# Copyright (c) 2024 Huawei Device Co., Ltd.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# avc:  denied  { map } for pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:arkcompiler_param:s0 tclass=file permissive=1
# avc:  denied  { open } for pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:arkcompiler_param:s0 tclass=file permissive=1
# avc:  denied  { read } for pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:arkcompiler_param:s0 tclass=file permissive=1
allow powermgr arkcompiler_param:file { read open getattr map };

# avc:  denied  { map } pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:bootevent_param:s0 tclass=file permissive=1
# avc:  denied  { open } pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:bootevent_param:s0 tclass=file permissive=1
# avc:  denied  { read } pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:bootevent_param:s0 tclass=file permissive=1
allow powermgr bootevent_param:file { map open read };

# avc:  denied  { set } for scontext=u:r:powermgr:s0 tcontext=u:object_r:bootevent_param:s0 tclass=parameter_service permissive=0
allow powermgr bootevent_param:parameter_service { set };

# avc:  denied  { read } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:bootevent_samgr_param:s0 tclass=file permissive=1
# avc:  denied  { open } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:bootevent_samgr_param:s0 tclass=file permissive=1
# avc:  denied  { map } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:bootevent_samgr_param:s0 tclass=file permissive=1
allow powermgr bootevent_samgr_param:file { map open read };

# avc:  denied  { set } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:bootevent_wms_param:s0 tclass=parameter_service permissive=1
allow powermgr bootevent_wms_param:parameter_service { set };

# avc:  denied  { read } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:build_version_param:s0 tclass=file permissive=1
# avc:  denied  { open } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:build_version_param:s0 tclass=file permissive=1
# avc:  denied  { map } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:build_version_param:s0 tclass=file permissive=1
allow powermgr build_version_param:file { map open read };

# avc:  denied  { search } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:chip_prod_file:s0 tclass=dir permissive=1
allow powermgr chip_prod_file:dir { search };

# avc:  denied  { create } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:configfs:s0 tclass=dir permissive=1
# avc:  denied  { read } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:configfs:s0 tclass=dir permissive=1
allow powermgr configfs:dir { add_name create open read remove_name rmdir search write };

# avc:  denied  { search } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:configfs:s0 tclass=file permissive=1
allow powermgr configfs:file { open write };

# avc:  denied  { map open read } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:const_allow_mock_param:s0 tclass=file permissive=1
allow powermgr const_allow_mock_param:file { map open read };

# avc:  denied  { map open read } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:const_allow_param:s0 tclass=file permissive=1
allow powermgr const_allow_param:file { map open read };

# avc:  denied  { map open read } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:const_build_param:s0 tclass=file permissive=1
allow powermgr const_build_param:file { map open read };

# avc:  denied  { map open read } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:const_display_brightness_param:s0 tclass=file permissive=1
allow powermgr const_display_brightness_param:file { map open read };

# avc:  denied  { map open read } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:const_param:s0 tclass=file permissive=1
allow powermgr const_param:file { map open read };

# avc:  denied  { map open read } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:const_postinstall_fstab_param:s0 tclass=file permissive=1
allow powermgr const_postinstall_fstab_param:file { map open read };

# avc:  denied  { map open read } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:const_postinstall_param:s0 tclass=file permissive=1
allow powermgr const_postinstall_param:file { map open read };

# avc:  denied  { map open read } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:const_product_param:s0 tclass=file permissive=1
allow powermgr const_product_param:file { map open read };

# avc:  denied  { search } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:data_app_el1_file:s0 tclass=dir permissive=1
allow powermgr data_app_el1_file:dir { search };

# avc:  denied  { getattr map read open } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:data_app_el1_file:s0 tclass=file permissive=1
allow powermgr data_app_el1_file:file { getattr map read open };

# avc:  denied  { search } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:data_app_file:s0 tclass=dir permissive=1
allow powermgr data_app_file:dir { search };

# avc:  denied  { search } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:data_data_file:s0 tclass=dir permissive=1
allow powermgr data_data_file:dir { search };

# avc:  denied  { getattr open read search } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:data_data_pulse_dir:s0 tclass=dir permissive=1
allow powermgr data_data_pulse_dir:dir { getattr open read search };

# avc:  denied  { lock open read write } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:data_data_pulse_dir:s0 tclass=file permissive=1
allow powermgr data_data_pulse_dir:file { lock open read write };

# avc:  denied  { getattr open read search } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:data_file:s0 tclass=dir permissive=1
allow powermgr data_file:dir { getattr open read search };

# avc:  denied  { getattr map read open } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:data_file:s0 tclass=file permissive=1
allow powermgr data_file:file { getattr map read open };

# avc:  denied  { getattr map read open } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:data_init_agent:s0 tclass=dir permissive=1
allow powermgr data_init_agent:dir { search };

# avc:  denied  { create getattr map read open } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:data_service_el1_file:s0 tclass=dir permissive=1
allow powermgr data_service_el1_file:dir { add_name create remove_name search open write getattr rmdir setattr };

# avc:  denied  { create getattr map read open } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:data_service_el1_file:s0 tclass=file permissive=1
allow powermgr data_service_el1_file:file { create getattr setattr ioctl open read write append lock map unlink };

# avc:  denied  { search } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:data_service_file:s0 tclass=dir permissive=1
allow powermgr data_service_file:dir { search };

# avc:  denied  { getattr } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:data_service_el0_file:s0 tclass=file permissive=1
allow powermgr data_service_el0_file:file { getattr };

# avc:  denied  { search } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:data_storage:s0 tclass=dir permissive=1
allow powermgr data_storage:dir { search };

# avc:  denied  { map open read } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:debug_param:s0 tclass=file permissive=1
allow powermgr debug_param:file { map open read };

# avc:  denied  { map open read } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:default_param:s0 tclass=file permissive=1
allow powermgr default_param:file { map open read };

# avc:  denied  { open } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:dev_ashmem_file:s0 tclass=chr_file permissive=1
allow powermgr dev_ashmem_file:chr_file { open };

# avc:  denied  { open write } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:dev_kmsg_file:s0 tclass=chr_file permissive=1
allow powermgr dev_kmsg_file:chr_file { open write };

# avc:  denied  { read write } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:dev_console_file:s0 tclass=chr_file permissive=1
allow powermgr dev_console_file:chr_file { read write };

# avc:  denied  { search } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:dev_unix_socket:s0 tclass=dir permissive=1
allow powermgr dev_unix_socket:dir { search };

# avc:  denied  { write } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:dev_unix_socket:s0 tclass=sock_file permissive=1
allow powermgr dev_unix_socket:sock_file { write };

# avc:  denied  { map open read } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:devinfo_private_param:s0 tclass=file permissive=1
allow powermgr devinfo_private_param:file { map open read };

# avc:  denied  { read write } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:exfat:s0 tclass=file permissive=1
allow powermgr exfat:file { read write };

# avc:  denied  { read } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:faultloggerd:s0 tclass=fifo_file permissive=1
allow powermgr faultloggerd:fifo_file { read };

# avc:  denied  { read open map } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:ffrt_param:s0 tclass=file permissive=1
allow powermgr ffrt_param:file { read open map };

# avc:  denied  { get } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:sa_powermgr_powermgr_service:s0 tclass=samgr_class permissive=1
allow powermgr powermgr:binder { call transfer };
allow powermgr powermgr:unix_dgram_socket { getopt setopt };

# avc:  denied  { read write } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:fuse_file:s0 tclass=file permissive=1
allow powermgr fuse_file:file { read write };

# avc:  denied  { search } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:hdf_ext_devmgr:s0 tclass=dir permissive=1
allow powermgr hdf_ext_devmgr:dir { search };

# avc:  denied  { getattr open read } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:hdf_ext_devmgr:s0 tclass=file permissive=1
allow powermgr hdf_ext_devmgr:file { getattr open read };

# avc:  denied  { use } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:hidumper_service:s0 tclass=fd permissive=1
allow powermgr hidumper_service:fd { use };

# avc:  denied  { write } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:hidumper_service:s0 tclass=fifo_file permissive=1
allow powermgr hidumper_service:fifo_file { write };

# avc:  denied  { map open read } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:hilog_param:s0 tclass=file permissive=1
allow powermgr hilog_param:file { map open read };

# avc:  denied  { sendto } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:hiview:s0 tclass=unix_dgram_socket permissive=1
allow powermgr hiview:unix_dgram_socket { sendto };

# avc:  denied  { open read } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:hiviewdfx_hiview_param:s0 tclass=file permissive=1
allow powermgr hiviewdfx_hiview_param:file { open read };

# avc:  denied  { read write } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:hmdfs:s0 tclass=file permissive=1
allow powermgr hmdfs:file { read write };

# avc:  denied  { map open read } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:hw_sc_build_os_param:s0 tclass=file permissive=1
allow powermgr hw_sc_build_os_param:file { map open read };

# avc:  denied  { map open read } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:hw_sc_build_param:s0 tclass=file permissive=1
allow powermgr hw_sc_build_param:file { map open read };

# avc:  denied  { map open read } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:hw_sc_param:s0 tclass=file permissive=1
allow powermgr hw_sc_param:file { map open read };

# avc:  denied  { connectto } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:init:s0 tclass=unix_stream_socket permissive=1
allow powermgr init:unix_stream_socket { connectto };

# avc:  denied  { map open read } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:init_param:s0 tclass=file permissive=1
allow powermgr init_param:file { map open read };

# avc:  denied  { map open read } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:init_svc_param:s0 tclass=file permissive=1
allow powermgr init_svc_param:file { map open read };

# avc:  denied  { map open read } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:input_pointer_device_param:s0 tclass=file permissive=1
allow powermgr input_pointer_device_param:file { map open read };

# avc:  denied  { connectto } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:kernel:s0 tclass=unix_stream_socket permissive=1
allow powermgr kernel:unix_stream_socket { connectto };

# avc:  denied  { search } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:key_enable:s0 tclass=key permissive=1
allow powermgr key_enable:key { search };

# avc:  denied  { read write } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:multimodalinput:s0 tclass=unix_stream_socket permissive=1
allow powermgr multimodalinput:unix_stream_socket { read write };

# avc:  denied  { map open open } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:musl_param:s0 tclass=file permissive=1
allow powermgr musl_param:file { map open open};

# avc:  denied  { write } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:native_socket:s0 tclass=sock_file permissive=1
allow powermgr native_socket:sock_file { write };

# avc:  denied  { map open read } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:net_param:s0 tclass=file permissive=1
allow powermgr net_param:file { map open read };

# avc:  denied  { map open read } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:net_tcp_param:s0 tclass=file permissive=1
allow powermgr net_tcp_param:file { map open read };

# avc:  denied  { read write } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:ntfs:s0 tclass=file permissive=1
allow powermgr ntfs:file { read write };

# avc:  denied  { map open read } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:ohos_boot_param:s0 tclass=file permissive=1
allow powermgr ohos_boot_param:file { map open read };

# avc:  denied  { map open read } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:ohos_param:s0 tclass=file permissive=1
allow powermgr ohos_param:file { map open read };

# avc:  denied  { set } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:ohos_param:s0 tclass=parameter_service permissive=1
allow powermgr ohos_param:parameter_service { set };

# avc:  denied  { write } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:paramservice_socket:s0 tclass=sock_file permissive=1
allow powermgr paramservice_socket:sock_file { write };

# avc:  denied  { map open read } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:persist_param:s0 tclass=file permissive=1
allow powermgr persist_param:file { map open read };

# avc:  denied  { map open read } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:persist_param:s0 tclass=parameter_service permissive=1
allow powermgr persist_param:parameter_service { set };

# avc:  denied  { map open read } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:persist_sys_param:s0 tclass=file permissive=1
allow powermgr persist_sys_param:file { map open read };

# avc:  denied  { open read getattr } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:proc_file:s0 tclass=file permissive=1
allow powermgr proc_file:file { open read getattr };

# avc:  denied  { set } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:servicectrl_reboot_param:s0 tclass=parameter_service permissive=1
allow powermgr servicectrl_reboot_param:parameter_service { set };

# avc:  denied  { map open read } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:devinfo_private_param:s0 tclass=file permissive=1
allow powermgr devinfo_private_param:file { map open read };

# avc:  denied  { get } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:sa_privacy_service:s0 tclass=samgr_class permissive=1
allow powermgr sa_privacy_service:samgr_class { get };
binder_call(powermgr, token_sync_service);

# avc:  denied  { map open read } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:security_param:s0 tclass=file permissive=1
allow powermgr security_param:file { map open read };

# avc:  denied  { set } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:servicectrl_param:s0 tclass=parameter_service permissive=1
allow powermgr servicectrl_param:parameter_service { set };

# avc:  denied  { semap open readt } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:startup_param:s0 tclass=file permissive=1
allow powermgr startup_param:file { map open read };

# avc:  denied  { set } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:startup_param:s0 tclass=parameter_service permissive=1
allow powermgr startup_param:parameter_service { set };

# avc:  denied  { open read } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:sys_file:s0 tclass=dir permissive=1
allow powermgr sys_file:dir { open read };

# avc:  denied  { ioctl open read write getattr } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:sys_file:s0 tclass=file permissive=1
allow powermgr sys_file:file { ioctl open read write getattr };

# avc:  denied  { map open read } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:sys_param:s0 tclass=file permissive=1
allow powermgr sys_param:file { map open read };

# avc:  denied  { map open read } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:sys_usb_param:s0 tclass=file permissive=1
allow powermgr sys_usb_param:file { map open read };

# avc:  denied  { open read getattr } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:sysfs_devices_system_cpu:s0 tclass=file permissive=1
allow powermgr sysfs_devices_system_cpu:file { open read getattr };

# avc:  denied  { open read } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:sysfs_hctosys:s0 tclass=file permissive=1
allow powermgr sysfs_hctosys:file { open read };

# avc:  denied  { open write ioctl getattr } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:sysfs_hungtask_userlist:s0 tclass=file permissive=1
allow powermgr sysfs_hungtask_userlist:file { open write ioctl getattr };

# avc:  denied  { open read } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:sysfs_leds:s0 tclass=dir permissive=1
allow powermgr sysfs_leds:dir { open read };

# avc:  denied  { open read } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:sysfs_rtc:s0 tclass=dir permissive=1
allow powermgr sysfs_rtc:dir { open read };

# avc:  denied  { search } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:system_bin_file:s0 tclass=dir permissive=1
allow powermgr system_bin_file:dir { search };

# avc:  denied  { getattr open read } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:system_etc_power_mode_config_file:s0 tclass=file permissive=1
allow powermgr system_etc_power_mode_config_file:file { getattr open read };

# avc:  denied  { getattr open read } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:system_file:s0 tclass=dir permissive=1
allow powermgr system_file:dir { getattr open read };

# avc:  denied  { getattr map open read } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:system_file:s0 tclass=file permissive=1
allow powermgr system_file:file { getattr map open read };

# avc:  denied  { getattr } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:system_lib_file:s0 tclass=dir permissive=1
allow powermgr system_lib_file:dir { getattr };

# avc:  denied  { search } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:system_usr_file:s0 tclass=dir permissive=1
allow powermgr system_usr_file:dir { search };

# avc:  denied  { getattr map open read } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:system_usr_file:s0 tclass=file permissive=1
allow powermgr system_usr_file:file { getattr map open read };

# avc:  denied  { use } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:system_basic_hap_attr:s0 tclass=fd permissive=1
allow powermgr system_basic_hap_attr:fd { use };

# avc:  denied  { sigkill signal } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:system_basic_hap_attr:s0 tclass=process permissive=1
allow powermgr system_basic_hap_attr:process { sigkill signal };

# avc:  denied  { read } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:system_basic_hap_data_file_attr:s0 tclass=file permissive=1
allow powermgr system_basic_hap_data_file_attr:file { read };

# avc:  denied  { search } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:system_core_hap_attr:s0 tclass=dir permissive=1
allow powermgr system_core_hap_attr:dir { search };

# avc:  denied  { getattr open read } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:system_core_hap_attr:s0 tclass=file permissive=1
allow powermgr system_core_hap_attr:file { getattr open read };

# avc:  denied  { sigkill signal } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:system_core_hap_attr:s0 tclass=process permissive=1
allow powermgr system_core_hap_attr:process { sigkill signal };

# avc:  denied  { read } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:system_core_hap_data_file_attr:s0 tclass=file permissive=1
allow powermgr system_core_hap_data_file_attr:file { read };

# avc:  denied  { read write } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:system_core_hap_attr:s0 tclass=unix_stream_socket permissive=1
allow powermgr system_core_hap_attr:unix_stream_socket { read write };

# avc:  denied  { use } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:system_core_hap_attr:s0 tclass=fd permissive=1
allow powermgr system_core_hap_attr:fd { use };

# avc:  denied  { search } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:tracefs:s0 tclass=dir permissive=1
allow powermgr tracefs:dir { search };

# avc:  denied  { open write } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:tracefs_trace_marker_file:s0 tclass=file permissive=1
allow powermgr tracefs_trace_marker_file:file { open write };

# avc:  denied  { search } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:vendor_etc_file:s0 tclass=dir permissive=1
allow powermgr vendor_etc_file:dir { search };

# avc:  denied  { getattr open read } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:vendor_etc_file:s0 tclass=file permissive=1
allow powermgr vendor_etc_file:file { getattr open read };

# avc:  denied  { search } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:vendor_lib_file:s0 tclass=dir permissive=1
allow powermgr vendor_lib_file:dir { search };

# avc:  denied  { read } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:vendor_lib_file:s0 tclass=file permissive=1
allow powermgr vendor_lib_file:file { read };

# avc:  denied  { read write } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:vfat:s0 tclass=file permissive=1
allow powermgr vfat:file { read write };

allowxperm powermgr data_service_el1_file:file ioctl { 0x5413 0xf50c };
allowxperm powermgr sys_file:file ioctl { 0x5413 };

# avc:  denied  { get } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:sa_media_service:s0 tclass=samgr_class permissive=1
allow powermgr sa_media_service:samgr_class { get };
binder_call(powermgr, media_service);

# avc:  denied  { get } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:sa_bgtaskmgr:s0 tclass=samgr_class permissive=1
allow powermgr sa_bgtaskmgr:samgr_class { get };
binder_call(powermgr, bgtaskmgr_service);

# avc:  denied  { get } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:sa_render_service:s0 tclass=samgr_class permissive=1
allow powermgr sa_render_service:samgr_class { get };
binder_call(powermgr, render_service);
binder_call(render_service, powermgr);

# avc:  denied  { get } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:sa_net_conn_manager:s0 tclass=samgr_class permissive=1
allow powermgr sa_net_conn_manager:samgr_class { get };
binder_call(powermgr, netmanager);

# avc:  denied  { get } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:sa_accesstoken_manager_service:s0 tclass=samgr_class permissive=1
allow powermgr sa_accesstoken_manager_service:samgr_class { get };
binder_call(powermgr, accesstoken_service);

# avc:  denied  { get } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:sa_accountmgr:s0 tclass=samgr_class permissive=1
allow powermgr sa_accountmgr:samgr_class { get };
binder_call(powermgr, accountmgr);

# avc:  denied  { get } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:sa_distributeddata_service:s0 tclass=samgr_class permissive=1
allow powermgr sa_distributeddata_service:samgr_class { get };
binder_call(powermgr, distributeddata);

# avc:  denied  { get } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:sa_multimodalinput_service:s0 tclass=samgr_class permissive=1
allow powermgr sa_multimodalinput_service:samgr_class { get };
binder_call(powermgr, multimodalinput);

# avc:  denied  { get } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:sa_param_watcher:s0 tclass=samgr_class permissive=1
allow powermgr sa_param_watcher:samgr_class { get };
binder_call(powermgr, param_watcher);

# avc:  denied  { get } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:sa_privacy_service:s0 tclass=samgr_class permissive=1
allow powermgr sa_privacy_service:samgr_class { get };

# avc:  denied  { get } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:sa_sensor_service:s0 tclass=samgr_class permissive=1
allow powermgr sa_sensor_service:samgr_class { get };
binder_call(powermgr, sensors);

# avc:  denied  { get } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:sa_time_service:s0 tclass=samgr_class permissive=1
allow powermgr sa_time_service:samgr_class { get };
binder_call(powermgr, time_service);

# avc:  denied  { get } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:sa_device_service_manager:s0 tclass=samgr_class permissive=1
allow powermgr sa_device_service_manager:samgr_class { get };
binder_call(powermgr, hdf_devmgr);

# avc:  denied  { get } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:sa_foundation_abilityms:s0 tclass=samgr_class permissive=1
allow powermgr sa_foundation_abilityms:samgr_class { get };

# avc:  denied  { get } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:sa_foundation_appms:s0 tclass=samgr_class permissive=1
allow powermgr sa_foundation_appms:samgr_class { get };

# avc:  denied  { get } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:sa_foundation_bms:s0 tclass=samgr_class permissive=1
allow powermgr sa_foundation_bms:samgr_class { get };

# avc:  denied  { get } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:sa_foundation_cesfwk_service:s0 tclass=samgr_class permissive=1
allow powermgr sa_foundation_cesfwk_service:samgr_class { get };

# avc:  denied  { get } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:sa_foundation_devicemanager_service:s0 tclass=samgr_class permissive=1
allow powermgr sa_foundation_devicemanager_service:samgr_class { get };

# avc:  denied  { get } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:sa_foundation_dms:s0 tclass=samgr_class permissive=1
allow powermgr sa_foundation_dms:samgr_class { get };

# avc:  denied  { get } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:sa_foundation_tel_call_manager:s0 tclass=samgr_class permissive=1
allow powermgr sa_foundation_tel_call_manager:samgr_class { get };

# avc:  denied  { get } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:sa_foundation_tel_state_registry:s0 tclass=samgr_class permissive=1
allow powermgr sa_foundation_tel_state_registry:samgr_class { get };

# avc:  denied  { get } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:sa_foundation_wms:s0 tclass=samgr_class permissive=1
allow powermgr sa_foundation_wms:samgr_class { get };

# avc:  denied  { get } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:sa_uri_permission_mgr_service:s0 tclass=samgr_class permissive=1
allow powermgr sa_uri_permission_mgr_service:samgr_class { get };
binder_call(powermgr, foundation);

# avc:  denied  { get } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:sa_accessibleabilityms:s0 tclass=samgr_class permissive=1
allow powermgr sa_accessibleabilityms:samgr_class { get };
binder_call(powermgr, accessibility);

# avc:  denied  { get } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:sa_bluetooth_server:s0 tclass=samgr_class permissive=1
allow powermgr sa_bluetooth_server:samgr_class { get };
binder_call(powermgr, bluetooth_service);

# avc:  denied  { get } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:sa_camera_service:s0 tclass=samgr_class permissive=1
allow powermgr sa_camera_service:samgr_class { get };
binder_call(powermgr, camera_service);

# avc:  denied  { get } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:sa_telephony_tel_core_service:s0 tclass=samgr_class permissive=1
allow powermgr sa_telephony_tel_core_service:samgr_class { get };
binder_call(powermgr, telephony_sa);

# avc:  denied  { get } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:sa_memory_manager_service:s0 tclass=samgr_class permissive=1
allow powermgr sa_memory_manager_service:samgr_class { get };
binder_call(powermgr, memmgrservice);

# avc:  denied  { call } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:hdcd:s0 tclass=binder permissive=1
binder_call(powermgr, hdcd);

# avc:  denied  { call transfer } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:hdf_ext_devmgr:s0 tclass=binder permissive=1
binder_call(powermgr, hdf_ext_devmgr);

# avc:  denied  { call transfer } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:hiview:s0 tclass=binder permissive=1
binder_call(powermgr, hiview);

# avc:  denied  { call transfer } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:power_host:s0 tclass=binder permissive=1
binder_call(powermgr, power_host);

# avc:  denied  { call } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:samgr:s0 tclass=binder permissive=1
binder_call(powermgr, samgr);

# avc:  denied  { transfer } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:system_basic_hap_attr:s0 tclass=binder permissive=1
binder_call(powermgr, system_basic_hap_attr);

# avc:  denied  { transfer } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:system_core_hap_attr:s0 tclass=binder permissive=1
binder_call(powermgr, system_core_hap_attr);

# avc:  denied  { transfer } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:normal_hap_attr:s0 tclass=binder permissive=1
binder_call(powermgr, normal_hap_attr);

# avc:  denied  { call } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:wifi_manager_service:s0 tclass=binder permissive=1
binder_call(powermgr, wifi_manager_service);

# avc:  denied  { call transfer } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:riladapter_host:s0 tclass=binder permissive=1
binder_call(powermgr, riladapter_host);

# avc:  denied  { call transfer } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:pasteboard_service:s0 tclass=binder permissive=1
binder_call(powermgr, pasteboard_service);

# avc:  denied  { call } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:dhardware:s0 tclass=binder permissive=1
binder_call(powermgr, dhardware);

# avc:  denied  { call } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:ui_service:s0 tclass=binder permissive=1
binder_call(powermgr, ui_service);

# avc:  denied  { call transfer } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:useriam:s0 tclass=binder permissive=1
binder_call(powermgr, useriam);

# avc:  denied  { call transfer } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:drm_service:s0 tclass=binder permissive=1
binder_call(powermgr, drm_service);

# avc:  denied  { call } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:dscreen:s0 tclass=binder permissive=1
binder_call(powermgr, dscreen);

# avc:  denied  { call } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:edm_sa:s0 tclass=binder permissive=1
binder_call(powermgr, edm_sa);

# avc:  denied  { call } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:inputmethod_service:s0 tclass=binder permissive=1
binder_call(powermgr, inputmethod_service);

# avc:  denied  { call } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:memmgrservice:s0 tclass=binder permissive=1
binder_call(powermgr, memmgrservice);

# avc:  denied  { call } for  pid=1480 scontext=u:r:powermgr:s0 tcontext=u:r:distributedsche:s0 tclass=binder permissive=1
binder_call(powermgr, distributedsche);

# avc:  denied  { map open read } for  pid=1480 scontext=u:r:powermgr:s0 tcontext=u:object_r:distributedsche_param:s0 tclass=file permissive=1
allow powermgr distributedsche_param:file { map open read };

# avc:  denied  { set } for  parameter=persist.powermgr.stopservice pid=1262 uid=5528 gid=1000 scontext=u:r:powermgr:s0 tcontext=u:object_r:powermgr_param:s0 tclass=parameter_service permissive=1
allow powermgr powermgr_param:parameter_service { set };

# avc: denied { call } for pid=1374, comm="/system/bin/sa_main"  scontext=u:r:powermgr:s0 tcontext=u:r:intell_voice_service:s0 tclass=binder permissive=0
allow powermgr intell_voice_service:binder { call };