# Copyright (c) 2023 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License allow hiebpf data_file:dir search; allow hiebpf devpts:chr_file { read write }; allow hiebpf hdcd:fd use; allow hiebpf hdcd:unix_stream_socket { read write }; allow hiebpf hiview_exec:file { getattr map open read }; allow hiebpf hiview_file:dir search; allow hiebpf tmpfs:file { getattr open }; allow hiebpf tty_device:chr_file { read write }; allow hiebpf data_service_file:dir search; allow hiebpf foundation:dir search; allow hiebpf foundation:file { getattr open read }; allow hiebpf hidumper_service:file read; allow hiebpf normal_hap_attr:file read; allow hiebpf domain:dir { open read getattr search }; allow hiebpf domain:file { open read getattr }; allow hiebpf system_bin_file:dir search; allow hiebpf system_bin_file:file { getattr map open read }; allow hiebpf toybox_exec:file { getattr map open read }; allow hiebpf self:perf_event { cpu kernel open write }; debug_only(` allow hiebpf data_local_tmp:dir { add_name search write remove_name }; allow hiebpf data_local_tmp:file { read write create map open getattr ioctl link unlink }; allow hiebpf self:capability { sys_ptrace sys_resource sys_admin }; allow hiebpf self:capability2 { perfmon }; allow hiebpf sh:fd use; ') allow hiebpf data_local:dir search; allow hiebpf hilogd_exec:file { open read }; allow hiebpf proc_file:file { getattr open read }; allow hiebpf samain_exec:file { getattr map open read }; allow hiebpf appspawn_exec:file { getattr map open read }; allow hiebpf data_service_el1_file:dir search; allow hiebpf data_service_el1_file:file { getattr open read }; allow hiebpf self:bpf { map_create map_read map_write prog_load prog_run }; allow hiebpf self:capability2 { bpf }; allow hiebpf sys_file:file read; allow hiebpf system_usr_file:dir search; allow hiebpf system_usr_file:file read; allow hiebpf vendor_bin_file:dir search; allow hiebpf vendor_bin_file:file { getattr map open read }; allow hiebpf data_service_el1_file:file map; allow hiebpf hdf_devmgr_exec:file read; allow hiebpf hiview_file:file { getattr map open read }; allow hiebpf init_exec:file { getattr map open read }; allow hiebpf render_service_exec:file { getattr map open read }; allow hiebpf sys_file:file { getattr open }; allow hiebpf system_usr_file:file { getattr map open }; allow hiebpf hdcd_exec:file { getattr map open read }; allow hiebpf hilogd_exec:file { getattr map }; allow hiebpf uinput_inject_exec:file { getattr map open read }; allow hiebpf dev_unix_socket:dir { add_name remove_name search write }; allow hiebpf dev_unix_socket:sock_file { create unlink }; allow hiebpf hiprofiler_plugins:fd use; allow hiebpf hiprofiler_plugins:fifo_file { ioctl write }; allow hiebpf hiprofiler_plugins:unix_stream_socket { read write }; allow hiebpf hiprofilerd:fd use; allow hiebpf rootfs:file read; allow hiebpf sh_exec:file read; allow hiebpf tracefs:dir search; allow hiebpf tracefs:file { open read write }; allow hiebpf powermgr:dir search; allow hiebpf powermgr:file { getattr open read };