# Copyright (c) 2023 Huawei Device Co., Ltd. # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. allow useriam sa_sensor_service:samgr_class { get }; allow useriam sa_miscdevice_service:samgr_class { get }; allow useriam sensors:binder { call }; allow useriam accesstoken_service:binder { call }; allow useriam accountmgr:binder { call }; allow useriam bootevent_param:file { map open read }; allow useriam bootevent_param:parameter_service { set }; allow useriam bootevent_samgr_param:file { map open read }; allow useriam build_version_param:file { map open read }; allow useriam const_allow_mock_param:file { map open read }; allow useriam const_allow_param:file { map open read }; allow useriam const_build_param:file { map open read }; allow useriam const_display_brightness_param:file { map open read }; allow useriam const_param:file { map open read }; allow useriam const_postinstall_fstab_param:file { map open read }; allow useriam const_postinstall_param:file { map open read }; allow useriam const_product_param:file { map open read }; allow useriam debug_param:file { map open read }; allow useriam default_param:file { map open read }; allow useriam dev_at_file:chr_file { ioctl }; allow useriam dev_unix_socket:dir { search }; allow useriam distributedsche_param:file { map open read }; allow useriam hdf_devmgr:binder { call transfer }; allow useriam hilog_param:file { map open read }; allow useriam hw_sc_build_os_param:file { map open read }; allow useriam hw_sc_build_param:file { map open read }; allow useriam hw_sc_param:file { map open read }; allow useriam init_param:file { map open read }; allow useriam init_svc_param:file { map open read }; allow useriam input_pointer_device_param:file { map open read }; allow useriam kernel:unix_stream_socket { connectto }; allow useriam net_param:file { map open read }; allow useriam net_tcp_param:file { map open read }; allow useriam ohos_boot_param:file { map open read }; allow useriam ohos_param:file { map open read }; allow useriam paramservice_socket:sock_file { write }; allow useriam param_watcher:binder { call transfer }; allow useriam persist_param:file { map open read }; allow useriam persist_sys_param:file { map open read }; allow useriam pinauth:binder { call transfer }; allow useriam sa_param_watcher:samgr_class { get }; allow useriam security_param:file { map open read }; allow useriam startup_param:file { map open read }; allow useriam sys_param:file { map open read }; allow useriam system_basic_hap_attr:binder { call }; allow useriam system_bin_file:dir { search }; allow useriam sys_usb_param:file { map open read }; allow useriam tracefs:dir { search }; allow useriam tracefs_trace_marker_file:file { open write }; allow useriam user_auth_host:binder { call transfer }; allow useriam useriam:unix_dgram_socket { getopt setopt }; allowxperm useriam dev_at_file:chr_file ioctl { 0x4103 }; allow useriam face_auth_host:binder { call transfer }; allow useriam fingerprint_auth_host:binder { call transfer }; allow useriam render_service:binder { call transfer }; allow useriam foundation:binder { call transfer }; allow useriam normal_hap_attr:binder { call }; allow useriam sa_render_service:samgr_class { get }; allow useriam sa_foundation_cesfwk_service:samgr_class { get }; allow useriam sa_powermgr_displaymgr_service:samgr_class { get }; allow useriam sa_foundation_dms:samgr_class { get }; binder_call(useriam, powermgr); allow useriam sa_powermgr_powermgr_service:samgr_class { get }; allow useriam dev_mali:chr_file { getattr ioctl map open read write }; allow useriam sysfs_devices_system_cpu:dir { read open }; allow useriam allocator_host:fd { use }; allow useriam sa_foundation_abilityms:samgr_class { get }; # avc: denied { call } for pid=466 comm="useriam" scontext=u:r:useriam:s0 tcontext=u:r:huks_service:s0 tclass=binder permissive=1 allow useriam huks_service:binder { call }; allow useriam sensors:binder { transfer }; allow sensors useriam:fd { use }; allow sensors useriam:unix_stream_socket { read write }; allow useriam devinfo_private_param:file { map open read }; allow sensors useriam:binder { call }; allow useriam storage_daemon:binder { call };