1# Copyright (c) 2022 Huawei Device Co., Ltd. 2# Licensed under the Apache License, Version 2.0 (the "License"); 3# you may not use this file except in compliance with the License. 4# You may obtain a copy of the License at 5# 6# http://www.apache.org/licenses/LICENSE-2.0 7# 8# Unless required by applicable law or agreed to in writing, software 9# distributed under the License is distributed on an "AS IS" BASIS, 10# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11# See the License for the specific language governing permissions and 12# limitations under the License. 13 14allow netsysnative bootevent_param:file { map open read }; 15allow netsysnative bootevent_samgr_param:file { map open read }; 16allow netsysnative build_version_param:file { map open read }; 17allow netsysnative const_allow_mock_param:file { map open read }; 18allow netsysnative const_allow_param:file { map open read }; 19allow netsysnative const_build_param:file { map open read }; 20allow netsysnative const_display_brightness_param:file { map open read }; 21allow netsysnative const_param:file { map open read }; 22allow netsysnative const_postinstall_fstab_param:file { map open read }; 23allow netsysnative const_postinstall_param:file { map open read }; 24allow netsysnative const_product_param:file { map open read }; 25allow netsysnative data_file:dir { add_name remove_name search write }; 26allow netsysnative data_file:sock_file { create setattr unlink }; 27allow netsysnative debug_param:file { map open read }; 28allow netsysnative default_param:file { map open read }; 29allow netsysnative dev_file:dir { add_name write }; 30allow netsysnative dev_file:sock_file { create setattr }; 31allow netsysnative distributedsche_param:file { map open read }; 32allow netsysnative hilog_param:file { map open read }; 33allow netsysnative hw_sc_build_os_param:file { map open read }; 34allow netsysnative hw_sc_build_param:file { map open read }; 35allow netsysnative hw_sc_param:file { map open read }; 36allow netsysnative init_param:file { map open read }; 37allow netsysnative init_svc_param:file { map open read }; 38allow netsysnative input_pointer_device_param:file { map open read }; 39allow netsysnative kernel:system { module_request }; 40allow netsysnative netmanager:binder { call }; 41allow netsysnative net_param:file { map open read }; 42allow netsysnative netsysnative:capability { net_admin }; 43allow netsysnative netsysnative:netlink_kobject_uevent_socket { bind create getopt read setopt }; 44allow netsysnative netsysnative:netlink_netfilter_socket { bind create getopt setopt }; 45allow netsysnative netsysnative:netlink_nflog_socket { create }; 46allow netsysnative netsysnative:netlink_route_socket { bind connect getopt nlmsg_read read setopt }; 47allow netsysnative netsysnative:udp_socket { create ioctl }; 48allow netsysnative netsysnative:unix_dgram_socket { ioctl }; 49allow netsysnative net_tcp_param:file { map open read }; 50allow netsysnative ohos_boot_param:file { map open read }; 51allow netsysnative ohos_param:file { map open read }; 52allow netsysnative param_watcher:binder { call transfer }; 53allow netsysnative persist_param:file { map open read }; 54allow netsysnative persist_sys_param:file { map read open }; 55allow netsysnative sa_netsys_native_manager:samgr_class { add }; 56allow netsysnative sa_param_watcher:samgr_class { get }; 57allow netsysnative security_param:file { map open read }; 58allow netsysnative startup_param:file { map open read }; 59allow netsysnative sysfs_net:dir { open read }; 60allow netsysnative sys_param:file { map open read }; 61allow netsysnative system_bin_file:dir { search }; 62allow netsysnative sys_usb_param:file { map open read }; 63allow netsysnative tracefs:dir { search }; 64allow netsysnative tracefs_trace_marker_file:file { open write }; 65allowxperm netsysnative netsysnative:unix_dgram_socket ioctl { 0x8910 }; 66