1# Copyright (c) 2023 Huawei Device Co., Ltd. 2# Licensed under the Apache License, Version 2.0 (the "License"); 3# you may not use this file except in compliance with the License. 4# You may obtain a copy of the License at 5# 6# http://www.apache.org/licenses/LICENSE-2.0 7# 8# Unless required by applicable law or agreed to in writing, software 9# distributed under the License is distributed on an "AS IS" BASIS, 10# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11# See the License for the specific language governing permissions and 12# limitations under the License. 13 14allow init update_firmware_file:dir { search write create add_name getattr open read relabelto setattr }; 15allow init update_firmware_file:file { getattr }; 16allow init update_dupdate_engine_file:dir { getattr open read relabelto search setattr }; 17allow init update_dupdate_engine_file:file { getattr relabelto }; 18allow init update_update_service_file:dir { getattr open read relabelto search setattr }; 19allow init update_update_service_file:file { getattr relabelto }; 20allow init updater_sa:file { getattr }; 21 22# avc: denied { setattr } for pid=1 comm="init" name="mmcblk0p2" dev="tmpfs" ino=35 scontext=u:r:init:s0 tcontext=u:object_r:updater_block_file:s0 tclass=blk_file permissive=1 23allow init updater_block_file:blk_file { setattr }; 24 25# avc: denied { read } for pid=1 comm="init" name="misc" dev="tmpfs" ino=37 scontext=u:r:init:s0 tcontext=u:object_r:updater_block_file:s0 tclass=lnk_file permissive=1 26allow init updater_block_file:lnk_file { read }; 27 28