1# Copyright (c) 2024 Huawei Device Co., Ltd. 2# Licensed under the Apache License, Version 2.0 (the "License"); 3# you may not use this file except in compliance with the License. 4# You may obtain a copy of the License at 5# 6# http://www.apache.org/licenses/LICENSE-2.0 7# 8# Unless required by applicable law or agreed to in writing, software 9# distributed under the License is distributed on an "AS IS" BASIS, 10# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11# See the License for the specific language governing permissions and 12# limitations under the License. 13 14developer_only(` 15allow mediatool sh:fd { use }; 16allow mediatool medialibrary_hap:fd { use }; 17allow mediatool chip_prod_file:dir { search }; 18allow mediatool debug_param:file { read open map }; 19allow mediatool dev_unix_socket:dir { search }; 20allow mediatool hdcd:fd { use }; 21allow mediatool persist_param:file { read open map }; 22allow mediatool persist_sys_param:file { read open map }; 23allow mediatool samgr:binder { call transfer }; 24allow mediatool sys_prod_file:dir { search }; 25allow mediatool system_usr_file:dir { search getattr }; 26allow mediatool tty_device:chr_file { read write }; 27allow mediatool dev_ptmx:chr_file { read write }; 28allow mediatool devpts:chr_file { read write }; 29allow mediatool system_usr_file:file { read getattr open map }; 30allow mediatool sa_storage_manager_service:samgr_class { get }; 31allow mediatool storage_manager:binder { call }; 32allow mediatool mediatool:unix_dgram_socket { getopt setopt }; 33allow mediatool hiview:unix_dgram_socket { sendto }; 34allow mediatool sa_foundation_abilityms:samgr_class { get }; 35allow mediatool foundation:binder { call transfer }; 36allow mediatool medialibrary_hap:binder { call transfer }; 37allow mediatool mimetype_file:file { read open getattr }; 38allow mediatool devpts:chr_file { ioctl }; 39allow mediatool hdcd:fifo_file { read write }; 40allow mediatool data_file:dir { search }; 41allow mediatool data_local:dir { search }; 42allow mediatool data_local_tmp:dir { search getattr write add_name create }; 43allow mediatool data_local_tmp:file { write create open }; 44allow mediatool data_user_file:file { getattr read }; 45allow mediatool sys_param:file { read open }; 46allow mediatool samgr:file { read open write }; 47allow mediatool hmdfs:file { read getattr }; 48allowxperm mediatool devpts:chr_file ioctl 0x5413; 49allow foundation mediatool:binder { call transfer }; 50allow samgr mediatool:dir { search }; 51allow samgr mediatool:file { read open }; 52allow samgr mediatool:process { getattr }; 53allow samgr mediatool:binder { call transfer }; 54allow medialibrary_hap mediatool:binder { transfer }; 55domain_auto_transition_pattern(sh, mediatool_exec, mediatool); 56') 57