1# Copyright (c) 2022-2023 Huawei Device Co., Ltd. 2# Licensed under the Apache License, Version 2.0 (the "License"); 3# you may not use this file except in compliance with the License. 4# You may obtain a copy of the License at 5# 6# http://www.apache.org/licenses/LICENSE-2.0 7# 8# Unless required by applicable law or agreed to in writing, software 9# distributed under the License is distributed on an "AS IS" BASIS, 10# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11# See the License for the specific language governing permissions and 12# limitations under the License. 13 14allow foundation bluetooth_service:binder { call transfer }; 15allow foundation bootevent_param:file { map open read }; 16allow foundation bootevent_samgr_param:file { map open read }; 17allow foundation build_version_param:file { map open read }; 18allow foundation configfs:dir { add_name create search }; 19allow foundation const_allow_mock_param:file { map open read }; 20allow foundation const_allow_param:file { map open read }; 21allow foundation const_build_param:file { map open read }; 22allow foundation const_display_brightness_param:file { map open read }; 23allow foundation const_param:file { map open read }; 24allow foundation const_postinstall_fstab_param:file { map open read }; 25allow foundation const_postinstall_param:file { map open read }; 26allow foundation const_product_param:file { map open read }; 27allow foundation data_app_el1_file:file { open }; 28allow foundation data_service_el1_file:dir { getattr rmdir setattr }; 29allow foundation data_service_el1_file:file { ioctl lock map read append open setattr }; 30allow foundation data_system_ce:dir { create open read remove_name }; 31allow foundation data_system_ce:file { unlink }; 32allow foundation debug_param:file { map open read }; 33allow foundation default_param:file { map open read }; 34allow foundation dev_dri_file:chr_file { getattr ioctl open read write }; 35allow foundation dev_dri_file:dir { search }; 36allow foundation deviceauth_service:binder { transfer }; 37allow foundation dev_kmsg_file:chr_file { open write }; 38allow foundation dev_mali:chr_file { getattr ioctl open }; 39allow foundation dhardware:binder { call }; 40allow foundation allocator_host:binder { call }; 41allow foundation distributedfiledaemon:binder { call }; 42allow foundation distributedsche_param:file { map open read }; 43allow foundation foundation:capability { kill }; 44allow foundation hdf_devmgr:binder { call transfer }; 45allow foundation hdf_allocator_service:hdf_devmgr_class { get }; 46allow foundation hidumper_service:fifo_file { write }; 47allow foundation hilog_param:file { map open read }; 48allow foundation hiview:binder { call }; 49allow foundation hiview:unix_dgram_socket { sendto }; 50allow foundation huks_service:binder { call transfer }; 51allow foundation hw_sc_build_os_param:file { map open read }; 52allow foundation hw_sc_build_param:file { map open read }; 53allow foundation hw_sc_param:file { map open read }; 54allow foundation init_param:file { map open read }; 55allow foundation init_svc_param:file { map open read }; 56allow foundation init:unix_stream_socket { connectto }; 57allow foundation input_pointer_device_param:file { map open read }; 58allow foundation installs:binder { call }; 59allow foundation locationhub:binder { call }; 60allow foundation multimodalinput:fd { use }; 61allow foundation net_param:file { map open read }; 62allow foundation net_tcp_param:file { map open read }; 63allow foundation normal_hap_data_file_attr:file { read }; 64allow foundation normal_hap_attr:fd { use }; 65allow foundation normal_hap_attr:unix_stream_socket { read write }; 66allow foundation nwebspawn_socket:sock_file { write }; 67allow foundation ohos_boot_param:file { map open read }; 68allow foundation ohos_param:file { map open read }; 69allow foundation persist_param:file { map open read }; 70allow foundation persist_param:parameter_service { set }; 71allow foundation persist_sys_param:file { map open read }; 72allow foundation power_host:binder { transfer }; 73allow foundation powermgr:binder { call transfer }; 74allow foundation proc_boot_id:file { open read }; 75allow foundation sa_accountmgr:samgr_class { get }; 76allow foundation sa_bgtaskmgr:samgr_class { get }; 77allow foundation sa_bluetooth_server:samgr_class { get }; 78allow foundation sa_dataobs_mgr_service_service:samgr_class { add }; 79allow foundation sa_device_auth_service:samgr_class { get }; 80allow foundation sa_device_profile_service:samgr_class { get }; 81allow foundation sa_device_service_manager:samgr_class { get }; 82allow foundation sa_dhardware_service:samgr_class { get }; 83allow foundation sa_distributeddata_service:samgr_class { get }; 84allow foundation sa_form_mgr_service:samgr_class { add }; 85allow foundation sa_foundation_abilityms:samgr_class { add }; 86allow foundation sa_foundation_ans:samgr_class { add }; 87allow foundation sa_foundation_appms:samgr_class { add get }; 88allow foundation sa_foundation_bms:samgr_class { add get }; 89allow foundation sa_foundation_cesfwk_service:samgr_class { add get }; 90allow foundation sa_foundation_devicemanager_service:samgr_class { add get }; 91allow foundation sa_powermgr_displaymgr_service:samgr_class { add get}; 92allow foundation sa_foundation_dms:samgr_class { get }; 93allow foundation sa_huks_service:samgr_class { get }; 94allow foundation sa_installd_service:samgr_class { get }; 95allow foundation sa_msdp_devicestatus_service:samgr_class { get }; 96allow foundation sa_multimodalinput_service:samgr_class { get }; 97allow foundation sa_param_watcher:samgr_class { get }; 98allow foundation sa_screenlock_service:samgr_class { add }; 99allow foundation sa_softbus_service:samgr_class { get }; 100allow foundation sa_subsys_ace_service:samgr_class { get }; 101allow foundation sa_uri_permission_mgr_service:samgr_class { add get }; 102allow foundation sa_privacy_service:samgr_class { get }; 103allow foundation security_param:file { map open read }; 104allow foundation sensors:binder { call }; 105allow foundation softbus_server:binder { transfer }; 106allow foundation startup_param:file { map open read }; 107allow foundation startup_param:parameter_service { set }; 108allow foundation storage_manager:binder { transfer }; 109allow foundation sysfs_hctosys:file { open read }; 110allow foundation sysfs_leds:dir { open read }; 111allow foundation sysfs_rtc:dir { open read }; 112allow foundation sys_param:file { map open read }; 113allow foundation system_basic_hap_attr:process { sigkill }; 114allow foundation system_bin_file:dir { search }; 115allow foundation system_core_hap_attr:fd { use }; 116allow foundation system_basic_hap_attr:fd { use }; 117allow foundation system_core_hap_attr:process { signal }; 118allow foundation system_etc_power_mode_config_file:file { getattr open read }; 119allow foundation system_file:dir { getattr open read }; 120allow foundation system_file:file { getattr map open read }; 121allow foundation system_lib_file:dir { getattr }; 122allow foundation sys_usb_param:file { map open read }; 123allow foundation token_sync_service:binder { call }; 124allow foundation ui_service:binder { transfer }; 125allow foundation wallpaper_service:binder { call }; 126allow foundation wifi_manager_service:binder { call }; 127allow foundation allocator_host:fd { use }; 128allow foundation useriam:binder { call transfer }; 129allowxperm foundation data_service_el1_file:file ioctl { 0xf50c 0xf546 0xf547 }; 130allowxperm foundation dev_dri_file:chr_file ioctl { 0x641f }; 131allowxperm foundation dev_mali:chr_file ioctl { 0x8000 0x8001 0x8003 0x8018 }; 132