# Copyright (c) 2022-2023 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. #avc: denied { getopt } for pid=563 comm="msdp" scontext=u:r:msdp_sa:s0 tcontext=u:r:msdp_sa:s0 tclass=unix_dgram_socket permissive=1 #avc: denied { setopt } for pid=563 comm="msdp" scontext=u:r:msdp_sa:s0 tcontext=u:r:msdp_sa:s0 tclass=unix_dgram_socket permissive=1 allow msdp_sa msdp_sa:unix_dgram_socket { getopt setopt }; #avc: denied { search } for pid=538 comm="msdp" name="socket" dev="tmpfs" ino=40 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:dev_unix_socket:s0 tclass=dir permissive=1 allow msdp_sa dev_unix_socket:dir { search }; #avc: denied { call } for pid=543 comm="msdp" scontext=u:r:msdp_sa:s0 tcontext=u:r:sh:s0 tclass=binder permissive=1 debug_only(` allow msdp_sa sh:binder { call }; ') #avc: denied { call } for pid=571 comm="msdp" scontext=u:r:msdp_sa:s0 tcontext=u:r:accesstoken_service:s0 tclass=binder permissive=1 allow msdp_sa accesstoken_service:binder { call }; #avc: denied { add } for service=2902 pid=387 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:sa_msdp_devicestatus_service:s0 tclass=samgr_class permissive=1 allow msdp_sa sa_msdp_devicestatus_service:samgr_class { add }; #avc: denied { get } for service=3901 pid=387 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:sa_param_watcher:s0 tclass=samgr_class permissive=1 allow msdp_sa sa_param_watcher:samgr_class { get }; #avc: denied { call } for pid=435 comm="msdp" scontext=u:r:msdp_sa:s0 tcontext=u:r:normal_hap:s0 tclass=binder permissive=0 allow msdp_sa normal_hap_attr:binder { call }; #avc: denied { search } for pid=431 comm="msdp" name="/" dev="mmcblk0p12" ino=3 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:data_file:s0 tclass=dir permissive=0 allow msdp_sa data_file:dir { search }; #avc: denied { call } for pid=429 comm="msdp" scontext=u:r:msdp_sa:s0 tcontext=u:r:system_core_hap:s0 tclass=binder permissive=0 allow msdp_sa system_core_hap_attr:binder { call }; #avc: denied { watch } for pid=453 comm="device_status_s" path="/dev/input" dev="tmpfs" ino=77 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:dev_input_file:s0 tclass=dir permissive=0 #avc: denied { open } for pid=1729 comm="device_status_s" path="/dev/input" dev="tmpfs" ino=77 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:dev_input_file:s0 tclass=dir permissive=0 #avc: denied { read } for pid=1765 comm="device_status_s" name="input" dev="tmpfs" ino=77 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:dev_input_file:s0 tclass=dir permissive=0 #avc: denied { search } for pid=1737 comm="device_status_s" name="input" dev="tmpfs" ino=77 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:dev_input_file:s0 tclass=dir permissive=0 #avc: denied { getattr } for pid=1741 comm="device_status_s" path="/dev/input" dev="tmpfs" ino=77 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:dev_input_file:s0 tclass=dir permissive=0 allow msdp_sa dev_input_file:dir { watch open read search getattr }; #avc: denied { getattr } for pid=1741 comm="device_status_s" path="/dev/input/event3" dev="tmpfs" ino=107 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:dev_input_file:s0 tclass=chr_file permissive=0 #avc: denied { read write } for pid=1897 comm="device_status_s" name="event7" dev="tmpfs" ino=328 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:dev_input_file:s0 tclass=chr_file permissive=1 #avc: denied { open } for pid=1897 comm="device_status_s" path="/dev/input/event7" dev="tmpfs" ino=328 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:dev_input_file:s0 tclass=chr_file permissive=1 #avc: denied { ioctl } for pid=1748 comm="device_status_s" path="/dev/input/event7" dev="tmpfs" ino=328 ioctlcmd=0x4521 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:dev_input_file:s0 tclass=chr_file permissive=0 allow msdp_sa dev_input_file:chr_file { getattr read write open ioctl }; #avc: denied { getattr } for pid=1741 comm="device_status_s" path="/dev" dev="tmpfs" ino=1 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:dev_file:s0 tclass=dir permissive=0 allow msdp_sa dev_file:dir { getattr }; #avc: denied { search } for pid=1771 comm="device_status_s" name="etc" dev="mmcblk0p8" ino=17 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:vendor_etc_file:s0 tclass=dir permissive=1 allow msdp_sa vendor_etc_file:dir { search }; #avc: denied { call } for pid=457 comm="device_status_s" scontext=u:r:msdp_sa:s0 tcontext=u:r:multimodalinput:s0 tclass=binder permissive=1 allow msdp_sa multimodalinput:binder { call }; #avc: denied { use } for pid=257 comm="IPC_0_324" path="socket:[33166]" dev="sockfs" ino=33166 scontext=u:r:msdp_sa:s0 tcontext=u:r:multimodalinput:s0 tclass=fd permissive=1 allow msdp_sa multimodalinput:fd { use }; #avc: denied { read write } for pid=257 comm="IPC_0_324" path="socket:[33166]" dev="sockfs" ino=33166 scontext=u:r:msdp_sa:s0 tcontext=u:r:multimodalinput:s0 tclass=unix_stream_socket permissive=1 allow msdp_sa multimodalinput:unix_stream_socket { read write }; #avc: denied { map } for pid=482 comm="IPC_1_549" path="/dev/__parameters__/u:object_r:musl_param:s0" dev="tmpfs" ino=56 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:musl_param:s0 tclass=file permissive=0 #avc: denied { open } for pid=448 comm="IPC_1_490" path="/dev/__parameters__/u:object_r:musl_param:s0" dev="tmpfs" ino=56 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:musl_param:s0 tclass=file permissive=0 #avc: denied { read } for pid=477 comm="IPC_1_657" name="u:object_r:musl_param:s0" dev="tmpfs" ino=56 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:musl_param:s0 tclass=file permissive=0 allow msdp_sa musl_param:file { map open read }; #avc: denied { transfer } for pid=477 comm="IPC_1_657" scontext=u:r:msdp_sa:s0 tcontext=u:r:sensors:s0 tclass=binder permissive=1 allow msdp_sa sensors:binder { transfer }; #avc: denied { get } for service=3101 pid=445 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:sa_multimodalinput_service:s0 tclass=samgr_class permissive=0 allow msdp_sa sa_multimodalinput_service:samgr_class { get }; debug_only(` allow msdp_sa data_file:file { getattr open read}; #avc: denied { read write } for pid=1903 comm="sa_main" path="/dev/console" dev="tmpfs" ino=27 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:dev_console_file:s0 tclass=chr_file permissive=0 allow msdp_sa dev_console_file:chr_file { read write }; #avc: denied { use } for pid=1794 comm="InteractionMana" path="/dev/ashmem" dev="tmpfs" ino=197 scontext=u:r:msdp_sa:s0 tcontext=u:r:sh:s0 tclass=fd permissive=0 allow msdp_sa sh:fd { use }; ') #avc: denied { call } for pid=923 comm="device_status_s" scontext=u:r:msdp_sa:s0 tcontext=u:r:distributedsche:s0 tclass=binder permissive=1 #avc: denied { transfer } for pid=923 comm="device_status_s" scontext=u:r:msdp_sa:s0 tcontext=u:r:distributedsche:s0 tclass=binder permissive=1 allow msdp_sa distributedsche:binder { call transfer }; #avc: denied { get } for service=4810 pid=892 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:sa_distributed_hardware_input_sink_service:s0 tclass=samgr_class permissive=0 allow msdp_sa sa_distributed_hardware_input_sink_service:samgr_class { get }; #avc: denied { get } for service=4809 pid=892 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:sa_distributed_hardware_input_source_service:s0 tclass=samgr_class permissive=0 allow msdp_sa sa_distributed_hardware_input_source_service:samgr_class { get }; #avc: denied { get } for service=4607 pid=923 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:sa_foundation_dms:s0 tclass=samgr_class permissive=1 allow msdp_sa sa_foundation_dms:samgr_class { get }; #avc: denied { use } for pid=1210 comm="SoftBusConnect" path="socket:[18000]" dev="sockfs" ino=18000 scontext=u:r:msdp_sa:s0 tcontext=u:r:softbus_server:s0 tclass=fd permissive=1 allow msdp_sa softbus_server:fd { use }; #avc: denied { read } for pid=923 comm="SoftBusConnect" laddr=192.168.43.17 lport=41775 faddr=192.168.43.46 fport=42169 scontext=u:r:msdp_sa:s0 tcontext=u:r:softbus_server:s0 tclass=tcp_socket permissive=1 #avc: denied { setopt } for pid=923 comm="device_status_s" laddr=192.168.43.17 lport=41775 faddr=192.168.43.46 fport=42169 scontext=u:r:msdp_sa:s0 tcontext=u:r:softbus_server:s0 tclass=tcp_socket permissive=1 #avc: denied { write } for pid=923 comm="device_status_s" laddr=192.168.43.17 lport=41775 faddr=192.168.43.46 fport=42169 scontext=u:r:msdp_sa:s0 tcontext=u:r:softbus_server:s0 tclass=tcp_socket permissive=1 #avc: denied { shutdown } for pid=867 comm="EventRunner#41" laddr=192.168.43.46 lport=44711 faddr=192.168.43.17 fport=38953 scontext=u:r:msdp_sa:s0 tcontext=u:r:softbus_server:s0 tclass=tcp_socket permissive=0 allow msdp_sa softbus_server:tcp_socket { read setopt write shutdown }; #avc: denied { get } for service=6001 pid=932 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:sa_device_profile_service:s0 tclass=samgr_class permissive=1 allow msdp_sa sa_device_profile_service:samgr_class { get }; #avc: denied { get } for service=401 pid=375 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:sa_foundation_bms:s0 tclass=samgr_class permissive=0 allow msdp_sa sa_foundation_bms:samgr_class { get }; #avc: denied { get } for service=10 pid=397 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:sa_render_service:s0 tclass=samgr_class permissive=0 allow msdp_sa sa_render_service:samgr_class { get }; #avc: denied { get } for service=4606 pid=381 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:sa_foundation_wms:s0 tclass=samgr_class permissive=1 allow msdp_sa sa_foundation_wms:samgr_class { get }; #avc: denied { get } for service=801 pid=363 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:sa_accessibleabilityms:s0 tclass=samgr_class permissive=1 allow msdp_sa sa_accessibleabilityms:samgr_class { get }; #avc: denied { get } for service=1901 pid=363 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:sa_resource_schedule:s0 tclass=samgr_class permissive=1 allow msdp_sa sa_resource_schedule:samgr_class { get }; #avc: denied { call } for pid=379 comm="device_status_s" scontext=u:r:msdp_sa:s0 tcontext=u:r:render_service:s0 tclass=binder permissive=0 #avc: denied { transfer } for pid=429 comm="device_status_s" scontext=u:r:msdp_sa:s0 tcontext=u:r:render_service:s0 tclass=binder permissive=0 allow msdp_sa render_service:binder { call transfer }; #avc: denied { use } for pid=480 comm="IPC_3_1378" path="socket:[31810]" dev="sockfs" ino=31810 scontext=u:r:msdp_sa:s0 tcontext=u:r:render_service:s0 tclass=fd permissive=0 allow msdp_sa render_service:fd { use }; #avc: denied { transfer } for pid=391 comm="device_status_s" scontext=u:r:msdp_sa:s0 tcontext=u:r:foundation:s0 tclass=binder permissive=0 allow msdp_sa foundation:binder { transfer }; #avc: denied { call } for pid=416 comm="device_status_s" scontext=u:r:msdp_sa:s0 tcontext=u:r:accessibility:s0 tclass=binder permissive=0 #avc: denied { transfer } for pid=421 comm="device_status_s" scontext=u:r:msdp_sa:s0 tcontext=u:r:accessibility:s0 tclass=binder permissive=0 allow msdp_sa accessibility:binder { call transfer }; #avc: denied { open } for pid=372 comm="device_status_s" path="/dev/ashmem" dev="tmpfs" ino=191 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:dev_ashmem_file:s0 tclass=chr_file permissive=0 allow msdp_sa dev_ashmem_file:chr_file { open }; #avc: denied { getattr } for pid=404 comm="RSRenderThread" path="/dev/mali0" dev="tmpfs" ino=133 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:dev_mali:s0 tclass=chr_file permissive=1 #avc: denied { ioctl } for pid=404 comm="RSRenderThread" path="/dev/mali0" dev="tmpfs" ino=133 ioctlcmd=0x8000 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:dev_mali:s0 tclass=chr_file permissive=1 #avc: denied { map } for pid=404 comm="RSRenderThread" path="/dev/mali0" dev="tmpfs" ino=133 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:dev_mali:s0 tclass=chr_file permissive=1 #avc: denied { open } for pid=404 comm="RSRenderThread" path="/dev/mali0" dev="tmpfs" ino=133 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:dev_mali:s0 tclass=chr_file permissive=1 #avc: denied { read write } for pid=372 comm="RSRenderThread" name="mali0" dev="tmpfs" ino=133 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:dev_mali:s0 tclass=chr_file permissive=0 allow msdp_sa dev_mali:chr_file { getattr ioctl map open read write }; allowxperm msdp_sa dev_mali:chr_file ioctl { 0x8000 0x8001 0x8002 0x8003 0x8005 0x8006 0x8007 0x800f 0x800e 0x8011 0x8016 0x8018 0x801d 0x801e 0x8026 }; #avc: denied { read write } for pid=453 comm="IPC_0_469" path="socket:[28935]" dev="sockfs" ino=28935 scontext=u:r:msdp_sa:s0 tcontext=u:r:render_service:s0 tclass=unix_stream_socket permissive=0 allow msdp_sa render_service:unix_stream_socket { read write }; #avc: denied { search } for pid=404 comm="msdp" name="usr" dev="mmcblk0p7" ino=2921 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:system_usr_file:s0 tclass=dir permissive=1 allow msdp_sa system_usr_file:dir { search }; #avc: denied { getattr } for pid=404 comm="msdp" path="/system/usr/ohos_locale_config/supported_regions.xml" dev="mmcblk0p7" ino=2928 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:system_usr_file:s0 tclass=file permissive=1 #avc: denied { read } for pid=404 comm="msdp" name="supported_regions.xml" dev="mmcblk0p7" ino=2928 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:system_usr_file:s0 tclass=file permissive=1 #avc: denied { open } for pid=404 comm="msdp" path="/system/usr/ohos_locale_config/supported_regions.xml" dev="mmcblk0p7" ino=2928 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:system_usr_file:s0 tclass=file permissive=1 allow msdp_sa system_usr_file:file { getattr read open }; #avc: denied { getattr } for pid=1613 comm="msdp" path="/sys/devices/system/cpu/online" dev="sysfs" ino=4917 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:sysfs_devices_system_cpu:s0 tclass=file permissive=0 #avc: denied { open } for pid=1672 comm="msdp" path="/sys/devices/system/cpu/online" dev="sysfs" ino=4917 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:sysfs_devices_system_cpu:s0 tclass=file permissive=0 #avc: denied { read } for pid=1734 comm="msdp" name="online" dev="sysfs" ino=4917 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:sysfs_devices_system_cpu:s0 tclass=file permissive=0 allow msdp_sa sysfs_devices_system_cpu:file { getattr open read }; #avc: denied { open } for pid=421 comm="RSRenderThread" path="/sys/devices/system/cpu" dev="sysfs" ino=4915 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:sysfs_devices_system_cpu:s0 tclass=dir permissive=0 #avc: denied { read } for pid=380 comm="RSRenderThread" name="cpu" dev="sysfs" ino=4915 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:sysfs_devices_system_cpu:s0 tclass=dir permissive=0 allow msdp_sa sysfs_devices_system_cpu:dir { open read }; #avc: denied { use } for pid=1172 comm="com.ohos.launch" path="/dev/ashmem" dev="tmpfs" ino=188 scontext=u:r:msdp_sa:s0 tcontext=u:r:system_basic_hap:s0 tclass=fd permissive=1 allow msdp_sa system_basic_hap_attr:fd { use }; allow msdp_sa sa_distributeddata_service:samgr_class { get }; #avc: denied { use } for pid=468 comm="IPC_0_499" path="/dmabuf:" dev="dmabuf" ino=32242 scontext=u:r:msdp_sa:s0 tcontext=u:r:allocator_host:s0 tclass=fd permissive=0 allow msdp_sa allocator_host:fd { use }; #avc: denied { getattr } for pid=433 comm="device_status_s" path="/system/fonts/HarmonyOS_Sans_Condensed_Medium_Italic.ttf" dev="mmcblk0p7" ino=1683 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:system_fonts_file:s0 tclass=file permissive=0 #avc: denied { map } for pid=426 comm="device_status_s" path="/system/fonts/HarmonyOS_Sans_SC_Light.ttf" dev="mmcblk0p7" ino=1710 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:system_fonts_file:s0 tclass=file permissive=0 #avc: denied { open } for pid=413 comm="device_status_s" path="/system/fonts/HarmonyOS_Sans_Digit.ttf" dev="mmcblk0p7" ino=1688 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:system_fonts_file:s0 tclass=file permissive=0 #avc: denied { read } for pid=426 comm="device_status_s" name="HarmonyOS_Sans_SC_Thin.ttf" dev="mmcblk0p7" ino=1713 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:system_fonts_file:s0 tclass=file permissive=0 allow msdp_sa system_fonts_file:file { getattr map open read }; #avc: denied { open } for pid=435 comm="device_status_s" path="/system/fonts" dev="mmcblk0p7" ino=1671 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:system_fonts_file:s0 tclass=dir permissive=0 #avc: denied { read } for pid=450 comm="device_status_s" name="fonts" dev="mmcblk0p7" ino=1671 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:system_fonts_file:s0 tclass=dir permissive=0 #avc: denied { search } for pid=424 comm="device_status_s" name="fonts" dev="mmcblk0p7" ino=1671 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:system_fonts_file:s0 tclass=dir permissive=0 allow msdp_sa system_fonts_file:dir { open read search }; #avc: denied { call } for pid=3255 comm="mmi_EventHdr" scontext=u:r:msdp_sa:s0 tcontext=u:r:distributeddata:s0 tclass=binder permissive=1 allow msdp_sa distributeddata:binder { call }; #avc: denied { use } for pid=2822 comm="mos.filemanager" path="/dev/ashmem" dev="tmpfs" ino=480 scontext=u:r:msdp_sa:s0 tcontext=u:r:system_core_hap:s0 tclass=fd permissive=0 allow msdp_sa system_core_hap_attr:fd { use }; #avc: denied { read } for pid=2361 comm="ClientEventHand" scontext=u:r:system_core_hap:s0 tcontext=u:r:msdp_sa:s0 tclass=unix_stream_socket permissive=1 allow msdp_sa system_core_hap_attr:unix_stream_socket { read }; #avc: denied { use } for pid=4218 comm="awei.ohos.clock" path="/dev/ashmem" dev="tmpfs" ino=487 scontext=u:r:msdp_sa:s0 tcontext=u:r:normal_hap:s0 tclass=fd permissive=1 allow msdp_sa normal_hap_attr:fd { use }; #avc: denied { transfer } for pid=858 comm="SoftBusConnect" scontext=u:r:msdp_sa:s0 tcontext=u:r:multimodalinput:s0 tclass=binder permissive=1 allow msdp_sa multimodalinput:binder { transfer }; #avc: denied { get } for service=3299 pid=470 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:sa_foundation_cesfwk_service:s0 tclass=samgr_class permissive=0 allow msdp_sa sa_foundation_cesfwk_service:samgr_class { get }; #avc: denied { get } for service=501 pid=762 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:sa_foundation_appms:s0 tclass=samgr_class permissive=0 allow msdp_sa sa_foundation_appms:samgr_class { get }; allow msdp_sa sa_filemanagement_distributed_file_daemon_service:samgr_class { get }; allow msdp_sa distributedfiledaemon:binder { call }; allow msdp_sa inputmethod_service:binder { call transfer }; #avc: denied { get } for service=1912 pid=1070 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:sa_concurrent_task_service:s0 tclass=samgr_class permissive=1 allow msdp_sa sa_concurrent_task_service:samgr_class { get }; #avc: denied { call } for service=1912 pid=1024, comm="/system/bin/sa_main" scontext=u:r:msdp_sa:s0 tcontext=u:object_r:concurrent_task_service:s0 tclass=binder permissive=0 allow msdp_sa concurrent_task_service:binder { call }; allow msdp_sa wifi_manager_service:binder { call }; #avc: denied { call } for pid=871 comm="OS_Cooperate" scontext=u:r:msdp_sa:s0 tcontext=u:r:accountmgr:s0 tclass=binder permissive=1 allow msdp_sa accountmgr:binder { call transfer }; #avc: denied { get } for service=1123 sid=u:r:msdp_sa:s0 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:sa_wifi_p2p_ability:s0 tclass=samgr_class permissive=0 allow msdp_sa sa_wifi_p2p_ability:samgr_class { get }; allow msdp_sa sa_accountmgr:samgr_class { get }; #avc: denied { use } for pid=1466, comm="/system/bin/sa_main" path="/dev/ashmem" dev="" ino=1 scontext=u:r:msdp_sa:s0 tcontext=u:r:accountmgr:s0 tclass=fd permissive=0 allow msdp_sa accountmgr:fd { use };