1# Copyright (c) 2024 Huawei Device Co., Ltd.
2# Licensed under the Apache License, Version 2.0 (the "License");
3# you may not use this file except in compliance with the License.
4# You may obtain a copy of the License at
5#
6#     http://www.apache.org/licenses/LICENSE-2.0
7#
8# Unless required by applicable law or agreed to in writing, software
9# distributed under the License is distributed on an "AS IS" BASIS,
10# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11# See the License for the specific language governing permissions and
12# limitations under the License.
13
14# avc:  denied  { map } for pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:arkcompiler_param:s0 tclass=file permissive=1
15# avc:  denied  { open } for pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:arkcompiler_param:s0 tclass=file permissive=1
16# avc:  denied  { read } for pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:arkcompiler_param:s0 tclass=file permissive=1
17allow powermgr arkcompiler_param:file { read open getattr map };
18
19# avc:  denied  { map } pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:bootevent_param:s0 tclass=file permissive=1
20# avc:  denied  { open } pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:bootevent_param:s0 tclass=file permissive=1
21# avc:  denied  { read } pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:bootevent_param:s0 tclass=file permissive=1
22allow powermgr bootevent_param:file { map open read };
23
24# avc:  denied  { set } for scontext=u:r:powermgr:s0 tcontext=u:object_r:bootevent_param:s0 tclass=parameter_service permissive=0
25allow powermgr bootevent_param:parameter_service { set };
26
27# avc:  denied  { read } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:bootevent_samgr_param:s0 tclass=file permissive=1
28# avc:  denied  { open } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:bootevent_samgr_param:s0 tclass=file permissive=1
29# avc:  denied  { map } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:bootevent_samgr_param:s0 tclass=file permissive=1
30allow powermgr bootevent_samgr_param:file { map open read };
31
32# avc:  denied  { set } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:bootevent_wms_param:s0 tclass=parameter_service permissive=1
33allow powermgr bootevent_wms_param:parameter_service { set };
34
35# avc:  denied  { read } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:build_version_param:s0 tclass=file permissive=1
36# avc:  denied  { open } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:build_version_param:s0 tclass=file permissive=1
37# avc:  denied  { map } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:build_version_param:s0 tclass=file permissive=1
38allow powermgr build_version_param:file { map open read };
39
40# avc:  denied  { search } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:chip_prod_file:s0 tclass=dir permissive=1
41allow powermgr chip_prod_file:dir { search };
42
43# avc:  denied  { create } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:configfs:s0 tclass=dir permissive=1
44# avc:  denied  { read } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:configfs:s0 tclass=dir permissive=1
45allow powermgr configfs:dir { add_name create open read remove_name rmdir search write };
46
47# avc:  denied  { search } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:configfs:s0 tclass=file permissive=1
48allow powermgr configfs:file { open write };
49
50# avc:  denied  { map open read } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:const_allow_mock_param:s0 tclass=file permissive=1
51allow powermgr const_allow_mock_param:file { map open read };
52
53# avc:  denied  { map open read } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:const_allow_param:s0 tclass=file permissive=1
54allow powermgr const_allow_param:file { map open read };
55
56# avc:  denied  { map open read } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:const_build_param:s0 tclass=file permissive=1
57allow powermgr const_build_param:file { map open read };
58
59# avc:  denied  { map open read } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:const_display_brightness_param:s0 tclass=file permissive=1
60allow powermgr const_display_brightness_param:file { map open read };
61
62# avc:  denied  { map open read } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:const_param:s0 tclass=file permissive=1
63allow powermgr const_param:file { map open read };
64
65# avc:  denied  { map open read } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:const_postinstall_fstab_param:s0 tclass=file permissive=1
66allow powermgr const_postinstall_fstab_param:file { map open read };
67
68# avc:  denied  { map open read } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:const_postinstall_param:s0 tclass=file permissive=1
69allow powermgr const_postinstall_param:file { map open read };
70
71# avc:  denied  { map open read } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:const_product_param:s0 tclass=file permissive=1
72allow powermgr const_product_param:file { map open read };
73
74# avc:  denied  { search } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:data_app_el1_file:s0 tclass=dir permissive=1
75allow powermgr data_app_el1_file:dir { search };
76
77# avc:  denied  { getattr map read open } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:data_app_el1_file:s0 tclass=file permissive=1
78allow powermgr data_app_el1_file:file { getattr map read open };
79
80# avc:  denied  { search } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:data_app_file:s0 tclass=dir permissive=1
81allow powermgr data_app_file:dir { search };
82
83# avc:  denied  { search } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:data_data_file:s0 tclass=dir permissive=1
84allow powermgr data_data_file:dir { search };
85
86# avc:  denied  { getattr open read search } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:data_data_pulse_dir:s0 tclass=dir permissive=1
87allow powermgr data_data_pulse_dir:dir { getattr open read search };
88
89# avc:  denied  { lock open read write } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:data_data_pulse_dir:s0 tclass=file permissive=1
90allow powermgr data_data_pulse_dir:file { lock open read write };
91
92# avc:  denied  { getattr open read search } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:data_file:s0 tclass=dir permissive=1
93allow powermgr data_file:dir { getattr open read search };
94
95# avc:  denied  { getattr map read open } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:data_file:s0 tclass=file permissive=1
96allow powermgr data_file:file { getattr map read open };
97
98# avc:  denied  { getattr map read open } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:data_init_agent:s0 tclass=dir permissive=1
99allow powermgr data_init_agent:dir { search };
100
101# avc:  denied  { create getattr map read open } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:data_service_el1_file:s0 tclass=dir permissive=1
102allow powermgr data_service_el1_file:dir { add_name create remove_name search open write getattr rmdir setattr };
103
104# avc:  denied  { create getattr map read open } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:data_service_el1_file:s0 tclass=file permissive=1
105allow powermgr data_service_el1_file:file { create getattr setattr ioctl open read write append lock map unlink };
106
107# avc:  denied  { search } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:data_service_file:s0 tclass=dir permissive=1
108allow powermgr data_service_file:dir { search };
109
110# avc:  denied  { getattr } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:data_service_el0_file:s0 tclass=file permissive=1
111allow powermgr data_service_el0_file:file { getattr };
112
113# avc:  denied  { search } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:data_storage:s0 tclass=dir permissive=1
114allow powermgr data_storage:dir { search };
115
116# avc:  denied  { map open read } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:debug_param:s0 tclass=file permissive=1
117allow powermgr debug_param:file { map open read };
118
119# avc:  denied  { map open read } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:default_param:s0 tclass=file permissive=1
120allow powermgr default_param:file { map open read };
121
122# avc:  denied  { open } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:dev_ashmem_file:s0 tclass=chr_file permissive=1
123allow powermgr dev_ashmem_file:chr_file { open };
124
125# avc:  denied  { open write } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:dev_kmsg_file:s0 tclass=chr_file permissive=1
126allow powermgr dev_kmsg_file:chr_file { open write };
127
128# avc:  denied  { read write } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:dev_console_file:s0 tclass=chr_file permissive=1
129allow powermgr dev_console_file:chr_file { read write };
130
131# avc:  denied  { search } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:dev_unix_socket:s0 tclass=dir permissive=1
132allow powermgr dev_unix_socket:dir { search };
133
134# avc:  denied  { write } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:dev_unix_socket:s0 tclass=sock_file permissive=1
135allow powermgr dev_unix_socket:sock_file { write };
136
137# avc:  denied  { map open read } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:devinfo_private_param:s0 tclass=file permissive=1
138allow powermgr devinfo_private_param:file { map open read };
139
140# avc:  denied  { read write } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:exfat:s0 tclass=file permissive=1
141allow powermgr exfat:file { read write };
142
143# avc:  denied  { read } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:faultloggerd:s0 tclass=fifo_file permissive=1
144allow powermgr faultloggerd:fifo_file { read };
145
146# avc:  denied  { read open map } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:ffrt_param:s0 tclass=file permissive=1
147allow powermgr ffrt_param:file { read open map };
148
149# avc:  denied  { get } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:sa_powermgr_powermgr_service:s0 tclass=samgr_class permissive=1
150allow powermgr powermgr:binder { call transfer };
151allow powermgr powermgr:unix_dgram_socket { getopt setopt };
152
153# avc:  denied  { read write } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:fuse_file:s0 tclass=file permissive=1
154allow powermgr fuse_file:file { read write };
155
156# avc:  denied  { search } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:hdf_ext_devmgr:s0 tclass=dir permissive=1
157allow powermgr hdf_ext_devmgr:dir { search };
158
159# avc:  denied  { getattr open read } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:hdf_ext_devmgr:s0 tclass=file permissive=1
160allow powermgr hdf_ext_devmgr:file { getattr open read };
161
162# avc:  denied  { use } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:hidumper_service:s0 tclass=fd permissive=1
163allow powermgr hidumper_service:fd { use };
164
165# avc:  denied  { write } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:hidumper_service:s0 tclass=fifo_file permissive=1
166allow powermgr hidumper_service:fifo_file { write };
167
168# avc:  denied  { map open read } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:hilog_param:s0 tclass=file permissive=1
169allow powermgr hilog_param:file { map open read };
170
171# avc:  denied  { sendto } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:hiview:s0 tclass=unix_dgram_socket permissive=1
172allow powermgr hiview:unix_dgram_socket { sendto };
173
174# avc:  denied  { open read } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:hiviewdfx_hiview_param:s0 tclass=file permissive=1
175allow powermgr hiviewdfx_hiview_param:file { open read };
176
177# avc:  denied  { read write } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:hmdfs:s0 tclass=file permissive=1
178allow powermgr hmdfs:file { read write };
179
180# avc:  denied  { map open read } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:hw_sc_build_os_param:s0 tclass=file permissive=1
181allow powermgr hw_sc_build_os_param:file { map open read };
182
183# avc:  denied  { map open read } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:hw_sc_build_param:s0 tclass=file permissive=1
184allow powermgr hw_sc_build_param:file { map open read };
185
186# avc:  denied  { map open read } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:hw_sc_param:s0 tclass=file permissive=1
187allow powermgr hw_sc_param:file { map open read };
188
189# avc:  denied  { connectto } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:init:s0 tclass=unix_stream_socket permissive=1
190allow powermgr init:unix_stream_socket { connectto };
191
192# avc:  denied  { map open read } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:init_param:s0 tclass=file permissive=1
193allow powermgr init_param:file { map open read };
194
195# avc:  denied  { map open read } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:init_svc_param:s0 tclass=file permissive=1
196allow powermgr init_svc_param:file { map open read };
197
198# avc:  denied  { map open read } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:input_pointer_device_param:s0 tclass=file permissive=1
199allow powermgr input_pointer_device_param:file { map open read };
200
201# avc:  denied  { connectto } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:kernel:s0 tclass=unix_stream_socket permissive=1
202allow powermgr kernel:unix_stream_socket { connectto };
203
204# avc:  denied  { search } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:key_enable:s0 tclass=key permissive=1
205allow powermgr key_enable:key { search };
206
207# avc:  denied  { read write } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:multimodalinput:s0 tclass=unix_stream_socket permissive=1
208allow powermgr multimodalinput:unix_stream_socket { read write };
209
210# avc:  denied  { map open open } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:musl_param:s0 tclass=file permissive=1
211allow powermgr musl_param:file { map open open};
212
213# avc:  denied  { write } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:native_socket:s0 tclass=sock_file permissive=1
214allow powermgr native_socket:sock_file { write };
215
216# avc:  denied  { map open read } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:net_param:s0 tclass=file permissive=1
217allow powermgr net_param:file { map open read };
218
219# avc:  denied  { map open read } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:net_tcp_param:s0 tclass=file permissive=1
220allow powermgr net_tcp_param:file { map open read };
221
222# avc:  denied  { read write } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:ntfs:s0 tclass=file permissive=1
223allow powermgr ntfs:file { read write };
224
225# avc:  denied  { map open read } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:ohos_boot_param:s0 tclass=file permissive=1
226allow powermgr ohos_boot_param:file { map open read };
227
228# avc:  denied  { map open read } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:ohos_param:s0 tclass=file permissive=1
229allow powermgr ohos_param:file { map open read };
230
231# avc:  denied  { set } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:ohos_param:s0 tclass=parameter_service permissive=1
232allow powermgr ohos_param:parameter_service { set };
233
234# avc:  denied  { write } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:paramservice_socket:s0 tclass=sock_file permissive=1
235allow powermgr paramservice_socket:sock_file { write };
236
237# avc:  denied  { map open read } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:persist_param:s0 tclass=file permissive=1
238allow powermgr persist_param:file { map open read };
239
240# avc:  denied  { map open read } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:persist_param:s0 tclass=parameter_service permissive=1
241allow powermgr persist_param:parameter_service { set };
242
243# avc:  denied  { map open read } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:persist_sys_param:s0 tclass=file permissive=1
244allow powermgr persist_sys_param:file { map open read };
245
246# avc:  denied  { open read getattr } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:proc_file:s0 tclass=file permissive=1
247allow powermgr proc_file:file { open read getattr };
248
249# avc:  denied  { set } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:servicectrl_reboot_param:s0 tclass=parameter_service permissive=1
250allow powermgr servicectrl_reboot_param:parameter_service { set };
251
252# avc:  denied  { map open read } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:devinfo_private_param:s0 tclass=file permissive=1
253allow powermgr devinfo_private_param:file { map open read };
254
255# avc:  denied  { get } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:sa_privacy_service:s0 tclass=samgr_class permissive=1
256allow powermgr sa_privacy_service:samgr_class { get };
257binder_call(powermgr, token_sync_service);
258
259# avc:  denied  { map open read } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:security_param:s0 tclass=file permissive=1
260allow powermgr security_param:file { map open read };
261
262# avc:  denied  { set } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:servicectrl_param:s0 tclass=parameter_service permissive=1
263allow powermgr servicectrl_param:parameter_service { set };
264
265# avc:  denied  { semap open readt } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:startup_param:s0 tclass=file permissive=1
266allow powermgr startup_param:file { map open read };
267
268# avc:  denied  { set } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:startup_param:s0 tclass=parameter_service permissive=1
269allow powermgr startup_param:parameter_service { set };
270
271# avc:  denied  { open read } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:sys_file:s0 tclass=dir permissive=1
272allow powermgr sys_file:dir { open read };
273
274# avc:  denied  { ioctl open read write getattr } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:sys_file:s0 tclass=file permissive=1
275allow powermgr sys_file:file { ioctl open read write getattr };
276
277# avc:  denied  { map open read } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:sys_param:s0 tclass=file permissive=1
278allow powermgr sys_param:file { map open read };
279
280# avc:  denied  { map open read } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:sys_usb_param:s0 tclass=file permissive=1
281allow powermgr sys_usb_param:file { map open read };
282
283# avc:  denied  { open read getattr } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:sysfs_devices_system_cpu:s0 tclass=file permissive=1
284allow powermgr sysfs_devices_system_cpu:file { open read getattr };
285
286# avc:  denied  { open read } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:sysfs_hctosys:s0 tclass=file permissive=1
287allow powermgr sysfs_hctosys:file { open read };
288
289# avc:  denied  { open write ioctl getattr } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:sysfs_hungtask_userlist:s0 tclass=file permissive=1
290allow powermgr sysfs_hungtask_userlist:file { open write ioctl getattr };
291
292# avc:  denied  { open read } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:sysfs_leds:s0 tclass=dir permissive=1
293allow powermgr sysfs_leds:dir { open read };
294
295# avc:  denied  { open read } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:sysfs_rtc:s0 tclass=dir permissive=1
296allow powermgr sysfs_rtc:dir { open read };
297
298# avc:  denied  { search } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:system_bin_file:s0 tclass=dir permissive=1
299allow powermgr system_bin_file:dir { search };
300
301# avc:  denied  { getattr open read } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:system_etc_power_mode_config_file:s0 tclass=file permissive=1
302allow powermgr system_etc_power_mode_config_file:file { getattr open read };
303
304# avc:  denied  { getattr open read } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:system_file:s0 tclass=dir permissive=1
305allow powermgr system_file:dir { getattr open read };
306
307# avc:  denied  { getattr map open read } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:system_file:s0 tclass=file permissive=1
308allow powermgr system_file:file { getattr map open read };
309
310# avc:  denied  { getattr } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:system_lib_file:s0 tclass=dir permissive=1
311allow powermgr system_lib_file:dir { getattr };
312
313# avc:  denied  { search } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:system_usr_file:s0 tclass=dir permissive=1
314allow powermgr system_usr_file:dir { search };
315
316# avc:  denied  { getattr map open read } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:system_usr_file:s0 tclass=file permissive=1
317allow powermgr system_usr_file:file { getattr map open read };
318
319# avc:  denied  { use } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:system_basic_hap_attr:s0 tclass=fd permissive=1
320allow powermgr system_basic_hap_attr:fd { use };
321
322# avc:  denied  { sigkill signal } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:system_basic_hap_attr:s0 tclass=process permissive=1
323allow powermgr system_basic_hap_attr:process { sigkill signal };
324
325# avc:  denied  { read } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:system_basic_hap_data_file_attr:s0 tclass=file permissive=1
326allow powermgr system_basic_hap_data_file_attr:file { read };
327
328# avc:  denied  { search } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:system_core_hap_attr:s0 tclass=dir permissive=1
329allow powermgr system_core_hap_attr:dir { search };
330
331# avc:  denied  { getattr open read } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:system_core_hap_attr:s0 tclass=file permissive=1
332allow powermgr system_core_hap_attr:file { getattr open read };
333
334# avc:  denied  { sigkill signal } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:system_core_hap_attr:s0 tclass=process permissive=1
335allow powermgr system_core_hap_attr:process { sigkill signal };
336
337# avc:  denied  { read } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:system_core_hap_data_file_attr:s0 tclass=file permissive=1
338allow powermgr system_core_hap_data_file_attr:file { read };
339
340# avc:  denied  { read write } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:system_core_hap_attr:s0 tclass=unix_stream_socket permissive=1
341allow powermgr system_core_hap_attr:unix_stream_socket { read write };
342
343# avc:  denied  { use } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:system_core_hap_attr:s0 tclass=fd permissive=1
344allow powermgr system_core_hap_attr:fd { use };
345
346# avc:  denied  { search } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:tracefs:s0 tclass=dir permissive=1
347allow powermgr tracefs:dir { search };
348
349# avc:  denied  { open write } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:tracefs_trace_marker_file:s0 tclass=file permissive=1
350allow powermgr tracefs_trace_marker_file:file { open write };
351
352# avc:  denied  { search } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:vendor_etc_file:s0 tclass=dir permissive=1
353allow powermgr vendor_etc_file:dir { search };
354
355# avc:  denied  { getattr open read } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:vendor_etc_file:s0 tclass=file permissive=1
356allow powermgr vendor_etc_file:file { getattr open read };
357
358# avc:  denied  { search } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:vendor_lib_file:s0 tclass=dir permissive=1
359allow powermgr vendor_lib_file:dir { search };
360
361# avc:  denied  { read } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:vendor_lib_file:s0 tclass=file permissive=1
362allow powermgr vendor_lib_file:file { read };
363
364# avc:  denied  { read write } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:vfat:s0 tclass=file permissive=1
365allow powermgr vfat:file { read write };
366
367allowxperm powermgr data_service_el1_file:file ioctl { 0x5413 0xf50c };
368allowxperm powermgr sys_file:file ioctl { 0x5413 };
369
370# avc:  denied  { get } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:sa_media_service:s0 tclass=samgr_class permissive=1
371allow powermgr sa_media_service:samgr_class { get };
372binder_call(powermgr, media_service);
373
374# avc:  denied  { get } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:sa_bgtaskmgr:s0 tclass=samgr_class permissive=1
375allow powermgr sa_bgtaskmgr:samgr_class { get };
376binder_call(powermgr, bgtaskmgr_service);
377
378# avc:  denied  { get } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:sa_render_service:s0 tclass=samgr_class permissive=1
379allow powermgr sa_render_service:samgr_class { get };
380binder_call(powermgr, render_service);
381binder_call(render_service, powermgr);
382
383# avc:  denied  { get } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:sa_net_conn_manager:s0 tclass=samgr_class permissive=1
384allow powermgr sa_net_conn_manager:samgr_class { get };
385binder_call(powermgr, netmanager);
386
387# avc:  denied  { get } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:sa_accesstoken_manager_service:s0 tclass=samgr_class permissive=1
388allow powermgr sa_accesstoken_manager_service:samgr_class { get };
389binder_call(powermgr, accesstoken_service);
390
391# avc:  denied  { get } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:sa_accountmgr:s0 tclass=samgr_class permissive=1
392allow powermgr sa_accountmgr:samgr_class { get };
393binder_call(powermgr, accountmgr);
394
395# avc:  denied  { get } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:sa_distributeddata_service:s0 tclass=samgr_class permissive=1
396allow powermgr sa_distributeddata_service:samgr_class { get };
397binder_call(powermgr, distributeddata);
398
399# avc:  denied  { get } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:sa_multimodalinput_service:s0 tclass=samgr_class permissive=1
400allow powermgr sa_multimodalinput_service:samgr_class { get };
401binder_call(powermgr, multimodalinput);
402
403# avc:  denied  { get } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:sa_param_watcher:s0 tclass=samgr_class permissive=1
404allow powermgr sa_param_watcher:samgr_class { get };
405binder_call(powermgr, param_watcher);
406
407# avc:  denied  { get } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:sa_privacy_service:s0 tclass=samgr_class permissive=1
408allow powermgr sa_privacy_service:samgr_class { get };
409
410# avc:  denied  { get } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:sa_sensor_service:s0 tclass=samgr_class permissive=1
411allow powermgr sa_sensor_service:samgr_class { get };
412binder_call(powermgr, sensors);
413
414# avc:  denied  { get } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:sa_time_service:s0 tclass=samgr_class permissive=1
415allow powermgr sa_time_service:samgr_class { get };
416binder_call(powermgr, time_service);
417
418# avc:  denied  { get } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:sa_device_service_manager:s0 tclass=samgr_class permissive=1
419allow powermgr sa_device_service_manager:samgr_class { get };
420binder_call(powermgr, hdf_devmgr);
421
422# avc:  denied  { get } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:sa_foundation_abilityms:s0 tclass=samgr_class permissive=1
423allow powermgr sa_foundation_abilityms:samgr_class { get };
424
425# avc:  denied  { get } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:sa_foundation_appms:s0 tclass=samgr_class permissive=1
426allow powermgr sa_foundation_appms:samgr_class { get };
427
428# avc:  denied  { get } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:sa_foundation_bms:s0 tclass=samgr_class permissive=1
429allow powermgr sa_foundation_bms:samgr_class { get };
430
431# avc:  denied  { get } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:sa_foundation_cesfwk_service:s0 tclass=samgr_class permissive=1
432allow powermgr sa_foundation_cesfwk_service:samgr_class { get };
433
434# avc:  denied  { get } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:sa_foundation_devicemanager_service:s0 tclass=samgr_class permissive=1
435allow powermgr sa_foundation_devicemanager_service:samgr_class { get };
436
437# avc:  denied  { get } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:sa_foundation_dms:s0 tclass=samgr_class permissive=1
438allow powermgr sa_foundation_dms:samgr_class { get };
439
440# avc:  denied  { get } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:sa_foundation_tel_call_manager:s0 tclass=samgr_class permissive=1
441allow powermgr sa_foundation_tel_call_manager:samgr_class { get };
442
443# avc:  denied  { get } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:sa_foundation_tel_state_registry:s0 tclass=samgr_class permissive=1
444allow powermgr sa_foundation_tel_state_registry:samgr_class { get };
445
446# avc:  denied  { get } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:sa_foundation_wms:s0 tclass=samgr_class permissive=1
447allow powermgr sa_foundation_wms:samgr_class { get };
448
449# avc:  denied  { get } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:sa_uri_permission_mgr_service:s0 tclass=samgr_class permissive=1
450allow powermgr sa_uri_permission_mgr_service:samgr_class { get };
451binder_call(powermgr, foundation);
452
453# avc:  denied  { get } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:sa_accessibleabilityms:s0 tclass=samgr_class permissive=1
454allow powermgr sa_accessibleabilityms:samgr_class { get };
455binder_call(powermgr, accessibility);
456
457# avc:  denied  { get } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:sa_bluetooth_server:s0 tclass=samgr_class permissive=1
458allow powermgr sa_bluetooth_server:samgr_class { get };
459binder_call(powermgr, bluetooth_service);
460
461# avc:  denied  { get } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:sa_camera_service:s0 tclass=samgr_class permissive=1
462allow powermgr sa_camera_service:samgr_class { get };
463binder_call(powermgr, camera_service);
464
465# avc:  denied  { get } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:sa_telephony_tel_core_service:s0 tclass=samgr_class permissive=1
466allow powermgr sa_telephony_tel_core_service:samgr_class { get };
467binder_call(powermgr, telephony_sa);
468
469# avc:  denied  { get } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:object_r:sa_memory_manager_service:s0 tclass=samgr_class permissive=1
470allow powermgr sa_memory_manager_service:samgr_class { get };
471binder_call(powermgr, memmgrservice);
472
473# avc:  denied  { call } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:hdcd:s0 tclass=binder permissive=1
474binder_call(powermgr, hdcd);
475
476# avc:  denied  { call transfer } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:hdf_ext_devmgr:s0 tclass=binder permissive=1
477binder_call(powermgr, hdf_ext_devmgr);
478
479# avc:  denied  { call transfer } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:hiview:s0 tclass=binder permissive=1
480binder_call(powermgr, hiview);
481
482# avc:  denied  { call transfer } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:power_host:s0 tclass=binder permissive=1
483binder_call(powermgr, power_host);
484
485# avc:  denied  { call } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:samgr:s0 tclass=binder permissive=1
486binder_call(powermgr, samgr);
487
488# avc:  denied  { transfer } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:system_basic_hap_attr:s0 tclass=binder permissive=1
489binder_call(powermgr, system_basic_hap_attr);
490
491# avc:  denied  { transfer } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:system_core_hap_attr:s0 tclass=binder permissive=1
492binder_call(powermgr, system_core_hap_attr);
493
494# avc:  denied  { transfer } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:normal_hap_attr:s0 tclass=binder permissive=1
495binder_call(powermgr, normal_hap_attr);
496
497# avc:  denied  { call } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:wifi_manager_service:s0 tclass=binder permissive=1
498binder_call(powermgr, wifi_manager_service);
499
500# avc:  denied  { call transfer } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:riladapter_host:s0 tclass=binder permissive=1
501binder_call(powermgr, riladapter_host);
502
503# avc:  denied  { call transfer } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:pasteboard_service:s0 tclass=binder permissive=1
504binder_call(powermgr, pasteboard_service);
505
506# avc:  denied  { call } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:dhardware:s0 tclass=binder permissive=1
507binder_call(powermgr, dhardware);
508
509# avc:  denied  { call } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:ui_service:s0 tclass=binder permissive=1
510binder_call(powermgr, ui_service);
511
512# avc:  denied  { call transfer } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:useriam:s0 tclass=binder permissive=1
513binder_call(powermgr, useriam);
514
515# avc:  denied  { call transfer } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:drm_service:s0 tclass=binder permissive=1
516binder_call(powermgr, drm_service);
517
518# avc:  denied  { call } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:dscreen:s0 tclass=binder permissive=1
519binder_call(powermgr, dscreen);
520
521# avc:  denied  { call } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:edm_sa:s0 tclass=binder permissive=1
522binder_call(powermgr, edm_sa);
523
524# avc:  denied  { call } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:inputmethod_service:s0 tclass=binder permissive=1
525binder_call(powermgr, inputmethod_service);
526
527# avc:  denied  { call } for  pid=1216 scontext=u:r:powermgr:s0 tcontext=u:r:memmgrservice:s0 tclass=binder permissive=1
528binder_call(powermgr, memmgrservice);
529
530# avc:  denied  { call } for  pid=1480 scontext=u:r:powermgr:s0 tcontext=u:r:distributedsche:s0 tclass=binder permissive=1
531binder_call(powermgr, distributedsche);
532
533# avc:  denied  { map open read } for  pid=1480 scontext=u:r:powermgr:s0 tcontext=u:object_r:distributedsche_param:s0 tclass=file permissive=1
534allow powermgr distributedsche_param:file { map open read };
535
536# avc:  denied  { set } for  parameter=persist.powermgr.stopservice pid=1262 uid=5528 gid=1000 scontext=u:r:powermgr:s0 tcontext=u:object_r:powermgr_param:s0 tclass=parameter_service permissive=1
537allow powermgr powermgr_param:parameter_service { set };
538
539