:r:updater:s0 tcontext=u:object_r:data_updater_file:s0 tclass=file permissive=0
182# avc:  denied  { setattr } for  pid=268 comm="updater_binary" name="vendor_retry" dev="mmcblk0p12" ino=4748 scontext=u:r:updater_binary:s0 tcontext=u:object_r:data_updater_file:s0 tclass=file permissive=0
183# avc:  denied  { unlink } for  pid=269 comm="updater_binary" name="deaf4cd35457797973b4e888888560b4794df92865f14d616ae99853a484605b" dev="mmcblk0p12" ino=1918 scontext=u:r:updater_binary:s0 tcontext=u:object_r:data_updater_file:s0 tclass=file permissive=0
184allow updater_binary data_updater_file:file { read open getattr write create ioctl rename setattr unlink map};
185allowxperm updater_binary data_updater_file:file ioctl { 0x5413 };
186
187allow updater_binary update_firmware_file:file { read open getattr write create ioctl rename setattr unlink map};
188allowxperm updater_binary update_firmware_file:file ioctl { 0x5413 };
189
190# avc: denied { read } for pid=279 comm="processdump" name="u:object_r:hilog_param:s0" dev="tmpfs" ino=34 scontext=u:r:updater_binary:s0 tcontext=u:object_r:hilog_param:s0 tclass=file permissive=0
191# avc:  denied  { open } for  pid=278 comm="processdump" path="/dev/__parameters__/u:object_r:hilog_param:s0" dev="tmpfs" ino=34 scontext=u:r:updater_binary:s0 tcontext=u:object_r:hilog_param:s0 tclass=file permissive=0
192# avc:  denied  { map } for  pid=278 comm="processdump" path="/dev/__parameters__/u:object_r:hilog_param:s0" dev="tmpfs" ino=34 scontext=u:r:updater_binary:s0 tcontext=u:object_r:hilog_param:s0 tclass=file permissive=0
193allow updater_binary hilog_param:file { read open map };
194
195# avc:  denied  { read write } for  pid=272 comm="processdump" path="/data/log/faultlog/temp/cppcrash-265-1679413199123" dev="mmcblk0p12" ino=8782 scontext=u:r:updater_binary:s0 tcontext=u:object_r:faultloggerd_temp_file:s0 tclass=file permissive=0
196allow updater_binary faultloggerd_temp_file:file { read write };
197
198# avc:  denied  { search } for  pid=279 comm="updater_binary" name="/" dev="mmcblk1p1" ino=1 scontext=u:r:updater_binary:s0 tcontext=u:object_r:exfat:s0 tclass=dir permissive=0
199# avc:  denied  { read write } for  pid=281 comm="updater_binary" name="updater" dev="mmcblk1p1" ino=99 scontext=u:r:updater_binary:s0 tcontext=u:object_r:exfat:s0 tclass=dir permissive=0
200allow updater_binary exfat:dir { search read write };
201
202# avc:  denied  { read } for  pid=270 comm="updater_binary" name="updater.zip" dev="mmcblk1p1" ino=100 scontext=u:r:updater_binary:s0 tcontext=u:object_r:exfat:s0 tclass=file permissive=0
203# avc:  denied  { open } for  pid=270 comm="updater_binary" path="/sdcard/updater/updater.zip" dev="mmcblk1p1" ino=100 scontext=u:r:updater_binary:s0 tcontext=u:object_r:exfat:s0 tclass=file permissive=0
204# avc:  denied  { getattr } for  pid=265 comm="updater_binary" path="/sdcard/updater/updater.zip" dev="mmcblk1p1" ino=100 scontext=u:r:updater_binary:s0 tcontext=u:object_r:exfat:s0 tclass=file permissive=0
205# avc:  denied  { write } for  pid=265 comm="updater_binary" name="update.bin.tmp" dev="mmcblk1p1" ino=101 scontext=u:r:updater_binary:s0 tcontext=u:object_r:exfat:s0 tclass=file permissive=0
206# avc:  denied  { ioctl } for  pid=266 comm="updater_binary" path="/sdcard/updater/build_tools.zip.tmp" dev="mmcblk1p1" ino=102 ioctlcmd=0x5413 scontext=u:r:updater_binary:s0 tcontext=u:object_r:exfat:s0 tclass=file permissive=0
207allow updater_binary exfat:file { read open getattr write ioctl };
208allowxperm updater_binary exfat:file ioctl { 0x5413 };
209
210# avc:  denied  { read write } for  pid=262 comm="updater_binary" name="updater" dev="mmcblk1p1" ino=99 scontext=u:r:updater_binary:s0 tcontext=u:object_r:vfat:s0 tclass=dir permissive=0
211# avc:  denied  { search } for  pid=262 comm="updater_binary" name="/" dev="mmcblk1p1" ino=1 scontext=u:r:updater_binary:s0 tcontext=u:object_r:vfat:s0 tclass=dir permissive=0
212allow updater_binary vfat:dir { search read write };
213
214# avc:  denied  { read } for  pid=268 comm="updater_binary" name="updater.zip" dev="mmcblk1p1" ino=100 scontext=u:r:updater_binary:s0 tcontext=u:object_r:vfat:s0 tclass=file permissive=0
215# avc:  denied  { open } for  pid=267 comm="updater_binary" path="/sdcard/updater/updater.zip" dev="mmcblk1p1" ino=100 scontext=u:r:updater_binary:s0 tcontext=u:object_r:vfat:s0 tclass=file permissive=0
216# avc:  denied  { getattr } for  pid=261 comm="updater_binary" path="/sdcard/updater/updater.zip" dev="mmcblk1p1" ino=100 scontext=u:r:updater_binary:s0 tcontext=u:object_r:vfat:s0 tclass=file permissive=0
217# avc:  denied  { write } for  pid=261 comm="updater_binary" name="update.bin.tmp" dev="mmcblk1p1" ino=101 scontext=u:r:updater_binary:s0 tcontext=u:object_r:vfat:s0 tclass=file permissive=0
218# avc:  denied  { ioctl } for  pid=266 comm="updater_binary" path="/sdcard/updater/build_tools.zip.tmp" dev="mmcblk1p1" ino=102 ioctlcmd=0x5413 scontext=u:r:updater_binary:s0 tcontext=u:object_r:vfat:s0 tclass=file permissive=0
219allow updater_binary vfat:file { read open getattr write ioctl };
220
221# avc:  denied  { ioctl } for  pid=266 comm="updater_binary" path="/sdcard/updater/build_tools.zip.tmp" dev="mmcblk1p1" ino=102 ioctlcmd=0x5413 scontext=u:r:updater_binary:s0 tcontext=u:object_r:vfat:s0 tclass=file permissive=0
222allowxperm updater_binary vfat:file ioctl { 0x5413 };
223
224# avc:  denied  { search } for  pid=268 comm="updater_binary" name="/" dev="mmcblk1p1" ino=1 scontext=u:r:updater_binary:s0 tcontext=u:object_r:ntfs:s0 tclass=dir permissive=0
225allow updater_binary ntfs:dir { search read write };
226
227# avc:  denied  { read } for  pid=276 comm="updater_binary" name="updater.zip" dev="mmcblk1p1" ino=65 scontext=u:r:updater_binary:s0 tcontext=u:object_r:ntfs:s0 tclass=file permissive=0
228# avc:  denied  { ioctl } for  pid=268 comm="updater_binary" path="/sdcard/updater/build_tools.zip.tmp" dev="mmcblk1p1" ino=67 ioctlcmd=0x5413 scontext=u:r:updater_binary:s0 tcontext=u:object_r:ntfs:s0 tclass=file permissive=0
229allow updater_binary ntfs:file { read open getattr write ioctl };
230
231# avc:  denied  { ioctl } for  pid=268 comm="updater_binary" path="/sdcard/updater/build_tools.zip.tmp" dev="mmcblk1p1" ino=67 ioctlcmd=0x5413 scontext=u:r:updater_binary:s0 tcontext=u:object_r:ntfs:s0 tclass=file permissive=0
232allowxperm updater_binary ntfs:file ioctl { 0x5413 };
233
234allow updater_binary tmpfs:dir { read write add_name };
235
236# avc:  denied  { map } for  pid=272 comm="updater_binary" path="/dev/__parameters__/u:object_r:debug_param:s0" dev="tmpfs" ino=38 scontext=u:r:updater_binary:s0 tcontext=u:object_r:debug_param:s0 tclass=file permissive=1
237# avc:  denied  { open } for  pid=272 comm="updater_binary" path="/dev/__parameters__/u:object_r:debug_param:s0" dev="tmpfs" ino=38 scontext=u:r:updater_binary:s0 tcontext=u:object_r:debug_param:s0 tclass=file permissive=1
238# avc:  denied  { read } for  pid=272 comm="updater_binary" name="u:object_r:debug_param:s0" dev="tmpfs" ino=38 scontext=u:r:updater_binary:s0 tcontext=u:object_r:debug_param:s0 tclass=file permissive=1
239allow updater_binary debug_param:file { map open read };
240
241allow updater_binary data_file:file { setattr write create };
242
243allow updater_binary exfat:file { map };
244allow updater_binary ntfs:file { map };
245allow updater_binary vfat:file { map };
246
247# avc: denied { execute_no_trans } for pid=267 comm="updater" path="/tmp/updater_binary" dev="tmpfs" ino=5 scontext=u:r:updater_binary:s0 tcontext=u:object_r:updater_binary_exec:s0 tclass=file permissive=0
248allow updater_binary updater_binary_exec:file { execute_no_trans };
249
250# avc: denied { ioctl } for pid=267 comm="updater" path="/dev/dri/card0" dev="tmpfs" ino=93 ioctlcmd=0x6409 scontext=u:r:updater_binary:s0 tcontext=u:object_r:dev_dri_file:s0 tclass=chr_file permissive=0
251allow updater_binary dev_dri_file:chr_file { ioctl };
252
253# avc: denied { ioctl } for pid=267 comm="updater" path="/dev/dri/card0" dev="tmpfs" ino=93 ioctlcmd=0x6409 scontext=u:r:updater_binary:s0 tcontext=u:object_r:dev_dri_file:s0 tclass=chr_file permissive=0
254# avc: denied { ioctl } for pid=267 comm="updater" path="/dev/dri/card0" dev="tmpfs" ino=93 ioctlcmd=0x64af scontext=u:r:updater_binary:s0 tcontext=u:object_r:dev_dri_file:s0 tclass=chr_file permissive=0
255allowxperm updater_binary dev_dri_file:chr_file ioctl { 0x6409 0x64af };
256
257allow updater_binary updater_block_file:blk_file { read write open map getattr ioctl };
258allowxperm updater_binary updater_block_file:blk_file ioctl { 0x1277 };
259')
260allow updater_binary self:xpm { exec_no_sign };
261