1# Copyright (c) 2022-2023 Huawei Device Co., Ltd. 2# Licensed under the Apache License, Version 2.0 (the "License"); 3# you may not use this file except in compliance with the License. 4# You may obtain a copy of the License at 5# 6# http://www.apache.org/licenses/LICENSE-2.0 7# 8# Unless required by applicable law or agreed to in writing, software 9# distributed under the License is distributed on an "AS IS" BASIS, 10# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11# See the License for the specific language governing permissions and 12# limitations under the License 13 14allow hiprofilerd dev_unix_socket:dir search; 15allow hiprofilerd devpts:chr_file { read write }; 16allow hiprofilerd hdcd:fd use; 17allow hiprofilerd hdcd:unix_stream_socket { read write }; 18allow hiprofilerd hdcd:fifo_file write; 19allow hiprofilerd node:tcp_socket node_bind; 20allow hiprofilerd proc_cpuinfo_file:file { open read }; 21allow hiprofilerd proc_file:file { getattr open read }; 22allow hiprofilerd tty_device:chr_file { read write }; 23allow hiprofilerd data_file:dir search; 24allow hiprofilerd data_init_agent:dir search; 25allow hiprofilerd data_init_agent:file { append ioctl open read }; 26allow hiprofilerd self:tcp_socket { accept read write }; 27allow hiprofilerd self:tcp_socket shutdown; 28allow hiprofilerd self:tcp_socket { bind create getattr getopt listen setopt }; 29allow hiprofilerd dev_unix_socket:dir { add_name remove_name write }; 30allow hiprofilerd dev_unix_socket:sock_file { create unlink }; 31allow hiprofilerd system_bin_file:dir search; 32allow hiprofilerd data_local:dir search; 33allow hiprofilerd tmpfs:file { map read write }; 34 35allow hiprofilerd bootevent_samgr_param:file { map open read }; 36allow hiprofilerd build_version_param:file { map open read }; 37allow hiprofilerd const_product_param:file { map open read }; 38 39allow hiprofilerd dev_file:sock_file write; 40allow hiprofilerd distributedsche_param:file { open read }; 41allow hiprofilerd hilog_param:file { map open read }; 42allow hiprofilerd hw_sc_build_os_param:file read; 43allow hiprofilerd hw_sc_build_param:file read; 44allow hiprofilerd hw_sc_param:file { open read }; 45allow hiprofilerd init_param:file read; 46allow hiprofilerd net_param:file { open read }; 47allow hiprofilerd net_tcp_param:file { map open read }; 48allow hiprofilerd netsysnative:unix_stream_socket connectto; 49allow hiprofilerd ohos_boot_param:file { map open read }; 50allow hiprofilerd ohos_param:file { map open read }; 51allow hiprofilerd persist_param:file read; 52allow hiprofilerd security_param:file { map open read }; 53allow hiprofilerd sys_param:file { map open read }; 54allow hiprofilerd sys_usb_param:file { map open read }; 55 56allow hiprofilerd const_allow_param:file read; 57allow hiprofilerd const_param:file read; 58allow hiprofilerd const_postinstall_fstab_param:file read; 59allow hiprofilerd const_postinstall_param:file read; 60allow hiprofilerd hw_sc_build_os_param:file open; 61allow hiprofilerd hw_sc_build_param:file open; 62allow hiprofilerd hw_sc_param:file map; 63allow hiprofilerd init_param:file open; 64allow hiprofilerd init_svc_param:file read; 65allow hiprofilerd net_param:file map; 66 67allow hiprofilerd bootevent_param:file { open read }; 68allow hiprofilerd const_allow_mock_param:file read; 69allow hiprofilerd const_allow_param:file { map open }; 70allow hiprofilerd const_param:file { map open }; 71allow hiprofilerd const_postinstall_fstab_param:file { map open }; 72allow hiprofilerd const_postinstall_param:file { map open }; 73 74allow hiprofilerd debug_param:file { map open read }; 75allow hiprofilerd distributedsche_param:file map; 76allow hiprofilerd hw_sc_build_os_param:file map; 77allow hiprofilerd hw_sc_build_param:file map; 78allow hiprofilerd init_param:file map; 79allow hiprofilerd init_svc_param:file { map open }; 80allow hiprofilerd input_pointer_device_param:file { map open read }; 81allow hiprofilerd persist_param:file { map open }; 82allow hiprofilerd persist_sys_param:file { map open read }; 83allow hiprofilerd startup_param:file { map open read }; 84 85allow hiprofilerd bootevent_param:file map; 86allow hiprofilerd const_allow_mock_param:file { map open }; 87allow hiprofilerd const_build_param:file { map open read }; 88allow hiprofilerd const_display_brightness_param:file { map open read }; 89 90allow hiprofilerd default_param:file { map open read }; 91allow hiprofilerd system_bin_file:file { map open read execute execute_no_trans }; 92allow hiprofilerd toybox_exec:file { getattr map open read execute execute_no_trans }; 93allow hiprofilerd dev_unix_socket:sock_file { getattr setattr }; 94 95allow hiprofilerd hiprofiler_cmd:fd use; 96allow hiprofilerd rootfs:file read; 97 98allow hiprofilerd data_local_tmp:file { getattr read ioctl lock create read open write unlink }; 99allow hiprofilerd data_local_tmp:dir { search add_name remove_name write open getattr }; 100 101debug_only(` 102 allow hiprofilerd sh_exec:file { execute execute_no_trans map open read }; 103 allow hiprofilerd self:capability setgid; 104 allow hiprofilerd sh:fd use; 105') 106 107allow hiprofilerd dev_unix_socket:sock_file write; 108allow hiprofilerd hiprofiler_cmd:unix_stream_socket connectto; 109allow hiprofilerd ohos_dev_param:file { open read map}; 110allow hiprofilerd system_bin_file:file getattr; 111allow hiprofilerd system_bin_file:lnk_file read; 112allow hiprofilerd toybox_exec:lnk_file read; 113allow hiprofilerd tty_device:chr_file { ioctl open }; 114allow hiprofilerd musl_param:file { map open read }; 115allow hiprofilerd dev_unix_file:sock_file unlink; 116allow hiprofilerd dev_ashmem_file:chr_file { open }; 117allow hiprofilerd proc_file:file getattr; 118 119allow hiprofilerd sa_foundation_bms:samgr_class get; 120allow hiprofilerd sa_param_watcher:samgr_class get; 121allow hiprofilerd samgr:binder { call }; 122allow hiprofilerd foundation:binder call; 123allow hiprofilerd dev_console_file:chr_file { read write }; 124allow hiprofilerd param_watcher:binder { call }; 125allow hiprofilerd tracefs:dir search; 126allow hiprofilerd tracefs_trace_marker_file:file { open write }; 127 128allow hiprofilerd vendor_bin_file:dir search; 129allow hiprofilerd sysfs_devices_system_cpu:dir { read open }; 130 131allow hiprofilerd hap_domain:dir { read open getattr search }; 132allow hiprofilerd hap_domain:file { read open getattr map }; 133allow hiprofilerd dev_file:dir getattr; 134 135allow hiprofilerd sysfs_devices_system_cpu:file { read open getattr }; 136