1# Configuring an OpenHarmony SELinux Policy for an SA or HDF Service 2 3## SA 4 5**Scenario** 6 7After a process registers an SA with Samgr, other processes need to obtain the SA before starting IPC with the process. If the SA provider does not assign an SELinux label for the SA, SELinux will assign the **u:object_r:default_service:s0** label to the SA. The access to default_service will be denied by the **neverallow** rule. 8 9**Procedure** 10 111. In the **service_contexts** file, add the mapping between the SAID and the SA label. 12 ```text 13 10 u:object_r:sa_render_service:s0 14 ``` 15 162. In the **type.te** file, add the type, for example, **isa_render_service**, to make the label valid. 17 ```text 18 type sa_render_service, sa_service_attr 19 ``` 20 21## HDF Service 22 23**Scenario** 24 25After a process registers an HDF service with hdf_devmgr, other processes need to obtain the HDF service before starting IPC with the process. If the HDF provider does not assign an SELinux label for the HDF service, SELinux will assign the **u:object_r:hdf_default_service:s0** label for the HDF service. The access to hdf_default_service will be denied by the **neverallow** rule. 26 27 28**Procedure** 29 301. In the **service_contexts** file, add the mapping between the HDF service name and the HDF label. 31 ```text 32 thermal_interface_service u:object_r:hdf_thermal_interface_service:s0 33 ``` 34 352. In the **type.te** file, add the type, for example, **hdf_thermal_interface_service**, to make the label valid. 36 ```text 37 type hdf_thermal_interface_service, hdf_service_attr 38 ``` 39