# Copyright (c) 2022-2023 Huawei Device Co., Ltd.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

allow foundation accessibility:binder { call };
allow foundation accesstoken_service:binder { call };
allow foundation bootanimation:binder { call };
allow foundation data_file:dir { search };
allow foundation data_init_agent:dir { search };
allow foundation dev_ashmem_file:chr_file { open };
allow foundation dev_unix_socket:dir { search };
allow foundation foundation:binder { call transfer };
allow foundation hidumper_service:fd { use };
allow foundation kernel:unix_stream_socket { connectto };
allow foundation multimodalinput:binder { call };
allow foundation multimodalinput:unix_stream_socket { write };
allow foundation normal_hap_attr:binder { call };
allow foundation paramservice_socket:sock_file { write };
allow foundation proc_file:file { open read };
allow foundation render_service:binder { call transfer };
allow foundation render_service:fd { use };
allow foundation resource_schedule_service:binder { call transfer };
allow foundation sa_accesstoken_manager_service:samgr_class { get };
allow foundation sa_foundation_abilityms:samgr_class { get };
allow foundation sa_foundation_dms:samgr_class { add };
allow foundation sa_foundation_wms:samgr_class { add };
allow foundation sa_render_service:samgr_class { get };
allow foundation sa_msdp_motion_service:samgr_class { get };
allow foundation sa_msdp_motion_service:samgr_class { add };
allow foundation screenlock_server:binder { call transfer };

debug_only(`
    allow foundation sh:binder { call transfer };
')

allow foundation system_basic_hap_attr:binder { call };
allow foundation system_core_hap_attr:binder { call };
allow foundation system_usr_file:dir { search };
allow foundation system_usr_file:file { getattr map open read };
allow foundation ui_service:binder { call };
allow foundation vendor_lib_file:dir { search };
allow foundation vendor_lib_file:file { read };
allow foundation render_service:unix_stream_socket { read write };
allow foundation pasteboard_service:binder { call transfer };
allow foundation bootevent_wms_param:parameter_service { set };
allow bootanimation bootevent_wms_param:file { map open read };
allow foundation data_service_el1_file:file { rename };