# Copyright (c) 2022-2023 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. #avc: denied { search } blue_host data_file tclass=dir allow blue_host data_file:dir { search }; #avc: denied { search } blue_host data_vendor tclass=dir allow blue_host data_vendor:dir { search }; #avc: denied { read } blue_host vendor_file tclass=file #avc: denied { open } blue_host vendor_file tclass=file allow blue_host vendor_file:file { read open }; #avc: denied { open } blue_host tmpfs tclass=file allow blue_host tmpfs:file { open }; #avc: denied { get } for service=hdf_device_manager pid=362 scontext=u:r:blue_host:s0 tcontext=u:object_r:hdf_device_manager:s0 tclass=hdf_devmgr_class permissive=1 #avc: denied { add } for service=hci_interface_service pid=362 scontext=u:r:blue_host:s0 tcontext=u:object_r:hdf_hci_interface_service:s0 tclass=hdf_devmgr_class permissive=1 allow blue_host hdf_device_manager:hdf_devmgr_class { get }; allow blue_host hdf_hci_interface_service:hdf_devmgr_class { add }; allow blue_host blue_host:capability { net_admin }; allow blue_host bluetooth_service:binder { call }; allow blue_host bootevent_param:file { map open read }; allow blue_host bootevent_samgr_param:file { map open read }; allow blue_host build_version_param:file { map open read }; allow blue_host const_allow_mock_param:file { map open read }; allow blue_host const_allow_param:file { map open read }; allow blue_host const_build_param:file { map open read }; allow blue_host const_display_brightness_param:file { map open read }; allow blue_host const_param:file { map open read }; allow blue_host const_postinstall_fstab_param:file { map open read }; allow blue_host const_postinstall_param:file { map open read }; allow blue_host const_product_param:file { map open read }; allow blue_host debug_param:file { map open read }; allow blue_host default_param:file { map open read }; allow blue_host dev_hdf_kevent:chr_file { getattr ioctl open read write }; allow blue_host dev_unix_socket:dir { search }; allow blue_host distributedsche_param:file { map open read }; allow blue_host hdf_devmgr:binder { call transfer }; allow blue_host hilog_param:file { map open read }; allow blue_host hw_sc_build_os_param:file { map open read }; allow blue_host hw_sc_build_param:file { map open read }; allow blue_host hw_sc_param:file { map open read }; allow blue_host init_param:file { map open read }; allow blue_host init_svc_param:file { map open read }; allow blue_host input_pointer_device_param:file { map open read }; allow blue_host net_param:file { map open read }; allow blue_host net_tcp_param:file { map open read }; allow blue_host ohos_boot_param:file { map open read }; allow blue_host ohos_param:file { map open read }; allow blue_host persist_param:file { map open read }; allow blue_host persist_sys_param:file { map open read }; allow blue_host sa_device_service_manager:samgr_class { get }; allow blue_host samgr:binder { call }; allow blue_host security_param:file { map open read }; allow blue_host startup_param:file { map open read }; allow blue_host sys_file:file { open read read open write }; allow blue_host sys_param:file { map open read }; allow blue_host system_bin_file:dir { search }; allow blue_host sys_usb_param:file { map open read }; allow blue_host tty_device:chr_file { ioctl open read write }; allow blue_host vendor_etc_file:dir { search }; allow blue_host vendor_etc_file:file { getattr open read }; allowxperm blue_host dev_hdf_kevent:chr_file ioctl { 0x6201 0x6202 0x6203 }; allowxperm blue_host tty_device:chr_file ioctl { 0x5401 0x5402 0x540b }; #avc: denied { add_name } for pid=987 comm="IPC_3_3086" name="bluetooth" dev="sdd78" ino=7746 scontext=u:r:blue_host:s0 tcontext=u:object_r:data_vendor:s0 tclass=dir permissive=0 #avc: denied { write } for pid=990 comm="IPC_0_1010" name="bluetooth" dev="sdd78" ino=7746 scontext=u:r:blue_host:s0 tcontext=u:object_r:data_vendor:s0 tclass=dir permissive=0 allow blue_host data_vendor:dir { add_name write }; #avc: denied { create } for pid=986 comm="IPC_3_2618" name="btmac.txt" scontext=u:r:blue_host:s0 tcontext=u:object_r:data_vendor:s0 tclass=file permissive=0 #avc: denied { read write open } for pid=1007 comm="IPC_1_1005" path="/data/vender/bluetooth/btmac.txt" dev="sdd78" ino=8371 scontext=u:r:blue_host:s0 tcontext=u:object_r:data_vendor:s0 tclass=file permissive=0 #avc: denied { read } for pid=1007 comm="IPC_3_3026" name="btmac.txt" dev="sdd78" ino=8371 scontext=u:r:blue_host:s0 tcontext=u:object_r:data_vendor:s0 tclass=file permissive=0 #avc: denied { read write } for pid=1007 comm="IPC_3_3026" name="btmac.txt" dev="sdd78" ino=8371 scontext=u:r:blue_host:s0 tcontext=u:object_r:data_vendor:s0 tclass=file permissive=0 allow blue_host data_vendor:file { create read write open };