1# Copyright (c) 2022-2023 Huawei Device Co., Ltd. 2# Licensed under the Apache License, Version 2.0 (the "License"); 3# you may not use this file except in compliance with the License. 4# You may obtain a copy of the License at 5# 6# http://www.apache.org/licenses/LICENSE-2.0 7# 8# Unless required by applicable law or agreed to in writing, software 9# distributed under the License is distributed on an "AS IS" BASIS, 10# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11# See the License for the specific language governing permissions and 12# limitations under the License. 13 14define(`use_hidumper', ` 15 allow $1 hidumper_service:fd use; 16 allow $1 hidumper_service:fifo_file write; 17') 18developer_only(` 19 # avc: denied { use } for pid=1994 comm="hidumper" path="pipe:[39192]" dev="pipefs" ino=39192 scontext=u:r:hidumper_service:s0 tcontext=u:r:sh:s0 tclass=fd permissive=1 20 allow hidumper_service sh:fd { use }; 21 # avc: denied { write } for pid=1994 comm="hidumper" path="pipe:[39192]" dev="pipefs" ino=39192 scontext=u:r:hidumper_service:s0 tcontext=u:r:sh:s0 tclass=fifo_file permissive=1 22 allow hidumper_service sh:fifo_file { write }; 23') 24use_hidumper({ sadomain hdfdomain }); 25 26neverallow hidumper_service *:process ptrace; 27 28allow hidumper_service data_log:file { getattr open read write append }; 29allow hidumper_service hidumper:fd use; 30 31allow hidumper_service hilog_exec:file { execute execute_no_trans getattr map open read }; 32allow hidumper_service sh_exec:file { execute execute_no_trans getattr map open read }; 33allow hidumper_service system_bin_file:file { execute execute_no_trans getattr map open read }; 34allow hidumper_service toybox_exec:file { execute execute_no_trans getattr map open read }; 35 36binder_call(hidumper_service, { sadomain -installs }); 37 38allow hidumper_service sa_foundation_abilityms:samgr_class get; 39allow hidumper_service sa_foundation_appms:samgr_class get; 40allow hidumper_service sa_foundation_bms:samgr_class get; 41allow hidumper_service sa_foundation_ans:samgr_class get; 42allow hidumper_service sa_foundation_cesfwk_service:samgr_class get; 43allow hidumper_service sa_foundation_devicemanager_service:samgr_class get; 44allow hidumper_service sa_foundation_dms:samgr_class get; 45allow hidumper_service sa_foundation_tel_call_manager:samgr_class get; 46allow hidumper_service sa_foundation_tel_state_registry:samgr_class get; 47allow hidumper_service sa_render_service:samgr_class get; 48allow hidumper_service sa_multimodalinput_service:samgr_class get; 49 50developer_only(` 51 allow hidumper_service data_file:dir { getattr open read search }; 52 allow hidumper_service data_log:dir { open read search }; 53 54 allow hidumper_service dev_block_file:blk_file getattr; 55 allow hidumper_service dev_block_file:dir search; 56 allow hidumper_service dev_block_file:lnk_file read; 57 allow hidumper_service dev_file:dir getattr; 58 allow hidumper_service dev_kmsg_file:chr_file { open read }; 59 allow hidumper_service dev_pts_file:dir getattr; 60 allow hidumper_service dev_unix_socket:dir search; 61 allow hidumper_service dev_unix_socket:sock_file write; 62 63 allow hidumper_service devpts:chr_file { read write }; 64 65 allow hidumper_service hdcd:dir { getattr open read search }; 66 allow hidumper_service hdcd:fd use; 67 allow hidumper_service hdcd:file { getattr open read }; 68 allow hidumper_service hdcd:lnk_file read; 69 allow hidumper_service hdcd_exec:file { getattr map open read }; 70 71 allow hidumper_service hdf_devmgr_exec:file { getattr map open read }; 72 73 allow hidumper_service hidumper:binder call; 74 allow hidumper_service hidumper:dir { getattr open read search }; 75 allow hidumper_service hidumper:file { getattr open read }; 76 allow hidumper_service hidumper:lnk_file read; 77 78 allow hidumper_service hidumper_file:dir { add_name open read remove_name search write getattr}; 79 allow hidumper_service hidumper_file:file { create ioctl open unlink write getattr append read }; 80 81 allow hidumper_service hilogd_exec:file { getattr map open read }; 82 83 allow hidumper_service init:dir { getattr open read search }; 84 allow hidumper_service init:file { getattr open read }; 85 allow hidumper_service init:lnk_file { read getattr }; 86 allow hidumper_service init:unix_stream_socket connectto; 87 88 allow hidumper_service kernel:dir { getattr open read search }; 89 allow hidumper_service kernel:file { getattr open read }; 90 allow hidumper_service kernel:lnk_file read; 91 allow hidumper_service kernel:system syslog_read; 92 93 allow hidumper_service hap_domain:dir { getattr open read search }; 94 allow hidumper_service hap_domain:file { getattr open read }; 95 allow hidumper_service hap_domain:lnk_file { read getattr }; 96 97 allow hidumper_service proc_file:file { getattr open read }; 98 allow hidumper_service proc_cmdline_file:file { getattr open read }; 99 allow hidumper_service proc_loadavg_file:file { getattr open read }; 100 allow hidumper_service proc_meminfo_file:file { getattr open read }; 101 allow hidumper_service proc_modules_file:file { getattr open read }; 102 allow hidumper_service proc_net:file { getattr open read }; 103 allow hidumper_service proc_net_tcp_udp:file { getattr open read }; 104 allow hidumper_service proc_slabinfo_file:file { getattr open read }; 105 allow hidumper_service proc_stat_file:file { getattr open read }; 106 allow hidumper_service proc_version_file:file { getattr open read }; 107 allow hidumper_service proc_vmallocinfo_file:file { getattr open read }; 108 allow hidumper_service proc_vmstat_file:file { getattr open read }; 109 allow hidumper_service proc_zoneinfo_file:file { getattr open read }; 110 111 allow hidumper_service self:udp_socket { create ioctl }; 112 113 allow hidumper_service sys_file:dir { open read }; 114 allow hidumper_service sys_file:file { getattr open read }; 115 116 allow hidumper_service system_bin_file:dir { getattr search }; 117 allow hidumper_service system_bin_file:lnk_file read; 118 allow hidumper_service toybox_exec:lnk_file read; 119 120 allow hidumper_service dev_console_file:chr_file getattr; 121 122 allow hidumper_service processdump:dir search; 123 allow hidumper_service processdump:file { open read }; 124 allow hidumper_service sysfs_devices_system_cpu:file { open read }; 125 allow hidumper_service hdcd:fifo_file write; 126 127 allow hidumper_service self:rawip_socket create; 128 allow hidumper_service system_etc_file:file lock; 129 130 allow hidumper_service debugfs:dir { open read }; 131 allow hidumper_service debugfs_failed_transaction_log:file { getattr open read }; 132 allow hidumper_service debugfs_transactions:file { getattr open read }; 133 allow hidumper_service debugfs_transaction_log:file { getattr open read }; 134 allow hidumper_service debugfs_used:file { getattr open read }; 135 allow hidumper_service debugfs_wakeup_sources:file { getattr open read }; 136 allow hidumper_service debugfs_stats:file { getattr open read }; 137 allow hidumper_service debugfs_state:file { getattr open read }; 138 139 allow hidumper_service arkcompiler_param:file { map open read }; 140 allow hidumper_service ark_writeable_param:file { map open read }; 141 142 allow hidumper_service isolated_render:file { getattr open read }; 143 allow hidumper_service isolated_render:dir { search }; 144 145 allow hidumper_service chip_prod_file:dir { search }; 146 147 allow hidumper_service samgr:samgr_class list; 148 149 150 151#--------------------hidumper_service get sa dump info------------------------ 152 allow hidumper_service sa_samgr_service:samgr_class get; 153 allow hidumper_service sa_accessibleabilityms:samgr_class get; 154 allow hidumper_service sa_accountmgr:samgr_class get; 155 allow hidumper_service sa_accesstoken_manager_service:samgr_class get; 156 allow hidumper_service sa_app_fwk_update_service:samgr_class get; 157 allow hidumper_service sa_audio_policy_service:samgr_class get; 158 allow hidumper_service sa_bgtaskmgr:samgr_class get; 159 allow hidumper_service sa_bluetooth_server:samgr_class get; 160 allow hidumper_service sa_camera_service:samgr_class get; 161 allow hidumper_service sa_comm_dns_manager_service:samgr_class get; 162 allow hidumper_service sa_comm_ethernet_manager_service:samgr_class get; 163 allow hidumper_service sa_comm_mdns_manager_service:samgr_class get; 164 allow hidumper_service sa_comm_net_stats_manager_service:samgr_class get; 165 allow hidumper_service sa_dataobs_mgr_service_service:samgr_class get; 166 allow hidumper_service sa_devattest_service:samgr_class get; 167 allow hidumper_service sa_device_auth_service:samgr_class get; 168 allow hidumper_service sa_device_profile_service:samgr_class get; 169 allow hidumper_service sa_device_security_level_manager_service:samgr_class get; 170 allow hidumper_service sa_device_service_manager:samgr_class get; 171 allow hidumper_service sa_device_standby:samgr_class get; 172 allow hidumper_service sa_device_usage_statistics_service:samgr_class get; 173 allow hidumper_service sa_dfx_sys_hidumper_ability:samgr_class get; 174 allow hidumper_service sa_dfx_sys_hidumper_cpu_ability:samgr_class get; 175 allow hidumper_service sa_distributeddata_service:samgr_class get; 176 allow hidumper_service sa_distributeschedule:samgr_class get; 177 allow hidumper_service sa_download_service:samgr_class get; 178 allow hidumper_service sa_drm_service:samgr_class get; 179 allow hidumper_service sa_el5_filekey_manager:samgr_class get; 180 allow hidumper_service sa_enterprise_device_manager_service:samgr_class get; 181 allow hidumper_service sa_file_access_service:samgr_class get; 182 allow hidumper_service sa_filemanagement_distributed_file_daemon_service:samgr_class get; 183 allow hidumper_service sa_form_mgr_service:samgr_class get; 184 allow hidumper_service sa_hiview_service:samgr_class get; 185 allow hidumper_service sa_huks_service:samgr_class get; 186 allow hidumper_service sa_installd_service:samgr_class get; 187 allow hidumper_service sa_inputmethod_service:samgr_class get; 188 allow hidumper_service sa_net_conn_manager:samgr_class get; 189 allow hidumper_service sa_net_policy_manager:samgr_class get; 190 allow hidumper_service sa_netsys_native_manager:samgr_class get; 191 allow hidumper_service sa_resource_schedule:samgr_class get; 192 allow hidumper_service sa_resource_schedule_socperf_server:samgr_class get; 193 allow hidumper_service sa_screenlock_service:samgr_class get; 194 allow hidumper_service sa_softbus_service:samgr_class get; 195 allow hidumper_service sa_storage_manager_daemon:samgr_class get; 196 allow hidumper_service sa_storage_manager_service:samgr_class get; 197 allow hidumper_service sa_subsys_ace_service:samgr_class get; 198 allow hidumper_service sa_sys_event_service:samgr_class get; 199 allow hidumper_service sa_uri_permission_mgr_service:samgr_class get; 200 allow hidumper_service sa_useriam_authexecutormgr_service:samgr_class get; 201 allow hidumper_service sa_useriam_faceauth_service:samgr_class get; 202 allow hidumper_service sa_useriam_userauth_service:samgr_class get; 203 allow hidumper_service sa_useriam_pinauth_service:samgr_class get; 204 allow hidumper_service sa_useriam_useridm_service:samgr_class get; 205 allow hidumper_service sa_update_distributed_service:samgr_class get; 206 allow hidumper_service sa_usb_service:samgr_class get; 207 allow hidumper_service sa_wallpaper_manager_service:samgr_class get; 208 allow hidumper_service sa_wifi_device_ability:samgr_class get; 209 allow hidumper_service sa_wifi_hotspot_ability:samgr_class get; 210 allow hidumper_service sa_wifi_p2p_ability:samgr_class get; 211 allow hidumper_service sa_wifi_scan_ability:samgr_class get; 212 allow hidumper_service sa_work_schedule_service:samgr_class get; 213 allow hidumper_service sa_location_geo_convert_service:samgr_class get; 214 allow hidumper_service sa_location_locator_service:samgr_class get; 215 allow hidumper_service sa_locationhub_lbsservice_gnss:samgr_class get; 216 allow hidumper_service sa_locationhub_lbsservice_network:samgr_class get; 217 allow hidumper_service sa_locationhub_lbsservice_passive:samgr_class get; 218 allow hidumper_service sa_media_service:samgr_class get; 219 allow hidumper_service sa_memory_manager_service:samgr_class get; 220 allow hidumper_service sa_msdp_devicestatus_service:samgr_class get; 221 allow hidumper_service sa_pasteboard_service:samgr_class get; 222 allow hidumper_service sa_task_heartbeat_mgr:samgr_class get; 223 allow hidumper_service sa_powermgr_battery_service:samgr_class get; 224 allow hidumper_service sa_powermgr_displaymgr_service:samgr_class get; 225 allow hidumper_service sa_powermgr_thermal_service:samgr_class get; 226 allow hidumper_service sa_powermgr_powermgr_service:samgr_class get; 227 allow hidumper_service sa_privacy_service:samgr_class get; 228 allow hidumper_service sa_pulseaudio_audio_service:samgr_class get; 229 allow hidumper_service sa_telephony_tel_cellular_call:samgr_class get; 230 allow hidumper_service sa_telephony_tel_cellular_data:samgr_class get; 231 allow hidumper_service sa_telephony_tel_core_service:samgr_class get; 232 allow hidumper_service sa_telephony_tel_sms_mms:samgr_class get; 233 allow hidumper_service sa_time_service:samgr_class get; 234') 235