1# Copyright (c) 2022-2024 Huawei Device Co., Ltd. 2# Licensed under the Apache License, Version 2.0 (the "License"); 3# you may not use this file except in compliance with the License. 4# You may obtain a copy of the License at 5# 6# http://www.apache.org/licenses/LICENSE-2.0 7# 8# Unless required by applicable law or agreed to in writing, software 9# distributed under the License is distributed on an "AS IS" BASIS, 10# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11# See the License for the specific language governing permissions and 12# limitations under the License 13 14developer_only(` 15 allow hitrace data_file:dir search; 16 allow hitrace data_local:dir search; 17 allow hitrace data_log:dir { add_name search write }; 18 allow hitrace data_log:file { create getattr open write }; 19 allow hitrace data_local_tmp:dir { add_name search write create }; 20 allow hitrace data_local_tmp:file { create getattr open write }; 21 allow hitrace debug_param:parameter_service set; 22 allow hitrace debug_param:file { open read map }; 23 allow hitrace hilog_param:file { read map open }; 24 allow hitrace dev_unix_socket:dir search; 25 allow hitrace devpts:chr_file { read write }; 26 allow hitrace hdcd:fd use; 27 allow hitrace hdcd:unix_stream_socket { read write }; 28 allow hitrace system_bin_file:dir search; 29 allow hitrace tracefs:dir search; 30 allow hitrace tracefs_trace_marker_file:file { getattr open write }; 31 allow hitrace tty_device:chr_file { read write }; 32 allow hitrace tracefs:file { getattr ioctl open read write }; 33 34 allow hitrace ohos_param:file { read map open }; 35 36 allow hitrace kernel:unix_stream_socket connectto; 37 allow hitrace paramservice_socket:sock_file write; 38 39 allow hitrace ohos_boot_param:file { map open read }; 40 allow hitrace sys_param:file { open read map }; 41 42 allow hitrace net_param:file { map open read }; 43 allow hitrace net_tcp_param:file read; 44 allow hitrace sys_usb_param:file { map open read }; 45 46 allow hitrace hw_sc_build_param:file { open read map }; 47 allow hitrace hw_sc_param:file { map open read }; 48 allow hitrace net_tcp_param:file { map open }; 49 50 allow hitrace data_local_tmp:file { read write }; 51 52 allow hitrace domain:dir { getattr search }; 53 allow hitrace domain:file { open read }; 54 allow hitrace hw_sc_build_os_param:file { open read map }; 55 56 allow hitrace hw_sc_build_os_param:file { open read }; 57 allow hitrace init_param:file { map open read }; 58 allow hitrace init_svc_param:file { map open read }; 59 60 allow hitrace hdcd:fifo_file { ioctl write }; 61 62 allow hitrace const_param:file { map open read }; 63 allow hitrace const_postinstall_fstab_param:file { map open read }; 64 allow hitrace const_postinstall_param:file { map open read }; 65 66 allow hitrace proc_file:file { read open }; 67 68 allow hitrace sa_hiview_service:samgr_class get; 69 allow hitrace dev_console_file:chr_file { read write }; 70 allow hitrace samgr:binder { call }; 71 allow hitrace hiview:binder { call transfer }; 72 73 allow hitrace system_usr_file:file { read open getattr }; 74 allow hitrace system_usr_file:dir { search }; 75 76 allow hitrace hitrace_param:parameter_service { set }; 77 78 allow samgr hitrace:dir { search }; 79 allow samgr hitrace:file { read open }; 80 allow samgr hitrace:process { getattr }; 81 allow samgr hitrace:binder { call transfer }; 82 83 allow hitrace sh:fd use; 84 allow hitrace sh:fifo_file { read write }; 85') 86 87neverallow { domain -hitrace -hiview -hiprofiler_plugins -hiperf -hiebpf -bytrace -init -audio_server -multimodalinput -media_monitor } tracefs:file write_file_perms; 88