1# Copyright (c) 2022-2023 Huawei Device Co., Ltd.
2# Licensed under the Apache License, Version 2.0 (the "License");
3# you may not use this file except in compliance with the License.
4# You may obtain a copy of the License at
5#
6#     http://www.apache.org/licenses/LICENSE-2.0
7#
8# Unless required by applicable law or agreed to in writing, software
9# distributed under the License is distributed on an "AS IS" BASIS,
10# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11# See the License for the specific language governing permissions and
12# limitations under the License.
13
14#avc:  denied  { getopt } for  pid=563 comm="msdp" scontext=u:r:msdp_sa:s0 tcontext=u:r:msdp_sa:s0 tclass=unix_dgram_socket permissive=1
15#avc:  denied  { setopt } for  pid=563 comm="msdp" scontext=u:r:msdp_sa:s0 tcontext=u:r:msdp_sa:s0 tclass=unix_dgram_socket permissive=1
16allow msdp_sa msdp_sa:unix_dgram_socket { getopt setopt };
17
18#avc:  denied  { search } for  pid=538 comm="msdp" name="socket" dev="tmpfs" ino=40 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:dev_unix_socket:s0 tclass=dir permissive=1
19allow msdp_sa dev_unix_socket:dir { search };
20
21#avc:  denied  { call } for  pid=543 comm="msdp" scontext=u:r:msdp_sa:s0 tcontext=u:r:sh:s0 tclass=binder permissive=1
22debug_only(`
23    allow msdp_sa sh:binder { call };
24')
25
26#avc:  denied  { call } for  pid=571 comm="msdp" scontext=u:r:msdp_sa:s0 tcontext=u:r:accesstoken_service:s0 tclass=binder permissive=1
27allow msdp_sa accesstoken_service:binder { call };
28
29#avc:  denied  { add } for service=2902 pid=387 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:sa_msdp_devicestatus_service:s0 tclass=samgr_class permissive=1
30allow msdp_sa sa_msdp_devicestatus_service:samgr_class { add };
31
32#avc:  denied  { get } for service=3901 pid=387 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:sa_param_watcher:s0 tclass=samgr_class permissive=1
33allow msdp_sa sa_param_watcher:samgr_class { get };
34
35#avc:  denied  { call } for  pid=435 comm="msdp" scontext=u:r:msdp_sa:s0 tcontext=u:r:normal_hap:s0 tclass=binder permissive=0
36allow msdp_sa normal_hap_attr:binder { call };
37
38#avc:  denied  { search } for  pid=431 comm="msdp" name="/" dev="mmcblk0p12" ino=3 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:data_file:s0 tclass=dir permissive=0
39allow msdp_sa data_file:dir { search };
40
41#avc:  denied  { call } for  pid=429 comm="msdp" scontext=u:r:msdp_sa:s0 tcontext=u:r:system_core_hap:s0 tclass=binder permissive=0
42allow msdp_sa system_core_hap_attr:binder { call };
43
44#avc:  denied  { watch } for  pid=453 comm="device_status_s" path="/dev/input" dev="tmpfs" ino=77 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:dev_input_file:s0 tclass=dir permissive=0
45#avc:  denied  { open } for  pid=1729 comm="device_status_s" path="/dev/input" dev="tmpfs" ino=77 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:dev_input_file:s0 tclass=dir permissive=0
46#avc:  denied  { read } for  pid=1765 comm="device_status_s" name="input" dev="tmpfs" ino=77 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:dev_input_file:s0 tclass=dir permissive=0
47#avc:  denied  { search } for  pid=1737 comm="device_status_s" name="input" dev="tmpfs" ino=77 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:dev_input_file:s0 tclass=dir permissive=0
48#avc:  denied  { getattr } for  pid=1741 comm="device_status_s" path="/dev/input" dev="tmpfs" ino=77 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:dev_input_file:s0 tclass=dir permissive=0
49allow msdp_sa dev_input_file:dir { watch open read search getattr };
50
51#avc:  denied  { getattr } for  pid=1741 comm="device_status_s" path="/dev/input/event3" dev="tmpfs" ino=107 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:dev_input_file:s0 tclass=chr_file permissive=0
52#avc:  denied  { read write } for  pid=1897 comm="device_status_s" name="event7" dev="tmpfs" ino=328 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:dev_input_file:s0 tclass=chr_file permissive=1
53#avc:  denied  { open } for  pid=1897 comm="device_status_s" path="/dev/input/event7" dev="tmpfs" ino=328 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:dev_input_file:s0 tclass=chr_file permissive=1
54#avc:  denied  { ioctl } for  pid=1748 comm="device_status_s" path="/dev/input/event7" dev="tmpfs" ino=328 ioctlcmd=0x4521 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:dev_input_file:s0 tclass=chr_file permissive=0
55allow msdp_sa dev_input_file:chr_file { getattr read write open ioctl };
56
57#avc:  denied  { getattr } for  pid=1741 comm="device_status_s" path="/dev" dev="tmpfs" ino=1 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:dev_file:s0 tclass=dir permissive=0
58allow msdp_sa dev_file:dir { getattr };
59
60#avc:  denied  { search } for  pid=1771 comm="device_status_s" name="etc" dev="mmcblk0p8" ino=17 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:vendor_etc_file:s0 tclass=dir permissive=1
61allow msdp_sa vendor_etc_file:dir { search };
62
63#avc:  denied  { call } for  pid=457 comm="device_status_s" scontext=u:r:msdp_sa:s0 tcontext=u:r:multimodalinput:s0 tclass=binder permissive=1
64allow msdp_sa multimodalinput:binder { call };
65
66#avc:  denied  { use } for  pid=257 comm="IPC_0_324" path="socket:[33166]" dev="sockfs" ino=33166 scontext=u:r:msdp_sa:s0 tcontext=u:r:multimodalinput:s0 tclass=fd permissive=1
67allow msdp_sa multimodalinput:fd { use };
68
69#avc:  denied  { read write } for  pid=257 comm="IPC_0_324" path="socket:[33166]" dev="sockfs" ino=33166 scontext=u:r:msdp_sa:s0 tcontext=u:r:multimodalinput:s0 tclass=unix_stream_socket permissive=1
70allow msdp_sa multimodalinput:unix_stream_socket { read write };
71
72#avc:  denied  { map } for  pid=482 comm="IPC_1_549" path="/dev/__parameters__/u:object_r:musl_param:s0" dev="tmpfs" ino=56 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:musl_param:s0 tclass=file permissive=0
73#avc:  denied  { open } for  pid=448 comm="IPC_1_490" path="/dev/__parameters__/u:object_r:musl_param:s0" dev="tmpfs" ino=56 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:musl_param:s0 tclass=file permissive=0
74#avc:  denied  { read } for  pid=477 comm="IPC_1_657" name="u:object_r:musl_param:s0" dev="tmpfs" ino=56 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:musl_param:s0 tclass=file permissive=0
75allow msdp_sa musl_param:file { map open read };
76
77#avc:  denied  { transfer } for  pid=477 comm="IPC_1_657" scontext=u:r:msdp_sa:s0 tcontext=u:r:sensors:s0 tclass=binder permissive=1
78allow msdp_sa sensors:binder { transfer };
79
80#avc:  denied  { get } for service=3101 pid=445 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:sa_multimodalinput_service:s0 tclass=samgr_class permissive=0
81allow msdp_sa sa_multimodalinput_service:samgr_class { get };
82
83debug_only(`
84    allow msdp_sa data_file:file { getattr open read};
85    #avc:  denied  { read write } for  pid=1903 comm="sa_main" path="/dev/console" dev="tmpfs" ino=27 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:dev_console_file:s0 tclass=chr_file permissive=0
86    allow msdp_sa dev_console_file:chr_file { read write };
87    #avc:  denied  { use } for  pid=1794 comm="InteractionMana" path="/dev/ashmem" dev="tmpfs" ino=197 scontext=u:r:msdp_sa:s0 tcontext=u:r:sh:s0 tclass=fd permissive=0
88    allow msdp_sa sh:fd { use };
89')
90
91#avc:  denied  { call } for  pid=923 comm="device_status_s" scontext=u:r:msdp_sa:s0 tcontext=u:r:distributedsche:s0 tclass=binder permissive=1
92#avc:  denied  { transfer } for  pid=923 comm="device_status_s" scontext=u:r:msdp_sa:s0 tcontext=u:r:distributedsche:s0 tclass=binder permissive=1
93allow msdp_sa distributedsche:binder { call transfer };
94
95#avc:  denied  { get } for service=4810 pid=892 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:sa_distributed_hardware_input_sink_service:s0 tclass=samgr_class permissive=0
96allow msdp_sa sa_distributed_hardware_input_sink_service:samgr_class { get };
97
98#avc:  denied  { get } for service=4809 pid=892 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:sa_distributed_hardware_input_source_service:s0 tclass=samgr_class permissive=0
99allow msdp_sa sa_distributed_hardware_input_source_service:samgr_class { get };
100
101#avc:  denied  { get } for service=4607 pid=923 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:sa_foundation_dms:s0 tclass=samgr_class permissive=1
102allow msdp_sa sa_foundation_dms:samgr_class { get };
103
104#avc:  denied  { use } for  pid=1210 comm="SoftBusConnect" path="socket:[18000]" dev="sockfs" ino=18000 scontext=u:r:msdp_sa:s0 tcontext=u:r:softbus_server:s0 tclass=fd permissive=1
105allow msdp_sa softbus_server:fd { use };
106
107#avc:  denied  { read } for  pid=923 comm="SoftBusConnect" laddr=192.168.43.17 lport=41775 faddr=192.168.43.46 fport=42169 scontext=u:r:msdp_sa:s0 tcontext=u:r:softbus_server:s0 tclass=tcp_socket permissive=1
108#avc:  denied  { setopt } for  pid=923 comm="device_status_s" laddr=192.168.43.17 lport=41775 faddr=192.168.43.46 fport=42169 scontext=u:r:msdp_sa:s0 tcontext=u:r:softbus_server:s0 tclass=tcp_socket permissive=1
109#avc:  denied  { write } for  pid=923 comm="device_status_s" laddr=192.168.43.17 lport=41775 faddr=192.168.43.46 fport=42169 scontext=u:r:msdp_sa:s0 tcontext=u:r:softbus_server:s0 tclass=tcp_socket permissive=1
110#avc:  denied  { shutdown } for  pid=867 comm="EventRunner#41" laddr=192.168.43.46 lport=44711 faddr=192.168.43.17 fport=38953 scontext=u:r:msdp_sa:s0 tcontext=u:r:softbus_server:s0 tclass=tcp_socket permissive=0
111allow msdp_sa softbus_server:tcp_socket { read setopt write shutdown };
112
113#avc:  denied  { get } for service=6001 pid=932 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:sa_device_profile_service:s0 tclass=samgr_class permissive=1
114allow msdp_sa sa_device_profile_service:samgr_class { get };
115
116#avc:  denied  { get } for service=401 pid=375 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:sa_foundation_bms:s0 tclass=samgr_class permissive=0
117allow msdp_sa sa_foundation_bms:samgr_class { get };
118
119#avc:  denied  { get } for service=10 pid=397 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:sa_render_service:s0 tclass=samgr_class permissive=0
120allow msdp_sa sa_render_service:samgr_class { get };
121
122#avc:  denied  { get } for service=4606 pid=381 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:sa_foundation_wms:s0 tclass=samgr_class permissive=1
123allow msdp_sa sa_foundation_wms:samgr_class { get };
124
125#avc:  denied  { get } for service=801 pid=363 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:sa_accessibleabilityms:s0 tclass=samgr_class permissive=1
126allow msdp_sa sa_accessibleabilityms:samgr_class { get };
127
128#avc:  denied  { get } for service=1901 pid=363 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:sa_resource_schedule:s0 tclass=samgr_class permissive=1
129allow msdp_sa sa_resource_schedule:samgr_class { get };
130
131#avc:  denied  { call } for  pid=379 comm="device_status_s" scontext=u:r:msdp_sa:s0 tcontext=u:r:render_service:s0 tclass=binder permissive=0
132#avc:  denied  { transfer } for  pid=429 comm="device_status_s" scontext=u:r:msdp_sa:s0 tcontext=u:r:render_service:s0 tclass=binder permissive=0
133allow msdp_sa render_service:binder { call transfer };
134
135#avc:  denied  { use } for  pid=480 comm="IPC_3_1378" path="socket:[31810]" dev="sockfs" ino=31810 scontext=u:r:msdp_sa:s0 tcontext=u:r:render_service:s0 tclass=fd permissive=0
136allow msdp_sa render_service:fd { use };
137
138#avc:  denied  { transfer } for  pid=391 comm="device_status_s" scontext=u:r:msdp_sa:s0 tcontext=u:r:foundation:s0 tclass=binder permissive=0
139allow msdp_sa foundation:binder { transfer };
140
141#avc:  denied  { call } for  pid=416 comm="device_status_s" scontext=u:r:msdp_sa:s0 tcontext=u:r:accessibility:s0 tclass=binder permissive=0
142#avc:  denied  { transfer } for  pid=421 comm="device_status_s" scontext=u:r:msdp_sa:s0 tcontext=u:r:accessibility:s0 tclass=binder permissive=0
143allow msdp_sa accessibility:binder { call transfer };
144
145#avc:  denied  { open } for  pid=372 comm="device_status_s" path="/dev/ashmem" dev="tmpfs" ino=191 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:dev_ashmem_file:s0 tclass=chr_file permissive=0
146allow msdp_sa dev_ashmem_file:chr_file { open };
147
148#avc:  denied  { getattr } for  pid=404 comm="RSRenderThread" path="/dev/mali0" dev="tmpfs" ino=133 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:dev_mali:s0 tclass=chr_file permissive=1
149#avc:  denied  { ioctl } for  pid=404 comm="RSRenderThread" path="/dev/mali0" dev="tmpfs" ino=133 ioctlcmd=0x8000 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:dev_mali:s0 tclass=chr_file permissive=1
150#avc:  denied  { map } for  pid=404 comm="RSRenderThread" path="/dev/mali0" dev="tmpfs" ino=133 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:dev_mali:s0 tclass=chr_file permissive=1
151#avc:  denied  { open } for  pid=404 comm="RSRenderThread" path="/dev/mali0" dev="tmpfs" ino=133 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:dev_mali:s0 tclass=chr_file permissive=1
152#avc:  denied  { read write } for  pid=372 comm="RSRenderThread" name="mali0" dev="tmpfs" ino=133 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:dev_mali:s0 tclass=chr_file permissive=0
153allow msdp_sa dev_mali:chr_file { getattr ioctl map open read write };
154allowxperm msdp_sa dev_mali:chr_file ioctl { 0x8000 0x8001 0x8002 0x8003 0x8005 0x8006 0x8007 0x800f 0x800e 0x8011 0x8016 0x8018 0x801d 0x801e 0x8026 };
155
156#avc:  denied  { read write } for  pid=453 comm="IPC_0_469" path="socket:[28935]" dev="sockfs" ino=28935 scontext=u:r:msdp_sa:s0 tcontext=u:r:render_service:s0 tclass=unix_stream_socket permissive=0
157allow msdp_sa render_service:unix_stream_socket { read write };
158#avc:  denied  { search } for  pid=404 comm="msdp" name="usr" dev="mmcblk0p7" ino=2921 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:system_usr_file:s0 tclass=dir permissive=1
159allow msdp_sa system_usr_file:dir { search };
160
161#avc:  denied  { getattr } for  pid=404 comm="msdp" path="/system/usr/ohos_locale_config/supported_regions.xml" dev="mmcblk0p7" ino=2928 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:system_usr_file:s0 tclass=file permissive=1
162#avc:  denied  { read } for  pid=404 comm="msdp" name="supported_regions.xml" dev="mmcblk0p7" ino=2928 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:system_usr_file:s0 tclass=file permissive=1
163#avc:  denied  { open } for  pid=404 comm="msdp" path="/system/usr/ohos_locale_config/supported_regions.xml" dev="mmcblk0p7" ino=2928 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:system_usr_file:s0 tclass=file permissive=1
164allow msdp_sa system_usr_file:file { getattr read open };
165
166
167#avc:  denied  { getattr } for  pid=1613 comm="msdp" path="/sys/devices/system/cpu/online" dev="sysfs" ino=4917 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:sysfs_devices_system_cpu:s0 tclass=file permissive=0
168#avc:  denied  { open } for  pid=1672 comm="msdp" path="/sys/devices/system/cpu/online" dev="sysfs" ino=4917 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:sysfs_devices_system_cpu:s0 tclass=file permissive=0
169#avc:  denied  { read } for  pid=1734 comm="msdp" name="online" dev="sysfs" ino=4917 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:sysfs_devices_system_cpu:s0 tclass=file permissive=0
170allow msdp_sa sysfs_devices_system_cpu:file { getattr open read };
171
172#avc:  denied  { open } for  pid=421 comm="RSRenderThread" path="/sys/devices/system/cpu" dev="sysfs" ino=4915 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:sysfs_devices_system_cpu:s0 tclass=dir permissive=0
173#avc:  denied  { read } for  pid=380 comm="RSRenderThread" name="cpu" dev="sysfs" ino=4915 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:sysfs_devices_system_cpu:s0 tclass=dir permissive=0
174allow msdp_sa sysfs_devices_system_cpu:dir { open read };
175
176#avc:  denied  { use } for  pid=1172 comm="com.ohos.launch" path="/dev/ashmem" dev="tmpfs" ino=188 scontext=u:r:msdp_sa:s0 tcontext=u:r:system_basic_hap:s0 tclass=fd permissive=1
177allow msdp_sa system_basic_hap_attr:fd { use };
178
179allow msdp_sa sa_distributeddata_service:samgr_class { get };
180
181#avc:  denied  { use } for  pid=468 comm="IPC_0_499" path="/dmabuf:" dev="dmabuf" ino=32242 scontext=u:r:msdp_sa:s0 tcontext=u:r:allocator_host:s0 tclass=fd permissive=0
182allow msdp_sa allocator_host:fd { use };
183
184#avc:  denied  { getattr } for  pid=433 comm="device_status_s" path="/system/fonts/HarmonyOS_Sans_Condensed_Medium_Italic.ttf" dev="mmcblk0p7" ino=1683 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:system_fonts_file:s0 tclass=file permissive=0
185#avc:  denied  { map } for  pid=426 comm="device_status_s" path="/system/fonts/HarmonyOS_Sans_SC_Light.ttf" dev="mmcblk0p7" ino=1710 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:system_fonts_file:s0 tclass=file permissive=0
186#avc:  denied  { open } for  pid=413 comm="device_status_s" path="/system/fonts/HarmonyOS_Sans_Digit.ttf" dev="mmcblk0p7" ino=1688 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:system_fonts_file:s0 tclass=file permissive=0
187#avc:  denied  { read } for  pid=426 comm="device_status_s" name="HarmonyOS_Sans_SC_Thin.ttf" dev="mmcblk0p7" ino=1713 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:system_fonts_file:s0 tclass=file permissive=0
188allow msdp_sa system_fonts_file:file { getattr map open read };
189
190#avc:  denied  { open } for  pid=435 comm="device_status_s" path="/system/fonts" dev="mmcblk0p7" ino=1671 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:system_fonts_file:s0 tclass=dir permissive=0
191#avc:  denied  { read } for  pid=450 comm="device_status_s" name="fonts" dev="mmcblk0p7" ino=1671 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:system_fonts_file:s0 tclass=dir permissive=0
192#avc:  denied  { search } for  pid=424 comm="device_status_s" name="fonts" dev="mmcblk0p7" ino=1671 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:system_fonts_file:s0 tclass=dir permissive=0
193allow msdp_sa system_fonts_file:dir { open read search };
194
195#avc:  denied  { call } for  pid=3255 comm="mmi_EventHdr" scontext=u:r:msdp_sa:s0 tcontext=u:r:distributeddata:s0 tclass=binder permissive=1
196allow msdp_sa distributeddata:binder { call };
197
198#avc:  denied  { use } for  pid=2822 comm="mos.filemanager" path="/dev/ashmem" dev="tmpfs" ino=480 scontext=u:r:msdp_sa:s0 tcontext=u:r:system_core_hap:s0 tclass=fd permissive=0
199allow msdp_sa system_core_hap_attr:fd { use };
200
201#avc:  denied  { read } for  pid=2361 comm="ClientEventHand" scontext=u:r:system_core_hap:s0 tcontext=u:r:msdp_sa:s0 tclass=unix_stream_socket permissive=1
202allow msdp_sa system_core_hap_attr:unix_stream_socket { read };
203
204#avc:  denied  { use } for  pid=4218 comm="awei.ohos.clock" path="/dev/ashmem" dev="tmpfs" ino=487 scontext=u:r:msdp_sa:s0 tcontext=u:r:normal_hap:s0 tclass=fd permissive=1
205allow msdp_sa normal_hap_attr:fd { use };
206
207#avc: denied { transfer } for pid=858 comm="SoftBusConnect" scontext=u:r:msdp_sa:s0 tcontext=u:r:multimodalinput:s0 tclass=binder permissive=1
208allow msdp_sa multimodalinput:binder { transfer };
209
210#avc:  denied  { get } for service=3299 pid=470 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:sa_foundation_cesfwk_service:s0 tclass=samgr_class permissive=0
211allow msdp_sa sa_foundation_cesfwk_service:samgr_class { get }; 
212
213#avc:  denied  { get } for service=501 pid=762 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:sa_foundation_appms:s0 tclass=samgr_class permissive=0
214allow msdp_sa sa_foundation_appms:samgr_class { get };
215
216allow msdp_sa sa_filemanagement_distributed_file_daemon_service:samgr_class { get };
217allow msdp_sa distributedfiledaemon:binder { call };
218allow msdp_sa inputmethod_service:binder { call transfer };
219
220#avc:  denied  { get } for service=1912 pid=1070 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:sa_concurrent_task_service:s0 tclass=samgr_class permissive=1
221allow msdp_sa sa_concurrent_task_service:samgr_class { get };
222
223#avc: denied { call } for service=1912 pid=1024, comm="/system/bin/sa_main"  scontext=u:r:msdp_sa:s0 tcontext=u:object_r:concurrent_task_service:s0 tclass=binder permissive=0
224allow msdp_sa concurrent_task_service:binder { call };
225
226allow msdp_sa wifi_manager_service:binder { call };
227
228#avc:  denied  { call } for  pid=871 comm="OS_Cooperate" scontext=u:r:msdp_sa:s0 tcontext=u:r:accountmgr:s0 tclass=binder permissive=1
229allow msdp_sa accountmgr:binder { call transfer };
230
231#avc:  denied  { get } for service=1123 sid=u:r:msdp_sa:s0 scontext=u:r:msdp_sa:s0 tcontext=u:object_r:sa_wifi_p2p_ability:s0 tclass=samgr_class permissive=0
232allow msdp_sa sa_wifi_p2p_ability:samgr_class { get };
233
234allow msdp_sa sa_accountmgr:samgr_class { get };
235
236#avc: denied { use } for pid=1466, comm="/system/bin/sa_main"  path="/dev/ashmem" dev="" ino=1 scontext=u:r:msdp_sa:s0 tcontext=u:r:accountmgr:s0 tclass=fd permissive=0
237allow msdp_sa accountmgr:fd { use };
238