1# Copyright (c) 2022-2023 Huawei Device Co., Ltd. 2# Licensed under the Apache License, Version 2.0 (the "License"); 3# you may not use this file except in compliance with the License. 4# You may obtain a copy of the License at 5# 6# http://www.apache.org/licenses/LICENSE-2.0 7# 8# Unless required by applicable law or agreed to in writing, software 9# distributed under the License is distributed on an "AS IS" BASIS, 10# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11# See the License for the specific language governing permissions and 12# limitations under the License. 13 14#avc: denied { use } for pid=4361 comm="com.example.web" path="/data/storage/el1/bundle/entry/resources/rawfile/vp8.webm" dev="mmcblk0p11" ino=523748 scontext=u:r:media_service:s0 tcontext=u:r:normal_hap:s0 tclass=fd permissive=1 15allow media_service normal_hap_attr:fd { use }; 16 17#avc: denied { read } for pid=4361 comm="com.example.web" path="/data/storage/el1/bundle/entry/resources/rawfile/vp8.webm" dev="mmcblk0p11" ino=523748 scontext=u:r:media_service:s0 tcontext=u:object_r:data_app_el1_file:s0 tclass=file permissive=1 18allow media_service data_app_el1_file:file { read }; 19 20 21#avc: denied { use } for pid=2169 comm="com.example.web" path="/dmabuf:" dev="dmabuf" ino=523748 scontext=u:r:media_service:s0 tcontext=u:object_r:allocator_host:s0 tclass=fd permissive=1 22allow media_service allocator_host:fd { use }; 23 24#avc: denied { write } for pid=464 comm="task3" name="dnsproxyd" dev="tmpfs" ino=376 scontext=u:r:media_service:s0 tcontext=u:object_r:dev_file:s0 tclass=sock_file permissive=0 25allow media_service dev_file:sock_file { write }; 26 27#avc: denied { bind } for pid=474 comm="task3" scontext=u:r:media_service:s0 tcontext=u:r:media_service:s0 tclass=udp_socket permissive=1 28#avc: denied { write } for pid=474 comm="task3" lport=40461 scontext=u:r:media_service:s0 tcontext=u:r:media_service:s0 tclass=udp_socket permissive=1 29#avc: denied { read } for pid=474 comm="task3" lport=40461 scontext=u:r:media_service:s0 tcontext=u:r:media_service:s0 tclass=udp_socket permissive=1 30#avc: denied { connect } for pid=474 comm="task3" scontext=u:r:media_service:s0 tcontext=u:r:media_service:s0 tclass=udp_socket permissive=1 31#avc: denied { getattr } for pid=474 comm="task3" laddr=7.247.195.86 lport=33376 faddr=183.2.193.238 fport=65535 scontext=u:r:media_service:s0 tcontext=u:r:media_service:s0 tclass=udp_socket permissive=1 32allow media_service media_service:udp_socket { bind write read connect getattr }; 33 34#avc: denied { connectto } for pid=474 comm="task3" path="/dev/dnsproxyd" scontext=u:r:media_service:s0 tcontext=u:r:netsysnative:s0 tclass=unix_stream_socket permissive=1 35allow media_service netsysnative:unix_stream_socket { connectto }; 36 37#avc: denied { node_bind } for pid=474 comm="task3" scontext=u:r:media_service:s0 tcontext=u:object_r:node:s0 tclass=udp_socket permissive=1 38allow media_service node:udp_socket { node_bind }; 39 40#avc: denied { getopt } for pid=474 comm="task3" laddr=7.247.195.86 lport=35616 faddr=49.7.37.71 fport=443 scontext=u:r:media_service:s0 tcontext=u:r:media_service:s0 tclass=tcp_socket permissive=1 41#avc: denied { getattr } for pid=474 comm="task3" laddr=7.247.195.86 lport=35616 faddr=49.7.37.71 fport=443 scontext=u:r:media_service:s0 tcontext=u:r:media_service:s0 tclass=tcp_socket permissive=1 42#avc: denied { write } for pid=474 comm="task3" path="socket:[31752]" dev="sockfs" ino=31752 scontext=u:r:media_service:s0 tcontext=u:r:media_service:s0 tclass=tcp_socket permissive=1 43#avc: denied { read } for pid=474 comm="task3" path="socket:[31752]" dev="sockfs" ino=31752 scontext=u:r:media_service:s0 tcontext=u:r:media_service:s0 tclass=tcp_socket permissive=1 44allow media_service media_service:tcp_socket { getattr getopt read write }; 45