1# Copyright (c) 2023 Huawei Device Co., Ltd. 2# Licensed under the Apache License, Version 2.0 (the "License"); 3# you may not use this file except in compliance with the License. 4# You may obtain a copy of the License at 5# 6# http://www.apache.org/licenses/LICENSE-2.0 7# 8# Unless required by applicable law or agreed to in writing, software 9# distributed under the License is distributed on an "AS IS" BASIS, 10# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11# See the License for the specific language governing permissions and 12# limitations under the License. 13 14allow useriam sa_sensor_service:samgr_class { get }; 15allow useriam sa_miscdevice_service:samgr_class { get }; 16allow useriam sensors:binder { call }; 17 18allow useriam accesstoken_service:binder { call }; 19allow useriam accountmgr:binder { call }; 20allow useriam bootevent_param:file { map open read }; 21allow useriam bootevent_param:parameter_service { set }; 22allow useriam bootevent_samgr_param:file { map open read }; 23allow useriam build_version_param:file { map open read }; 24allow useriam const_allow_mock_param:file { map open read }; 25allow useriam const_allow_param:file { map open read }; 26allow useriam const_build_param:file { map open read }; 27allow useriam const_display_brightness_param:file { map open read }; 28allow useriam const_param:file { map open read }; 29allow useriam const_postinstall_fstab_param:file { map open read }; 30allow useriam const_postinstall_param:file { map open read }; 31allow useriam const_product_param:file { map open read }; 32allow useriam debug_param:file { map open read }; 33allow useriam default_param:file { map open read }; 34allow useriam dev_at_file:chr_file { ioctl }; 35allow useriam dev_unix_socket:dir { search }; 36allow useriam distributedsche_param:file { map open read }; 37allow useriam hdf_devmgr:binder { call transfer }; 38allow useriam hilog_param:file { map open read }; 39allow useriam hw_sc_build_os_param:file { map open read }; 40allow useriam hw_sc_build_param:file { map open read }; 41allow useriam hw_sc_param:file { map open read }; 42allow useriam init_param:file { map open read }; 43allow useriam init_svc_param:file { map open read }; 44allow useriam input_pointer_device_param:file { map open read }; 45allow useriam kernel:unix_stream_socket { connectto }; 46allow useriam net_param:file { map open read }; 47allow useriam net_tcp_param:file { map open read }; 48allow useriam ohos_boot_param:file { map open read }; 49allow useriam ohos_param:file { map open read }; 50allow useriam paramservice_socket:sock_file { write }; 51allow useriam param_watcher:binder { call transfer }; 52allow useriam persist_param:file { map open read }; 53allow useriam persist_sys_param:file { map open read }; 54allow useriam pinauth:binder { call transfer }; 55allow useriam sa_param_watcher:samgr_class { get }; 56allow useriam security_param:file { map open read }; 57allow useriam startup_param:file { map open read }; 58allow useriam sys_param:file { map open read }; 59allow useriam system_basic_hap_attr:binder { call }; 60allow useriam system_bin_file:dir { search }; 61allow useriam sys_usb_param:file { map open read }; 62allow useriam tracefs:dir { search }; 63allow useriam tracefs_trace_marker_file:file { open write }; 64allow useriam user_auth_host:binder { call transfer }; 65allow useriam useriam:unix_dgram_socket { getopt setopt }; 66allowxperm useriam dev_at_file:chr_file ioctl { 0x4103 }; 67allow useriam face_auth_host:binder { call transfer }; 68allow useriam fingerprint_auth_host:binder { call transfer }; 69allow useriam render_service:binder { call transfer }; 70allow useriam foundation:binder { call transfer }; 71allow useriam normal_hap_attr:binder { call }; 72allow useriam sa_render_service:samgr_class { get }; 73allow useriam sa_foundation_cesfwk_service:samgr_class { get }; 74allow useriam sa_powermgr_displaymgr_service:samgr_class { get }; 75allow useriam sa_foundation_dms:samgr_class { get }; 76binder_call(useriam, powermgr); 77allow useriam sa_powermgr_powermgr_service:samgr_class { get }; 78allow useriam dev_mali:chr_file { getattr ioctl map open read write }; 79allow useriam sysfs_devices_system_cpu:dir { read open }; 80allow useriam allocator_host:fd { use }; 81allow useriam sa_foundation_abilityms:samgr_class { get }; 82 83# avc: denied { call } for pid=466 comm="useriam" scontext=u:r:useriam:s0 tcontext=u:r:huks_service:s0 tclass=binder permissive=1 84allow useriam huks_service:binder { call }; 85 86allow useriam sensors:binder { transfer }; 87allow sensors useriam:fd { use }; 88allow sensors useriam:unix_stream_socket { read write }; 89allow useriam devinfo_private_param:file { map open read }; 90allow sensors useriam:binder { call }; 91allow useriam storage_daemon:binder { call }; 92 93