# Copyright (c) 2022-2024 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License allow hiperf const_allow_mock_param:file { map open read }; allow hiperf const_allow_param:file { map open read }; allow hiperf const_build_param:file { map open read }; allow hiperf const_param:file { map open read }; allow hiperf const_postinstall_fstab_param:file { map open read }; allow hiperf const_postinstall_param:file { map open read }; allow hiperf data_test_file:file { write }; allow hiperf data_file:file { getattr ioctl map open read }; allow hiperf default_param:file { map open read }; allow hiperf distributedsche_param:file { map open read }; allow hiperf hdcd:fd use; allow hiperf hdcd_exec:file { getattr map open read }; allow hiperf hw_sc_build_os_param:file { map open read }; allow hiperf hw_sc_build_param:file { map open read }; allow hiperf hw_sc_param:file { map open read }; allow hiperf init_param:file { map open read }; allow hiperf init_svc_param:file { map open read }; allow hiperf input_pointer_device_param:file { map open read }; allow hiperf net_param:file { map open read }; allow hiperf net_tcp_param:file { map open read }; allow hiperf normal_hap_attr:dir { getattr open read search }; allow hiperf normal_hap_attr:process signull; allow hiperf ohos_boot_param:file { map open read }; allow hiperf ohos_param:file { map open read }; allow hiperf proc_buddyinfo_file:file getattr; allow hiperf proc_cgroups_file:file getattr; allow hiperf proc_cmdline_file:file getattr; allow hiperf proc_config_gz_file:file getattr; allow hiperf proc_cpuinfo_file:file getattr; allow hiperf proc_diskstats_file:file getattr; allow hiperf proc_file:file { ioctl write }; allow hiperf proc_filesystems_file:file getattr; allow hiperf proc_interrupts_file:file getattr; allow hiperf proc_iomem_file:file getattr; allow hiperf proc_keys_file:file getattr; allow hiperf proc_kmsg_file:file getattr; allow hiperf proc_loadavg_file:file getattr; allow hiperf proc_meminfo_file:file { getattr open read }; allow hiperf proc_misc_file:file getattr; allow hiperf proc_modules_file:file { getattr open read }; allow hiperf proc_pagetypeinfo_file:file getattr; allow hiperf proc_partitions_file:file getattr; allow hiperf proc_rkisp_vir0_file:file getattr; allow hiperf proc_slabinfo_file:file getattr; allow hiperf proc_softirqs_file:file getattr; allow hiperf proc_stat_file:file getattr; allow hiperf proc_swaps_file:file getattr; allow hiperf proc_sysrq_trigger_file:file getattr; allow hiperf proc_timer_list_file:file getattr; allow hiperf proc_uptime_file:file getattr; allow hiperf proc_version_file:file getattr; allow hiperf proc_vmallocinfo_file:file getattr; allow hiperf proc_vmstat_file:file getattr; allow hiperf proc_zoneinfo_file:file getattr; allow hiperf samain_exec:file { getattr map open read }; allow hiperf sys_param:file { map open read }; allow hiperf sys_usb_param:file { map open read }; allow hiperf tracefs:dir { open read search }; allow hiperf tracefs:file { getattr open read write ioctl }; allowxperm hiperf tracefs:file ioctl { 0x5413 }; allow hiperf tty_device:chr_file { read write }; allow hiperf appspawn_exec:file { getattr map open read }; allow hiperf bootevent_param:file { map open read }; allow hiperf bootevent_samgr_param:file { map open read }; allow hiperf build_version_param:file { map open read }; allow hiperf const_display_brightness_param:file { map open read }; allow hiperf const_product_param:file { map open read }; allow hiperf debug_param:file { map open read }; allow hiperf devpts:chr_file { read write }; allow hiperf hdcd:unix_stream_socket { read write }; allow hiperf hilog_param:file { map open read }; allow hiperf hilogd_exec:file { getattr map open read }; allow hiperf persist_param:file { map open read }; allow hiperf persist_sys_param:file { map open read }; allow hiperf proc_file:file { getattr open read }; allow hiperf security_param:file { map open read }; allow hiperf self:perf_event { cpu kernel open read write }; allow hiperf startup_param:file { map open read }; allow hiperf wifi_hal_service_exec:file { getattr map open read }; allow hiperf hiview_exec:file { getattr map open read }; allow hiperf storage_daemon_exec:file { getattr map open read }; allow hiperf data_file:dir search; allow hiperf dev_unix_socket:dir search; allow hiperf system_bin_file:dir search; allow hiperf data_local:dir search; allow hiperf hiprofiler_plugins:unix_stream_socket { read write }; allow hiperf rootfs:file read; allow hiperf sh_exec:file { getattr map open read }; allow hiperf sysfs_kernel_notes:file { open read }; allow hiperf system_bin_file:file { execute execute_no_trans getattr map open read }; allow hiperf toybox_exec:file { execute execute_no_trans getattr map open read }; allow hiperf tmpfs:file { read write }; allow hiperf hiprofiler_plugins:fd use; allow hiperf hiprofilerd:fd use; allow hiperf hiprofiler_plugins:fifo_file { ioctl write }; allow hiperf watchdog_service_exec:file { getattr map open read }; allow hiperf data_local_tmp:fifo_file { create open read unlink write }; allow hiperf hdf_devmgr_exec:file { getattr map open read }; allow hiperf proc_cpuinfo_file:file { open read }; allow hiperf sysfs_devices_system_cpu:file { open read }; allow hiperf uinput_inject_exec:file { getattr map open read }; allow hiperf vendor_bin_file:dir search; allow hiperf domain:dir { add_name getattr search open read write }; allow hiperf domain:file { getattr map open read }; allow hiperf camera_service:dir { open read }; allow hiperf camera_service:process signull; allow hiperf drm_service:dir { open read }; allow hiperf drm_service:process signull; allow hiperf data_file:dir { add_name getattr open read write }; allow hiperf dev_mali:chr_file { getattr open read }; allow hiperf distributedfiledaemon:dir { open read }; allow hiperf distributedfiledaemon:process signull; allow hiperf hdcd:dir { open read }; allow hiperf hdcd:process signull; allow hiperf init:dir { open read }; allow hiperf init:process signull; allow hiperf render_service:dir { open read }; allow hiperf render_service:process signull; allow hiperf render_service_exec:file { getattr map open read }; allow hiperf rootfs:dir read; allow hiperf self:perf_event tracepoint; allow hiperf system_basic_hap_attr:dir { open read }; allow hiperf system_basic_hap_attr:process signull; allow hiperf system_bin_file:lnk_file read; allow hiperf toybox_exec:lnk_file read; allow hiperf ui_service:dir { open read }; allow hiperf ui_service:process signull; allow hiperf hiview:process signull; allow hiperf domain:process signull; allow hiperf accessibility_param:file { map open read }; allow hiperf ohos_dev_param:file { map open read }; allow hiperf data_log_hiperf_file:dir { create_dir_perms }; allow hiperf data_log_hiperf_file:file { create_file_perms }; allow hiperf data_log_hiperf_file:fifo_file { create open read unlink write }; allow hiperf data_local_tmp_hiperf_file:dir { create_dir_perms }; allow hiperf data_local_tmp_hiperf_file:file { create_file_perms }; allow hiperf data_local_tmp_hiperf_file:fifo_file { create open read unlink write }; allow hiperf data_log:dir { add_name open read search watch write create remove_name }; allow hiperf data_log:file { create getattr lock map open read rename ioctl write unlink }; allow hiperf data_app_el1_file:file { getattr map open read }; allow hiperf data_app_el1_file:dir search; allow hiperf normal_hap_attr:lnk_file read; allow hiperf chip_prod_file:dir search; allow hiperf chip_prod_file:file { getattr map open read }; allow hiperf sys_file:file { getattr open read }; allow hiperf sysfs_devices_system_cpu:file getattr; allow hiperf udevd_exec:file { getattr map open read }; allow hiperf ueventd_exec:file read; allow hiperf vendor_bin_file:file { getattr map open read }; allow init data_log:file relabelfrom; allow init data_log_hiperf_file:dir relabelto; #allow hiperf data_file:file { create write }; #allow hiperf devpts:chr_file ioctl; debug_only(` allow hiperf self:capability { setgid }; allow hiperf self:capability2 syslog; ') developer_only(` allow hiperf sh:dir { getattr open read search }; allow hiperf sh:fd use; allow hiperf sh:fifo_file { read write }; allow hiperf sh:process signull; ') allow hiperf data_local_tmp:file { create getattr ioctl map open read rename unlink write }; allow hiperf data_local_tmp:dir { open read add_name remove_name search write }; allow hiperf self:capability2 perfmon; allow hiperf self:capability { sys_ptrace ipc_lock }; allow hiperf self:perf_event { open read write kernel }; neverallow hiperf *:process ptrace; neverallow { domain -hiperf -init -hiebpf } self:perf_event ~{ open read write kernel }; allow hiperf musl_param:file { open map read }; allow hiperf dev_console_file:chr_file { read write }; allow hiperf musl_param:file { open map read }; allow hiperf security_param:parameter_service { set }; allow hiperf hiviewdfx_profiler_param:parameter_service { set }; allow hiperf paramservice_socket:sock_file { read write }; allow hiperf kernel:unix_stream_socket connectto; allow hiperf sa_foundation_bms:samgr_class get; allow hiperf sa_param_watcher:samgr_class get; allow hiperf foundation:binder call; allow hiperf samgr:binder { call }; allow hiperf param_watcher:binder { call transfer }; allow hiperf tracefs_trace_marker_file:file { open write }; allow hiperf hilog_exec:file { getattr map open read }; allow hiperf rootfs:file { ioctl }; allow hiperf ueventd_exec:file { getattr map open }; allow hiperf dev_file:dir getattr; allow samgr hiperf:file { read open }; allow samgr hiperf:dir { search }; allow samgr hiperf:process { getattr }; allow samgr hiperf:binder { call transfer }; allow hiperf dev_bbox:chr_file { read }; allow hiperf sysfs_devices_system_cpu:dir { read open }; allow hiperf hiview:fd { use }; allow hiperf hiview:unix_dgram_socket { read write }; allow hiperf hiview:fifo_file { read write }; allow hiperf hiview_file:file { read write }; allow hiview hiperf:process sigkill; allow hiview data_local:dir { search }; allow hiview proc_file:file { getattr }; allow hiview debug_param:parameter_service { set }; allow hiperf system_file:file { getattr open read }; allow hiperf SP_daemon_exec:file { getattr open read }; allow hiperf data_local_arkcache:dir { search }; allow hiperf data_local_arkcache:file { getattr open read }; allow hiperf app_el1_bundle_public:dir { getattr open read search }; allow hiperf app_el1_bundle_public:file { getattr map open read }; allow hiperf deviceauth_service_exec:file { getattr map open read }; allow hiperf faultloggerd_exec:file { getattr map open read }; allow hiperf hidumper_exec:file { getattr map open read }; allow hiperf hiprofiler_cmd_exec:file { getattr map open read }; allow hiperf hiprofiler_plugins_exec:file { getattr map open read }; allow hiperf hiprofilerd_exec:file { getattr map open read }; allow hiperf hisysevent_exec:file { getattr map open read }; allow hiperf hitrace_exec:file { getattr map open read }; allow hiperf init_exec:file { getattr map open read }; allow hiperf sys_prod_file:dir { search }; allow hiperf sys_prod_file:file { getattr map open read }; allow hiperf system_usr_file:file { getattr map open read }; allow hiperf data_service_el1_file:file { getattr map open read }; allow hiperf init_exec:file { getattr map open read }; allow hiperf render_service_exec:file { getattr map open read }; allow hiperf isolated_render:lnk_file { read };