1# Copyright (c) 2023 Huawei Device Co., Ltd.
2# Licensed under the Apache License, Version 2.0 (the "License");
3# you may not use this file except in compliance with the License.
4# You may obtain a copy of the License at
5#
6#     http://www.apache.org/licenses/LICENSE-2.0
7#
8# Unless required by applicable law or agreed to in writing, software
9# distributed under the License is distributed on an "AS IS" BASIS,
10# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11# See the License for the specific language governing permissions and
12# limitations under the License.
13
14neverallow { domain -accesstoken_service -init -privacy_service -accesstoken_data_file_violator_dir updater_only(`-updater') } accesstoken_data_file:dir *;
15neverallow { domain -accesstoken_service -init -privacy_service -accesstoken_data_file_violator_file updater_only(`-updater') } accesstoken_data_file:file *;
16
17neverallow accesstoken_service accesstoken_data_file:dir ~{ search add_name open read write remove_name ioctl };
18neverallow accesstoken_service accesstoken_data_file:file ~{ open read getattr ioctl lock write create unlink map setattr };
19
20neverallow init accesstoken_data_file:dir ~{ getattr open read relabelto setattr search };
21neverallow init accesstoken_data_file:file ~{ read write getattr setattr relabelto open };
22
23neverallow privacy_service accesstoken_data_file:dir ~{ search add_name open read write remove_name ioctl };
24neverallow privacy_service accesstoken_data_file:file ~{ open read getattr ioctl lock write create unlink map setattr };
25