1# Copyright (c) 2023 Huawei Device Co., Ltd. 2# Licensed under the Apache License, Version 2.0 (the "License"); 3# you may not use this file except in compliance with the License. 4# You may obtain a copy of the License at 5# 6# http://www.apache.org/licenses/LICENSE-2.0 7# 8# Unless required by applicable law or agreed to in writing, software 9# distributed under the License is distributed on an "AS IS" BASIS, 10# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11# See the License for the specific language governing permissions and 12# limitations under the License. 13 14allow useriam sa_sensor_service:samgr_class { get }; 15allow useriam sa_miscdevice_service:samgr_class { get }; 16allow useriam sensors:binder { call }; 17 18allow useriam accesstoken_service:binder { call }; 19allow useriam accountmgr:binder { call }; 20allow useriam accountmgr:fd { use }; 21allow useriam bootevent_param:file { map open read }; 22allow useriam bootevent_param:parameter_service { set }; 23allow useriam bootevent_samgr_param:file { map open read }; 24allow useriam build_version_param:file { map open read }; 25allow useriam const_allow_mock_param:file { map open read }; 26allow useriam const_allow_param:file { map open read }; 27allow useriam const_build_param:file { map open read }; 28allow useriam const_display_brightness_param:file { map open read }; 29allow useriam const_param:file { map open read }; 30allow useriam const_postinstall_fstab_param:file { map open read }; 31allow useriam const_postinstall_param:file { map open read }; 32allow useriam const_product_param:file { map open read }; 33allow useriam debug_param:file { map open read }; 34allow useriam default_param:file { map open read }; 35allow useriam dev_at_file:chr_file { ioctl }; 36allow useriam dev_unix_socket:dir { search }; 37allow useriam distributedsche_param:file { map open read }; 38allow useriam hdf_devmgr:binder { call transfer }; 39allow useriam hilog_param:file { map open read }; 40allow useriam hw_sc_build_os_param:file { map open read }; 41allow useriam hw_sc_build_param:file { map open read }; 42allow useriam hw_sc_param:file { map open read }; 43allow useriam init_param:file { map open read }; 44allow useriam init_svc_param:file { map open read }; 45allow useriam input_pointer_device_param:file { map open read }; 46allow useriam kernel:unix_stream_socket { connectto }; 47allow useriam net_param:file { map open read }; 48allow useriam net_tcp_param:file { map open read }; 49allow useriam ohos_boot_param:file { map open read }; 50allow useriam ohos_param:file { map open read }; 51allow useriam paramservice_socket:sock_file { write }; 52allow useriam param_watcher:binder { call transfer }; 53allow useriam persist_param:file { map open read }; 54allow useriam persist_sys_param:file { map open read }; 55allow useriam pinauth:binder { call transfer }; 56allow useriam sa_param_watcher:samgr_class { get }; 57allow useriam security_param:file { map open read }; 58allow useriam startup_param:file { map open read }; 59allow useriam sys_param:file { map open read }; 60allow useriam system_basic_hap_attr:binder { call }; 61allow useriam system_bin_file:dir { search }; 62allow useriam sys_usb_param:file { map open read }; 63allow useriam tracefs:dir { search }; 64allow useriam tracefs_trace_marker_file:file { open write }; 65allow useriam user_auth_host:binder { call transfer }; 66allow useriam useriam:unix_dgram_socket { getopt setopt }; 67allowxperm useriam dev_at_file:chr_file ioctl { 0x4103 }; 68allow useriam face_auth_host:binder { call transfer }; 69allow useriam fingerprint_auth_host:binder { call transfer }; 70allow useriam render_service:binder { call transfer }; 71allow useriam foundation:binder { call transfer }; 72allow useriam normal_hap_attr:binder { call }; 73allow useriam sa_render_service:samgr_class { get }; 74allow useriam sa_foundation_cesfwk_service:samgr_class { get }; 75allow useriam sa_powermgr_displaymgr_service:samgr_class { get }; 76allow useriam sa_foundation_dms:samgr_class { get }; 77binder_call(useriam, powermgr); 78allow useriam sa_powermgr_powermgr_service:samgr_class { get }; 79allow useriam dev_mali:chr_file { getattr ioctl map open read write }; 80allow useriam sysfs_devices_system_cpu:dir { read open }; 81allow useriam allocator_host:fd { use }; 82allow useriam sa_foundation_abilityms:samgr_class { get }; 83 84# avc: denied { call } for pid=466 comm="useriam" scontext=u:r:useriam:s0 tcontext=u:r:huks_service:s0 tclass=binder permissive=1 85allow useriam huks_service:binder { call }; 86 87allow useriam sensors:binder { transfer }; 88allow sensors useriam:fd { use }; 89allow sensors useriam:unix_stream_socket { read write }; 90allow useriam devinfo_private_param:file { map open read }; 91allow sensors useriam:binder { call }; 92allow useriam storage_daemon:binder { call }; 93 94