# Copyright (c) 2022-2024 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. init_daemon_domain(hiview); define(`use_hisysevent', ` allow $1 hisysevent_socket:sock_file write; ') use_hisysevent({ domain -kernel }) allow hiview hiview:capability2 { syslog }; allow hiview hiview:dir { search }; allow hiview hiview_exec:file { entrypoint execute map read }; allow hiview hiview:capability { sys_ptrace }; neverallow hiview *:process ptrace; allow hiview hiview:unix_dgram_socket { getopt setopt }; allow hiview init:unix_dgram_socket { getattr getopt read write setopt }; allow hiview init:unix_stream_socket { connectto }; allow hiview faultloggerd:unix_stream_socket { connectto }; allow hiview hiview_file:dir { search getattr read open write add_name remove_name rmdir }; allow hiview hiview_file:file { getattr setattr append ioctl unlink map read write getattr open lock rename }; allow hiview data_file:dir { search }; allow hiview data_log:dir { add_name open read search watch write create remove_name }; #avc: denied { ioctl } for pid=2354 comm="plat_shared" path="/data/log/faultlog/JS_ERROR1501989881389" dev="mmcblk0p15" ino=9492 ioctlcmd=0x5413 scontext=u:r:hiview:s0 tcontext=u:object_r:data_log:s0 tclass=file permissive=1 allow hiview data_log:file { create getattr lock map open read write unlink rename append ioctl }; allowxperm hiview data_log:file ioctl { 0x5413 0xf546 0xf547 }; allow hiview data_system:dir { search getattr }; allow hiview system_etc_file:dir { open read }; allow hiview system_bin_file:dir { search }; allow hiview system_bin_file:file { read execute entrypoint }; allow hiview system_bin_file:lnk_file { read }; allow hiview toybox_exec:file { read execute entrypoint getattr map open }; allow hiview toybox_exec:lnk_file { read }; allow hiview sys_file:dir { read open }; allow hiview sys_file:file { read open }; allow hiview dev_bbox:chr_file { ioctl read open }; allow hiview normal_hap_attr:dir { getattr open read search }; allow hiview normal_hap_attr:file { getattr open read }; allow hiview proc_cpuinfo_file:file { read open }; allow hiview rootfs:chr_file { read write }; allow hiview faultloggerd_temp_file:file { getattr }; allow hiview faultloggerd:fifo_file { read }; allow hiview system_basic_hap_attr:dir { search }; allow hiview system_basic_hap_attr:file { getattr read open }; allow hiview system_core_hap_attr:file { getattr read open }; allow hiview usage_report_exec:file { getattr read open execute_no_trans map execute }; allow hiview vendor_bin_file:dir { search }; allow hiview proc_meminfo_file:file { open read }; allow hiview data_init_agent:dir { search }; allow hiview data_init_agent:file { ioctl open read append }; allow hiview foundation:binder { call transfer }; allow hiview init:binder { call transfer }; allow hiview samgr:binder { call transfer }; allow hiview tmpfs:lnk_file { read }; allow hiview time_service:binder { call transfer }; allow hiview param_watcher:binder { call transfer }; binder_call(hiview, powermgr); allow hiview hdcd:binder { call transfer }; allow hiview resource_schedule_service:binder { call transfer }; allow hiview normal_hap_attr:binder { call transfer }; allow hiview system_basic_hap_attr:binder { call transfer }; allow hiview system_core_hap_attr:binder { call transfer }; allow hiview accountmgr:binder { call transfer }; allow hiview device_usage_stats_service:binder { call transfer }; allow hiview dev_unix_socket:dir { search }; allow hiview dev_unix_socket:sock_file { write }; allow hiview faultloggerd_socket:sock_file { write }; allow hiview tracefs:dir { search }; allow hiview tracefs_trace_marker_file:file { write open }; allow hiview vendor_lib_file:dir { search }; allow hiview vendor_lib_file:file { read open getattr map execute }; allow hiview bgtaskmgr_service:dir { search }; allow hiview bgtaskmgr_service:file { open read }; allowxperm hiview dev_bbox:chr_file ioctl { 0x4264 }; allowxperm hiview dev_bbox:chr_file ioctl { 0x4266 }; allowxperm hiview dev_bbox:chr_file ioctl { 0x426f }; #avc: denied { get } for service=3301 pid=618 scontext=u:r:hiview:s0 tcontext=u:object_r:sa_powermgr_powermgr_service:s0 tclass=samgr_class permissive=1 allow hiview sa_powermgr_powermgr_service:samgr_class { get }; allow hiview sa_powermgr_displaymgr_service:samgr_class { get }; allowxperm hiview data_init_agent:file ioctl { 0x5413 }; allow hiview sa_sys_event_service:samgr_class { add get }; allow hiview sa_hiview_service:samgr_class { add get }; allow hiview sa_hiview_faultlogger_service:samgr_class { add get }; #avc: denied { read write } for pid=1955 comm="hiview" path="/dev/console" dev="tmpfs" ino=19 scontext=u:r:hiview:s0 tcontext=u:object_r:dev_console_file:s0 tclass=chr_file permissive=0 allow hiview dev_console_file:chr_file { read write }; #avc: denied { write } for pid=1961 comm="hiview" name="paramservice" dev="tmpfs" ino=28 scontext=u:r:hiview:s0 tcontext=u:object_r:paramservice_socket:s0 tclass=sock_file permissive=0 allow hiview paramservice_socket:sock_file { write }; #avc: denied { connectto } for pid=1130 comm="hiview" path="/dev/unix/socket/paramservice" scontext=u:r:hiview:s0 tcontext=u:r:kernel:s0 tclass=unix_stream_socket permissive=0 allow hiview kernel:unix_stream_socket { connectto }; #avc: denied { read } for pid=4200 comm="usage_report" name="u:object_r:musl_param:s0" dev="tmpfs" ino=53 scontext=u:r:hiview:s0 tcontext=u:object_r:musl_param:s0 tclass=file permissive=0 #avc: denied { open } for pid=1594 comm="hiview" path="/dev/__parameters__/u:object_r:musl_param:s0" dev="tmpfs" ino=53 scontext=u:r:hiview:s0 tcontext=u:object_r:musl_param:s0 tclass=file permissive=0 #avc: denied { map } for pid=1594 comm="hiview" path="/dev/__parameters__/u:object_r:musl_param:s0" dev="tmpfs" ino=53 scontext=u:r:hiview:s0 tcontext=u:object_r:musl_param:s0 tclass=file permissive=0 allow hiview musl_param:file { read open map }; #avc: denied { getattr } for pid=1123 comm="hdcd" path="/dev/asanlog" dev="tmpfs" ino=629 scontext=u:r:hdcd:s0 tcontext=u:object_r:dev_asanlog_file:s0 tclass=dir permissive=0 allow hdcd dev_asanlog_file:dir { read_dir_perms write add_name create }; #avc: denied { write create open } for pid=1358 comm="hdcd" path="/dev/asanlog/asan.log.3273" dev="tmpfs" ino=727 scontext=u:r:hdcd:s0 tcontext=u:object_r:dev_asanlog_file:s0 tclass=file permissive=1 allow hdcd dev_asanlog_file:file { write create read_file_perms }; #avc: denied { read } for pid=3520 comm="hiview" name="asanlog" dev="tmpfs" ino=726 scontext=u:r:hiview:s0 tcontext=u:object_r:dev_file:s0 tclass=dir permissive=0 #allow hiview dev_asanlog_file:dir { read open watch getattr create search }; allow hiview dev_asanlog_file:dir { read_dir_perms }; #avc: denied { read } for pid=449 comm="hiview" name="asan.log.2718" dev="tmpfs" ino=731 scontext=u:r:hiview:s0 tcontext=u:object_r:dev_file:s0 tclass=file permissive=0 allow hiview dev_asanlog_file:file { read_file_perms }; #avc: denied { relabelto } for pid=3281 comm="init" name="asanlog" dev="tmpfs" ino=629 scontext=u:r:init:s0 tcontext=u:object_r:dev_asanlog_file:s0 tclass=dir permissive=0 #avc: denied { getattr } for pid=3281 comm="init" path="/dev/asanlog/asan.log.2718" dev="tmpfs" ino=727 scontext=u:r:init:s0 tcontext=u:object_r:dev_file:s0 tclass=file permissive=0 allow init dev_asanlog_file:dir { setattr read getattr relabelto }; allow hiview kernel:system { syslog_read }; allow hiview hilog_exec:file { execute read open execute_no_trans map }; allow hiview hilog_output_socket:sock_file { write }; allow hiview hilogd:unix_stream_socket { connectto }; allow hiview hitrace_exec:file { execute read open execute_no_trans map }; allow hiview tracefs:file { write }; allow hiview proc_sysrq_trigger_file:file { open getattr write ioctl }; #avc: denied { search } for pid=252 comm="exportSysEventT" name="app" dev="mmcblk0p12" ino=43 scontext=u:r:hiview:s0 tcontext=u:object_r:data_app_file:s0 tclass=dir permissive=0 allow hiview data_app_file:dir { search }; #avc: denied { search } for pid=247 comm="exportSysEventT" name="el2" dev="mmcblk0p12" ino=47 scontext=u:r:hiview:s0 tcontext=u:object_r:data_app_el2_file:s0 tclass=dir permissive=0 #avc: denied { add_name } for pid=2716 comm="freeze_detector" name="APP_FREEZE_1501994090092_2792.log" scontext=u:r:hiview:s0 tcontext=u:object_r:data_app_el2_file:s0 tclass=dir permissive=1 #avc: denied { write } for pid=266 comm="freeze_detector" name="hiappevent" dev="mmcblk0p15" ino=2265 scontext=u:r:hiview:s0 tcontext=u:object_r:data_app_el2_file:s0 tclass=dir permissive=0 allow hiview data_app_el2_file:dir { search read open add_name write create setattr getattr remove_name }; #avc: denied { create } for pid=2716 comm="freeze_detector" name="APP_FREEZE_1501994090092_2792.log" scontext=u:r:hiview:s0 tcontext=u:object_r:data_app_el2_file:s0 tclass=file permissive=1 #avc: denied { ioctl } for pid=2716 comm="freeze_detector" path="/data/app/el2/100/log/com.example.myapplication/hiappevent/APP_FREEZE_1501994090092_2792.log" dev="mmcblk0p15" ino=2352 ioctlcmd=0x5413 scontext=u:r:hiview:s0 tcontext=u:object_r:data_app_el2_file:s0 tclass=file permissive=1 #avc: denied { setattr } for pid=263 comm="plat_shared" name="APP_CRASH_1501997026177_1964.log" dev="mmcblk0p15" ino=2180 scontext=u:r:hiview:s0 tcontext=u:object_r:data_app_el2_file:s0 tclass=file permissive=0 allow hiview data_app_el2_file:file { open getattr read write create ioctl setattr append rename }; allowxperm hiview data_app_el2_file:file ioctl { 0x5413 }; #avc: denied { search } for pid=247 comm="exportSysEventT" name="com.huawei.myapplication" dev="mmcblk0p12" ino=2366 scontext=u:r:hiview:s0 tcontext=u:object_r:system_basic_hap_data_file:s0 tclass=dir permissive=0 #avc: denied { write } for pid=252 comm="exportSysEventT" name="hiview" dev="mmcblk0p12" ino=2417 scontext=u:r:hiview:s0 tcontext=u:object_r:system_basic_hap_data_file:s0 tclass=dir permissive=0 #avc: denied { add_name } for pid=251 comm="exportSysEventT" name="Reliability-EVENT-20170816160811-000-0.evt" scontext=u:r:hiview:s0 tcontext=u:object_r:system_basic_hap_data_file:s0 tclass=dir permissive=0 allow hiview system_basic_hap_data_file_attr:dir { add_name search write }; #avc: denied { create write open } for pid=256 comm="exportSysEventT" name="Reliability-EVENT-20170816164943-000-0.evt" scontext=u:r:hiview:s0 tcontext=u:object_r:system_basic_hap_data_file:s0 tclass=file permissive=0 allow hiview system_basic_hap_data_file_attr:file { create write open }; #avc: denied { search } for pid=241 comm="exportSysEventT" name="com.huawei.myapplicationtest" dev="mmcblk0p12" ino=1615 scontext=u:r:hiview:s0 tcontext=u:object_r:normal_hap_data_file:s0 tclass=dir permissive=0 allow hiview normal_hap_data_file:dir { search }; #avc: denied { write } for pid=245 comm="exportSysEventT" name="cache" dev="mmcblk0p12" ino=1616 scontext=u:r:hiview:s0 tcontext=u:object_r:normal_hap_data_file:s0 tclass=dir permissive=0 allow hiview normal_hap_data_file:dir { write add_name }; allow hiview normal_hap_data_file:file { create write open }; #avc: denied { setattr } for pid=246 comm="exportSysEventT" name="RELIABILITY-20170806025113-000-0.evt" dev="mmcblk0p12" ino=2052 scontext=u:r:hiview:s0 tcontext=u:object_r:system_basic_hap_data_file:s0 tclass=file permissive=0 allow hiview system_basic_hap_data_file_attr:file { setattr }; allow hiview normal_hap_data_file:file { setattr }; debug_only(` allow hiview sh:dir { getattr open read search}; allow hiview sh:file { getattr read open }; allow hiview sh:binder { call transfer }; ') #avc: denied { call } for pid=256 comm="IPC_3_1647" scontext=u:r:hiview:s0 tcontext=u:r:system_basic_hap:s0 tclass=binder permissive=0 allow hiview system_basic_hap_attr:binder { call }; #avc: denied { getattr } for pid=1989 comm="sysevent_source" path="/dev/unix/socket/hisysevent" scontext=u:r:hiview:s0 tcontext=u:r:hiview:s0 tclass=unix_dgram_socket permissive=1 allow hiview hiview:unix_dgram_socket { getattr }; #avc: denied { open } for pid=262 comm="hiview" path="/dev/ashmem" dev="tmpfs" ino=177 scontext=u:r:hiview:s0 tcontext=u:object_r:dev_ashmem_file:s0 tclass=chr_file permissive=1 allow hiview dev_ashmem_file:chr_file { open }; #avc: denied { search } for pid=2001 comm="hiview" name="etc" dev="mmcblk0p8" ino=16 scontext=u:r:hiview:s0 tcontext=u:object_r:vendor_etc_file:s0 tclass=dir permissive=1 allow hiview vendor_etc_file:dir { search }; #avc: denied { read } for pid=2001 comm="hiview" name="hisysevent.def" dev="mmcblk0p8" ino=265 scontext=u:r:hiview:s0 tcontext=u:object_r:vendor_etc_file:s0 tclass=file permissive=1 #avc: denied { open } for pid=2001 comm="hiview" path="/vendor/etc/hiview/hisysevent.def" dev="mmcblk0p8" ino=265 scontext=u:r:hiview:s0 tcontext=u:object_r:vendor_etc_file:s0 tclass=file permissive=1 allow hiview vendor_etc_file:file { read open }; allow hiview hisysevent:binder { call transfer }; allow hiview hisysevent:dir { search }; allow hiview hisysevent:file { read open getattr }; allow hiview dev_ucollection:chr_file { ioctl open read write }; #avc: denied { read } for pid=1853 comm="plat_shared" name="possible" dev="sysfs" ino=4918 scontext=u:r:hiview:s0 tcontext=u:object_r:sysfs_devices_system_cpu:s0 tclass=file permissive=1 #avc: denied { open } for pid=1853 comm="plat_shared" path="/sys/devices/system/cpu/possible" dev="sysfs" ino=4918 scontext=u:r:hiview:s0 tcontext=u:object_r:sysfs_devices_system_cpu:s0 tclass=file permissive=1 #avc: denied { getattr } for pid=1853 comm="plat_shared" path="/sys/devices/system/cpu/possible" dev="sysfs" ino=4918 scontext=u:r:hiview:s0 tcontext=u:object_r:sysfs_devices_system_cpu:s0 tclass=file permissive=1 allow hiview sysfs_devices_system_cpu:file { read open getattr }; #avc: denied { read } for pid=260 comm="IPC_2_721" name="tracing_on" dev="tracefs" ino=18185 scontext=u:r:hiview:s0 tcontext=u:object_r:tracefs:s0 tclass=file permissive=0 #avc: denied { open } for pid=262 comm="IPC_3_1102" path="/sys/kernel/debug/tracing/events/binder/binder_transaction/enable" dev="tracefs" ino=15693 scontext=u:r:hiview:s0 tcontext=u:object_r:tracefs:s0 tclass=file permissive=1 #avc: denied { ioctl } for pid=262 comm="IPC_3_1102" path="/sys/kernel/debug/tracing/events/binder/binder_transaction/enable" dev="tracefs" ino=15693 ioctlcmd=0x5413 scontext=u:r:hiview:s0 tcontext=u:object_r:tracefs:s0 tclass=file permissive=1 #avc: denied { getattr } for pid=262 comm="IPC_3_1102" path="/sys/kernel/debug/tracing/events/binder/binder_transaction/enable" dev="tracefs" ino=15693 scontext=u:r:hiview:s0 tcontext=u:object_r:tracefs:s0 tclass=file permissive=1 allow hiview tracefs:file { read open ioctl getattr }; allowxperm hiview tracefs:file ioctl { 0x5413 }; #avc: denied { read } for pid=3130 comm="plat_shared" name="diskstats" dev="proc" ino=4026532227 scontext=u:r:hiview:s0 tcontext=u:object_r:proc_diskstats_file:s0 tclass=file permissive=1 #avc: denied { open } for pid=3130 comm="plat_shared" path="/proc/diskstats" dev="proc" ino=4026532227 scontext=u:r:hiview:s0 tcontext=u:object_r:proc_diskstats_file:s0 tclass=file permissive=1 #avc: denied { getattr } for pid=3130 comm="plat_shared" path="/proc/diskstats" dev="proc" ino=4026532227 scontext=u:r:hiview:s0 tcontext=u:object_r:proc_diskstats_file:s0 tclass=file permissive=1 allow hiview proc_diskstats_file:file { read open getattr }; #avc: denied { kill } for pid=7601 comm="hiview" capability=5 scontext=u:r:hiview:s0 tcontext=u:r:hiview:s0 tclass=capability permissive=1 #avc: denied { signal } for pid=7601 comm="hiview" scontext=u:r:hiview:s0 tcontext=u:r:system_basic_hap:s0 tclass=process permissive=1 allow hiview domain:process signal; allow hiview hiview:capability kill; #avc: denied { call } for pid=519 comm="IPC_0_576" scontext=u:r:hiview:s0 tcontext=u:r:softbus_server:s0 tclass=binder permissive=0 allow hiview softbus_server:binder { call }; #avc: denied { search } for pid=251 comm="OS_IPC_3_2826" name="com.example.myapplication" dev="mmcblk0p15" ino=2012 scontext=u:r:hiview:s0 tcontext=u:object_r:debug_hap_data_file:s0 tclass=dir permissive=1 #avc: denied { write } for pid=251 comm="OS_IPC_3_2826" name="hiappevent" dev="mmcblk0p15" ino=2058 scontext=u:r:hiview:s0 tcontext=u:object_r:debug_hap_data_file:s0 tclass=dir permissive=1 #avc: denied { add_name } for pid=251 comm="OS_IPC_3_2826" name="hiappevent_1501934018028.txt" scontext=u:r:hiview:s0 tcontext=u:object_r:debug_hap_data_file:s0 tclass=dir permissive=1 #avc: denied { read } for pid=2811 comm="XperfMainThr" name="hiappevent" dev="mmcblk0p15" ino=25209 scontext=u:r:hiview:s0 tcontext=u:object_r:debug_hap_data_file:s0 tclass=dir permissive=1 #avc: denied { getattr } for pid=2811 comm="XperfMainThr" name="hiappevent" dev="mmcblk0p15" ino=25209 scontext=u:r:hiview:s0 tcontext=u:object_r:debug_hap_data_file:s0 tclass=dir permissive=1 allow hiview normal_hap_data_file_attr:dir { search write add_name read getattr }; #avc: denied { create } for pid=251 comm="OS_IPC_3_2826" name="hiappevent_1501934018028.txt" scontext=u:r:hiview:s0 tcontext=u:object_r:debug_hap_data_file:s0 tclass=file permissive=1 #avc: denied { write open } for pid=251 comm="OS_IPC_3_2826" path="/data/app/el2/100/base/com.example.myapplication/cache/hiappevent/hiappevent_1501934018028.txt" dev="mmcblk0p15" ino=2832 scontext=u:r:hiview:s0 tcontext=u:object_r:debug_hap_data_file:s0 tclass=file permissive=1 #avc: denied { ioctl } for pid=251 comm="OS_IPC_3_2826" path="/data/app/el2/100/base/com.example.myapplication/cache/hiappevent/hiappevent_1501934018028.txt" dev="mmcblk0p15" ino=2832 ioctlcmd=0x5413 scontext=u:r:hiview:s0 tcontext=u:object_r:debug_hap_data_file:s0 tclass=file permissive=1 #avc: denied { getattr } for pid=251 comm="OS_IPC_3_2826" path="/data/app/el2/100/base/com.example.myapplication/cache/hiappevent/hiappevent_1501934018028.txt" dev="mmcblk0p15" ino=2832 scontext=u:r:hiview:s0 tcontext=u:object_r:debug_hap_data_file:s0 tclass=file permissive=1 #avc: denied { append } for pid=617 comm="/system/bin/hiview" path="/data/app/el2/100/base/com.example.myapplication/cache/hiappevent/hiappevent_1712134642860.txt" dev="/dev/block/platform/fa500000.ufs/by-name/userdata" ino=25137 scontext=u:r:hiview:s0 tcontext=u:object_r:debug_hap_data_file:s0 tclass=file permissive=0 allow hiview normal_hap_data_file_attr:file { create write open ioctl getattr append }; allowxperm hiview normal_hap_data_file_attr:file ioctl { 0x5413 }; allow hiview sa_distributeddata_service:samgr_class { get }; allow hiview processdump:fd { use }; allow hiview processdump:fifo_file { read }; allow hiview distributeddata:binder { call transfer }; allow hiview distributeddata:fd { use }; allow sadomain dev_bbox:chr_file { ioctl read open write }; allowxperm sadomain dev_bbox:chr_file ioctl { 0xab09 }; neverallowxperm hiview dev_bbox:chr_file ioctl ~{ 0xab09 0xaf01 0xaf02 0xaf03 0xaf04 0xaf05 0xaf06 0xaf07 0xaf08 0x4264 0x4265 0x4266 0x426a 0x426f 0x5413 0x601 }; #avc: denied { get } for service=4607 pid=8375 scontext=u:r:hiview:s0 tcontext=u:object_r:sa_foundation_dms:s0 tclass=samgr_class permissive=0 allow hiview sa_foundation_dms:samgr_class { get }; allow hiview hidumper:fd {use }; #avc: denied { search } for pid=620, comm="/system/bin/hiview" name="/service/el0" dev="/dev/block/platform/fa500000.ufs/by-name/userdata" ino=10 scontext=u:r:hiview:s0 tcontext=u:object_r:data_service_el0_file:s0 tclass=dir permissive=0 #avc: denied { open } for pid=620, comm="/system/bin/hiview" path="/data/service/el0/render_service" dev="/dev/block/platform/fa500000.ufs/by-name/userdata" ino=40 scontext=u:r:hiview:s0 tcontext=u:object_r:data_service_el0_file:s0 tclass=dir permissive=0 #avc: denied { read } for pid=623, comm="/system/bin/hiview" path="/data/service/el0/render_service" dev="/dev/block/platform/fa500000.ufs/by-name/userdata" ino=40 scontext=u:r:hiview:s0 tcontext=u:object_r:data_service_el0_file:s0 tclass=dir permissive=0 allow hiview data_service_el0_file:dir { read open search }; #avc: denied { getattr } for pid=622, comm="/system/bin/hiview" path="/data/service/el0/render_service/file00.ohr" dev="/dev/block/platform/fa500000.ufs/by-name/userdata" ino=29695 scontext=u:r:hiview:s0 tcontext=u:object_r:data_service_el0_file:s0 tclass=file permissive=0 #avc: denied { read } for pid=622, comm="/system/bin/hiview" path="/data/service/el0/render_service/file01.ohr" dev="/dev/block/platform/fa500000.ufs/by-name/userdata" ino=30554 scontext=u:r:hiview:s0 tcontext=u:object_r:data_service_el0_file:s0 tclass=file permissive=0 #avc: denied { open } for pid=622, comm="/system/bin/hiview" path="/data/service/el0/render_service/file01.ohr" dev="/dev/block/platform/fa500000.ufs/by-name/userdata" ino=33037 scontext=u:r:hiview:s0 tcontext=u:object_r:data_service_el0_file:s0 tclass=file permissive=0 allow hiview data_service_el0_file:file { getattr read open }; allow hiview hitrace_param:parameter_service { set }; # avc: denied { use } for pid=2181, comm="/system/bin/sa_main" path="/dev/ashmem" dev="" ino=1 scontext=u:r:hiview:s0 tcontext=u:r:wifi_manager_service:s0 tclass=fd permissive=0 allow hiview wifi_manager_service:fd { use }; allow hiview pstorefs:dir { open read remove_name search write }; allow hiview pstorefs:file { open read unlink };