1# Copyright (c) 2022-2023 Huawei Device Co., Ltd. 2# Licensed under the Apache License, Version 2.0 (the "License"); 3# you may not use this file except in compliance with the License. 4# You may obtain a copy of the License at 5# 6# http://www.apache.org/licenses/LICENSE-2.0 7# 8# Unless required by applicable law or agreed to in writing, software 9# distributed under the License is distributed on an "AS IS" BASIS, 10# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11# See the License for the specific language governing permissions and 12# limitations under the License 13 14developer_only(` 15 allow hiprofilerd dev_unix_socket:dir search; 16 allow hiprofilerd devpts:chr_file { read write }; 17 allow hiprofilerd hdcd:fd use; 18 allow hiprofilerd hdcd:unix_stream_socket { read write }; 19 allow hiprofilerd hdcd:fifo_file write; 20 allow hiprofilerd node:tcp_socket node_bind; 21 allow hiprofilerd proc_cpuinfo_file:file { open read }; 22 allow hiprofilerd proc_file:file { getattr open read }; 23 allow hiprofilerd tty_device:chr_file { read write }; 24 allow hiprofilerd data_file:dir search; 25 allow hiprofilerd data_init_agent:dir search; 26 allow hiprofilerd data_init_agent:file { append ioctl open read }; 27 allow hiprofilerd self:tcp_socket { accept read write }; 28 allow hiprofilerd self:tcp_socket shutdown; 29 allow hiprofilerd self:tcp_socket { bind create getattr getopt listen setopt }; 30 allow hiprofilerd dev_unix_socket:dir { add_name remove_name write }; 31 allow hiprofilerd dev_unix_socket:sock_file { create unlink }; 32 allow hiprofilerd system_bin_file:dir search; 33 allow hiprofilerd data_local:dir search; 34 allow hiprofilerd tmpfs:file { map read write }; 35 36 allow hiprofilerd bootevent_samgr_param:file { map open read }; 37 allow hiprofilerd build_version_param:file { map open read }; 38 allow hiprofilerd const_product_param:file { map open read }; 39 40 allow hiprofilerd dev_file:sock_file write; 41 allow hiprofilerd distributedsche_param:file { open read }; 42 allow hiprofilerd hilog_param:file { map open read }; 43 allow hiprofilerd hw_sc_build_os_param:file read; 44 allow hiprofilerd hw_sc_build_param:file read; 45 allow hiprofilerd hw_sc_param:file { open read }; 46 allow hiprofilerd init_param:file read; 47 allow hiprofilerd net_param:file { open read }; 48 allow hiprofilerd net_tcp_param:file { map open read }; 49 allow hiprofilerd netsysnative:unix_stream_socket connectto; 50 allow hiprofilerd ohos_boot_param:file { map open read }; 51 allow hiprofilerd ohos_param:file { map open read }; 52 allow hiprofilerd persist_param:file read; 53 allow hiprofilerd security_param:file { map open read }; 54 allow hiprofilerd sys_param:file { map open read }; 55 allow hiprofilerd sys_usb_param:file { map open read }; 56 57 allow hiprofilerd const_allow_param:file read; 58 allow hiprofilerd const_param:file read; 59 allow hiprofilerd const_postinstall_fstab_param:file read; 60 allow hiprofilerd const_postinstall_param:file read; 61 allow hiprofilerd hw_sc_build_os_param:file open; 62 allow hiprofilerd hw_sc_build_param:file open; 63 allow hiprofilerd hw_sc_param:file map; 64 allow hiprofilerd init_param:file open; 65 allow hiprofilerd init_svc_param:file read; 66 allow hiprofilerd net_param:file map; 67 68 allow hiprofilerd bootevent_param:file { open read }; 69 allow hiprofilerd const_allow_mock_param:file read; 70 allow hiprofilerd const_allow_param:file { map open }; 71 allow hiprofilerd const_param:file { map open }; 72 allow hiprofilerd const_postinstall_fstab_param:file { map open }; 73 allow hiprofilerd const_postinstall_param:file { map open }; 74 75 allow hiprofilerd debug_param:file { map open read }; 76 allow hiprofilerd distributedsche_param:file map; 77 allow hiprofilerd hw_sc_build_os_param:file map; 78 allow hiprofilerd hw_sc_build_param:file map; 79 allow hiprofilerd init_param:file map; 80 allow hiprofilerd init_svc_param:file { map open }; 81 allow hiprofilerd input_pointer_device_param:file { map open read }; 82 allow hiprofilerd persist_param:file { map open }; 83 allow hiprofilerd persist_sys_param:file { map open read }; 84 allow hiprofilerd startup_param:file { map open read }; 85 86 allow hiprofilerd bootevent_param:file map; 87 allow hiprofilerd const_allow_mock_param:file { map open }; 88 allow hiprofilerd const_build_param:file { map open read }; 89 allow hiprofilerd const_display_brightness_param:file { map open read }; 90 91 allow hiprofilerd default_param:file { map open read }; 92 allow hiprofilerd system_bin_file:file { map open read execute execute_no_trans }; 93 allow hiprofilerd toybox_exec:file { getattr map open read execute execute_no_trans }; 94 allow hiprofilerd dev_unix_socket:sock_file { getattr setattr }; 95 96 allow hiprofilerd hiprofiler_cmd:fd use; 97 allow hiprofilerd rootfs:file read; 98 99 allow hiprofilerd data_local_tmp:file { getattr read ioctl lock create read open write unlink }; 100 allow hiprofilerd data_local_tmp:dir { search add_name remove_name write open getattr }; 101 allow hiprofilerd dev_unix_socket:sock_file write; 102 allow hiprofilerd hiprofiler_cmd:unix_stream_socket connectto; 103 allow hiprofilerd ohos_dev_param:file { open read map}; 104 allow hiprofilerd system_bin_file:file getattr; 105 allow hiprofilerd system_bin_file:lnk_file read; 106 allow hiprofilerd toybox_exec:lnk_file read; 107 allow hiprofilerd tty_device:chr_file { ioctl open }; 108 allow hiprofilerd musl_param:file { map open read }; 109 allow hiprofilerd dev_unix_file:sock_file unlink; 110 allow hiprofilerd dev_ashmem_file:chr_file { open }; 111 allow hiprofilerd proc_file:file getattr; 112 113 allow hiprofilerd sa_foundation_bms:samgr_class get; 114 allow hiprofilerd sa_param_watcher:samgr_class get; 115 allow hiprofilerd samgr:binder { call }; 116 allow hiprofilerd foundation:binder call; 117 allow hiprofilerd dev_console_file:chr_file { read write }; 118 allow hiprofilerd param_watcher:binder { call }; 119 allow hiprofilerd tracefs:dir search; 120 allow hiprofilerd tracefs_trace_marker_file:file { open write }; 121 122 allow hiprofilerd vendor_bin_file:dir search; 123 allow hiprofilerd sysfs_devices_system_cpu:dir { read open }; 124 125 allow hiprofilerd hap_domain:dir { read open getattr search }; 126 allow hiprofilerd hap_domain:file { read open getattr map }; 127 allow hiprofilerd dev_file:dir getattr; 128 129 allow hiprofilerd sysfs_devices_system_cpu:file { read open getattr }; 130') 131 132debug_only(` 133 allow hiprofilerd sh_exec:file { execute execute_no_trans map open read }; 134 allow hiprofilerd self:capability setgid; 135 allow hiprofilerd sh:fd use; 136') 137