1# Copyright (c) 2022-2023 Huawei Device Co., Ltd. 2# Licensed under the Apache License, Version 2.0 (the "License"); 3# you may not use this file except in compliance with the License. 4# You may obtain a copy of the License at 5# 6# http://www.apache.org/licenses/LICENSE-2.0 7# 8# Unless required by applicable law or agreed to in writing, software 9# distributed under the License is distributed on an "AS IS" BASIS, 10# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11# See the License for the specific language governing permissions and 12# limitations under the License. 13 14#avc: denied { get } for service=2803 pid=284 scontext=u:r:locationhub:s0 tcontext=u:object_r:sa_locationhub_lbsservice_gnss:s0 tclass=samgr_class permissive=1 15allow locationhub sa_locationhub_lbsservice_gnss:samgr_class { get }; 16 17#avc: denied { get } for service=2804 pid=284 scontext=u:r:locationhub:s0 tcontext=u:object_r:sa_locationhub_lbsservice_network:s0 tclass=samgr_class permissive=1 18allow locationhub sa_locationhub_lbsservice_network:samgr_class { get }; 19 20#avc: denied { get } for service=2805 pid=284 scontext=u:r:locationhub:s0 tcontext=u:object_r:sa_locationhub_lbsservice_passive:s0 tclass=samgr_class permissive=1 21allow locationhub sa_locationhub_lbsservice_passive:samgr_class { get }; 22 23#avc: denied { get } for service=2801 pid=284 scontext=u:r:locationhub:s0 tcontext=u:object_r:default_service:s0 tclass=samgr_class permissive=1 24allow locationhub hdf_device_manager:hdf_devmgr_class { get }; 25 26#avc: denied { get } for service=3299 pid=284 scontext=u:r:locationhub:s0 tcontext=u:object_r:sa_foundation_cesfwk_service:s0 tclass=samgr_class permissive=1 27allow locationhub sa_foundation_cesfwk_service:samgr_class { get }; 28 29#avc: denied { get } for service=3901 pid=317 scontext=u:r:locationhub:s0 tcontext=u:object_r:sa_param_watcher:s0 tclass=samgr_class permissive=1 30allow locationhub sa_param_watcher:samgr_class { get }; 31 32#avc: denied { get } for service=gnss_interface_service pid=317 scontext=u:r:locationhub:s0 tcontext=u:object_r:hdf_gnss_interface_service:s0 tclass=hdf_devmgr_class permissive=1 33allow locationhub hdf_gnss_interface_service:hdf_devmgr_class { get }; 34 35#avc: denied { get } for service=agnss_interface_service pid=317 scontext=u:r:locationhub:s0 tcontext=u:object_r:hdf_agnss_interface_service:s0 tclass=hdf_devmgr_class permissive=1 36allow locationhub hdf_agnss_interface_service:hdf_devmgr_class { get }; 37 38#avc: denied { get } for service=geofence_interface_service pid=317 scontext=u:r:locationhub:s0 tcontext=u:object_r:hdf_geofence_interface_service:s0 tclass=hdf_devmgr_class permissive=1 39allow locationhub hdf_geofence_interface_service:hdf_devmgr_class { get }; 40 41#avc: denied { get } for service=3503 pid=317 scontext=u:r:locationhub:s0 tcontext=u:object_r:sa_accesstoken_manager_service:s0 tclass=samgr_class permissive=1 42allow locationhub sa_accesstoken_manager_service:samgr_class { get }; 43 44#avc: denied { get } for service=2801 pid=303 scontext=u:r:locationhub:s0 tcontext=u:object_r:sa_location_geo_convert_service:s0 tclass=samgr_class permissive=1 45allow locationhub sa_location_geo_convert_service:samgr_class { get }; 46 47allow locationhub sa_foundation_bms:samgr_class { get }; 48 49allow locationhub sa_telephony_tel_core_service:samgr_class { get }; 50 51allow locationhub sa_telephony_tel_cellular_data:samgr_class { get }; 52 53allow locationhub sa_foundation_appms:samgr_class { get }; 54 55allow locationhub data_service_file:dir { search }; 56 57allow locationhub data_service_el1_file:dir { search write add_name remove_name getattr }; 58 59allow locationhub data_service_el1_file:file { create read write open getattr setattr ioctl }; 60 61allow locationhub telephony_sa:binder { call transfer }; 62 63debug_only(` 64 #avc: denied { call } for pid=353 comm="IPC_1_409" scontext=u:r:locationhub:s0 tcontext=u:r:sh:s0 tclass=binder permissive=0 65 allow locationhub sh:binder { call }; 66') 67 68allow locationhub sa_privacy_service:samgr_class { get }; 69 70allow locationhub sa_foundation_abilityms:samgr_class { get }; 71 72allow locationhub accesstoken_service:binder { call transfer }; 73 74allow locationhub privacy_service:binder { call transfer }; 75 76allow locationhub normal_hap_attr:binder { call transfer }; 77 78allow locationhub musl_param:file { read }; 79 80allow locationhub dev_console_file:chr_file { read write }; 81 82allow locationhub sa_location_locator_service:samgr_class { get }; 83allow locationhub sa_distributeddata_service:samgr_class { get }; 84allow locationhub distributeddata:binder { call }; 85allow locationhub distributeddata:fd { use }; 86allow locationhub vendor_bin_file:dir { search }; 87 88allow locationhub musl_param:file { open }; 89allow locationhub dev_file:dir { getattr }; 90 91allow locationhub sa_bluetooth_server:samgr_class { get }; 92allow locationhub sa_wifi_scan_ability:samgr_class { get }; 93 94allow locationhub sa_bgtaskmgr:samgr_class { get }; 95allow locationhub bgtaskmgr_service:binder { call }; 96 97allow locationhub sa_form_mgr_service:samgr_class { get }; 98allow locationhub sa_foundation_ans:samgr_class { get }; 99allow locationhub sa_telephony_tel_sms_mms:samgr_class { get }; 100allow locationhub sa_foundation_tel_call_manager:samgr_class { get }; 101 102allow locationhub time_service:binder { call }; 103allow locationhub sa_resource_schedule:samgr_class { get }; 104allow locationhub sa_device_standby:samgr_class { get }; 105allow locationhub sa_msdp_movement_service:samgr_class { get }; 106allow locationhub wifi_manager_service:fd { use }; 107allow locationhub sa_net_conn_manager:samgr_class { get }; 108 109allow locationhub paramservice_socket:sock_file { write }; 110allow locationhub kernel:unix_stream_socket { connectto }; 111allow locationhub persist_param:parameter_service { set }; 112 113allow locationhub sa_wifi_device_ability:samgr_class { get }; 114allow locationhub netmanager:binder { call transfer }; 115