From 05eb3447a792ed3a1c716028ecbbc4fa9d59401b Mon Sep 17 00:00:00 2001 From: jinsitao Date: Fri, 8 Aug 2025 17:57:16 +0800 Subject: [PATCH 1/2] =?UTF-8?q?=E6=96=B0=E5=A2=9Egamecontroller=E7=9A=84po?= =?UTF-8?q?licy?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: jinsitao --- .../system/debug_hap.te | 18 +++++ .../system/foundation.te | 14 ++++ .../system/gamecontroller_server.te | 81 +++++++++++++++++++ .../game_controller_service/system/init.te | 15 ++++ .../system/normal_hap_attr.te | 18 +++++ .../game_controller_service/system/service.te | 14 ++++ .../system/service_contexts | 14 ++++ .../game_controller_service/system/type.te | 16 ++++ 8 files changed, 190 insertions(+) create mode 100644 sepolicy/ohos_policy/gamecontroller/game_controller_service/system/debug_hap.te create mode 100644 sepolicy/ohos_policy/gamecontroller/game_controller_service/system/foundation.te create mode 100644 sepolicy/ohos_policy/gamecontroller/game_controller_service/system/gamecontroller_server.te create mode 100644 sepolicy/ohos_policy/gamecontroller/game_controller_service/system/init.te create mode 100644 sepolicy/ohos_policy/gamecontroller/game_controller_service/system/normal_hap_attr.te create mode 100644 sepolicy/ohos_policy/gamecontroller/game_controller_service/system/service.te create mode 100644 sepolicy/ohos_policy/gamecontroller/game_controller_service/system/service_contexts create mode 100644 sepolicy/ohos_policy/gamecontroller/game_controller_service/system/type.te diff --git a/sepolicy/ohos_policy/gamecontroller/game_controller_service/system/debug_hap.te b/sepolicy/ohos_policy/gamecontroller/game_controller_service/system/debug_hap.te new file mode 100644 index 000000000..6351dbe4f --- /dev/null +++ b/sepolicy/ohos_policy/gamecontroller/game_controller_service/system/debug_hap.te @@ -0,0 +1,18 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +allow debug_hap gamecontroller_server:binder { call transfer }; +allow debug_hap sa_gamecontroller_server:samgr_class { get }; + + + diff --git a/sepolicy/ohos_policy/gamecontroller/game_controller_service/system/foundation.te b/sepolicy/ohos_policy/gamecontroller/game_controller_service/system/foundation.te new file mode 100644 index 000000000..8d460164a --- /dev/null +++ b/sepolicy/ohos_policy/gamecontroller/game_controller_service/system/foundation.te @@ -0,0 +1,14 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +allow foundation gamecontroller_server:binder { transfer call }; diff --git a/sepolicy/ohos_policy/gamecontroller/game_controller_service/system/gamecontroller_server.te b/sepolicy/ohos_policy/gamecontroller/game_controller_service/system/gamecontroller_server.te new file mode 100644 index 000000000..4e5453d93 --- /dev/null +++ b/sepolicy/ohos_policy/gamecontroller/game_controller_service/system/gamecontroller_server.te @@ -0,0 +1,81 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +allow gamecontroller_server sa_gamecontroller_server:samgr_class { add }; + +binder_call(gamecontroller_server, foundation); +binder_call(gamecontroller_server, debug_hap); +binder_call(gamecontroller_server, normal_hap_attr); + +allow gamecontroller_server normal_hap:dir { search open read }; +allow gamecontroller_server normal_hap:file { getattr open read }; + +# avc_audit_slow:277] avc: denied { search } for pid=6681, comm="/system/bin/sa_main" name="/lib64" dev="overlay" ino=1 scontext=u:r:gamecontroller_server:s0 tcontext=u:object_r:chip_prod_file:s0 tclass=dir permissive=1 +allow gamecontroller_server chip_prod_file:dir { search }; + +# avc_audit_slow:277] avc: denied { map } for pid=6681, comm="/system/bin/sa_main" path="/dev/__parameters__/u:object_r:debug_param:s0" dev="" ino=260 scontext=u:r:gamecontroller_server:s0 tcontext=u:object_r:debug_param:s0 tclass=file permissive=1 +# avc_audit_slow:277] avc: denied { open } for pid=6681, comm="/system/bin/sa_main" path="/dev/__parameters__/u:object_r:debug_param:s0" dev="" ino=260 scontext=u:r:gamecontroller_server:s0 tcontext=u:object_r:debug_param:s0 tclass=file permissive=1 +# avc_audit_slow:277] avc: denied { read } for pid=6681, comm="/system/bin/sa_main" path="/dev/__parameters__/u:object_r:debug_param:s0" dev="" ino=260 scontext=u:r:gamecontroller_server:s0 tcontext=u:object_r:debug_param:s0 tclass=file permissive=1 +allow gamecontroller_server debug_param:file { map open read }; + +# avc_audit_slow:277] avc: denied { write } for pid=6681, comm="/system/bin/sa_main" path="/dev/kmsg" dev="" ino=23 scontext=u:r:gamecontroller_server:s0 tcontext=u:object_r:dev_kmsg_file:s0 tclass=chr_file permissive=1 +allow gamecontroller_server dev_kmsg_file:chr_file { write }; + +# avc_audit_slow:277] avc: denied { getopt } for pid=6681, comm="/system/bin/sa_main" scontext=u:r:gamecontroller_server:s0 tcontext=u:r:gamecontroller_server:s0 tclass=unix_dgram_socket permissive=1 +# avc_audit_slow:277] avc: denied { setopt } for pid=6681, comm="/system/bin/sa_main" scontext=u:r:gamecontroller_server:s0 tcontext=u:r:gamecontroller_server:s0 tclass=unix_dgram_socket permissive=1 +allow gamecontroller_server gamecontroller_server:unix_dgram_socket { getopt setopt }; + +# avc_audit_slow:277] avc: denied { map } for pid=6681, comm="/system/bin/sa_main" path="/dev/__parameters__/u:object_r:persist_sys_param:s0" dev="" ino=259 scontext=u:r:gamecontroller_server:s0 tcontext=u:object_r:persist_sys_param:s0 tclass=file permissive=1 +# avc_audit_slow:277] avc: denied { open } for pid=6681, comm="/system/bin/sa_main" path="/dev/__parameters__/u:object_r:persist_sys_param:s0" dev="" ino=259 scontext=u:r:gamecontroller_server:s0 tcontext=u:object_r:persist_sys_param:s0 tclass=file permissive=1 +# avc_audit_slow:277] avc: denied { read } for pid=6681, comm="/system/bin/sa_main" path="/dev/__parameters__/u:object_r:persist_sys_param:s0" dev="" ino=259 scontext=u:r:gamecontroller_server:s0 tcontext=u:object_r:persist_sys_param:s0 tclass=file permissive=1 +allow gamecontroller_server persist_sys_param:file { map open read }; + +# avc_audit_slow:277] avc: denied { map } for pid=6681, comm="/system/bin/sa_main" path="/dev/__parameters__/u:object_r:sys_param:s0" dev="" ino=247 scontext=u:r:gamecontroller_server:s0 tcontext=u:object_r:sys_param:s0 tclass=file permissive=1 +# avc_audit_slow:277] avc: denied { open } for pid=6681, comm="/system/bin/sa_main" path="/dev/__parameters__/u:object_r:sys_param:s0" dev="" ino=247 scontext=u:r:gamecontroller_server:s0 tcontext=u:object_r:sys_param:s0 tclass=file permissive=1 +# avc_audit_slow:277] avc: denied { read } for pid=6681, comm="/system/bin/sa_main" path="/dev/__parameters__/u:object_r:sys_param:s0" dev="" ino=247 scontext=u:r:gamecontroller_server:s0 tcontext=u:object_r:sys_param:s0 tclass=file permissive=1 +allow gamecontroller_server sys_param:file { map open read }; + +# avc_audit_slow:277] avc: denied { search } for pid=8143, comm="/system/bin/sa_main" name="/service" dev="/dev/block/platform/fa500000.ufs/by-name/userdata" ino=9 scontext=u:r:gamecontroller_server:s0 tcontext=u:object_r:data_service_file:s0 tclass=dir permissive=1 +allow gamecontroller_server data_service_file:dir { search }; + +# avc_audit_slow:277] avc: denied { search } for pid=8143, comm="/system/bin/sa_main" name="/unix/socket" dev="" ino=229 scontext=u:r:gamecontroller_server:s0 tcontext=u:object_r:dev_unix_socket:s0 tclass=dir permissive=1 +allow gamecontroller_server dev_unix_socket:dir { search }; + +# avc: denied { get } for service=401 sid=u:r:gamecontroller_server:s0 scontext=u:r:gamecontroller_server:s0 tcontext=u:object_r:sa_foundation_bms:s0 tclass=samgr_class permissive=1 +allow gamecontroller_server sa_foundation_bms:samgr_class { get }; + +# avc_audit_slow:278] avc: denied { search } for pid=9185, comm="/system/bin/sa_main" name="/service/el1/public/gamecontroller_server" dev="/dev/block/platform/fa500000.ufs/by-name/userdata" ino=3795 scontext=u:r:gamecontroller_server:s0 tcontext=u:object_r:data_service_el1_file:s0 tclass=dir permissive=1 +# avc_audit_slow:278] avc: denied { write add_name search } for pid=9185, comm="/system/bin/sa_main" name="/service/el1/public/gamecontroller_server" dev="/dev/block/platform/fa500000.ufs/by-name/userdata" ino=3795 scontext=u:r:gamecontroller_server:s0 tcontext=u:object_r:data_service_el1_file:s0 tclass=dir permissive=1 +allow gamecontroller_server data_service_el1_file:dir { search write add_name search }; + +# avc_audit_slow:278] avc: denied { create } for pid=9185, comm="/system/bin/sa_main" name="/service/el1/public/gamecontroller_server/device_config.json" dev="/dev/block/platform/fa500000.ufs/by-name/userdata" ino=55160 scontext=u:r:gamecontroller_server:s0 tcontext=u:object_r:data_service_el1_file:s0 tclass=file permissive=1 +# avc_audit_slow:278] avc: denied { getattr } for pid=9185, comm="/system/bin/sa_main" path="/data/service/el1/public/gamecontroller_server/game_support_key_mapping.json" dev="/dev/block/platform/fa500000.ufs/by-name/userdata" ino=55153 scontext=u:r:gamecontroller_server:s0 tcontext=u:object_r:data_service_el1_file:s0 tclass=file permissive=1 +# avc_audit_slow:278] avc: denied { ioctl } for pid=9185, comm="/system/bin/sa_main" path="/data/service/el1/public/gamecontroller_server/game_support_key_mapping.json" dev="/dev/block/platform/fa500000.ufs/by-name/userdata" ino=55153 ioctlcmd=0x5413 scontext=u:r:gamecontroller_server:s0 tcontext=u:object_r:data_service_el1_file:s0 tclass=file permissive=1 +# avc_audit_slow:278] avc: denied { open } for pid=9185, comm="/system/bin/sa_main" path="/data/service/el1/public/gamecontroller_server/game_support_key_mapping.json" dev="/dev/block/platform/fa500000.ufs/by-name/userdata" ino=55153 scontext=u:r:gamecontroller_server:s0 tcontext=u:object_r:data_service_el1_file:s0 tclass=file permissive=1 +# avc_audit_slow:278] avc: denied { read } for pid=9185, comm="/system/bin/sa_main" path="/data/service/el1/public/gamecontroller_server/device_config.json" dev="/dev/block/platform/fa500000.ufs/by-name/userdata" ino=55160 scontext=u:r:gamecontroller_server:s0 tcontext=u:object_r:data_service_el1_file:s0 tclass=file permissive=1 +# avc_audit_slow:278] avc: denied { setattr } for pid=9185, comm="/system/bin/sa_main" name="/service/el1/public/gamecontroller_server/device_config.json" dev="/dev/block/platform/fa500000.ufs/by-name/userdata" ino=55160 scontext=u:r:gamecontroller_server:s0 tcontext=u:object_r:data_service_el1_file:s0 tclass=file permissive=1 +# avc_audit_slow:278] avc: denied { write } for pid=9185, comm="/system/bin/sa_main" path="/data/service/el1/public/gamecontroller_server/game_support_key_mapping.json" dev="/dev/block/platform/fa500000.ufs/by-name/userdata" ino=55153 scontext=u:r:gamecontroller_server:s0 tcontext=u:object_r:data_service_el1_file:s0 tclass=file permissive=1 +allow gamecontroller_server data_service_el1_file:file { create getattr ioctl open read setattr write }; + +# avc: denied { get } for service=3299 sid=u:r:gamecontroller_server:s0 scontext=u:r:gamecontroller_server:s0 tcontext=u:object_r:sa_foundation_cesfwk_service:s0 tclass=samgr_class permissive=1 +allow gamecontroller_server sa_foundation_cesfwk_service:samgr_class { get }; + +# avc_audit_slow:278] avc: denied { getattr } for pid=9185, comm="/system/bin/sa_main" path="/sys/devices/system/cpu/online" dev="" ino=94 scontext=u:r:gamecontroller_server:s0 tcontext=u:object_r:sysfs_devices_system_cpu:s0 tclass=file permissive=1 +# avc_audit_slow:278] avc: denied { open } for pid=9185, comm="/system/bin/sa_main" path="/sys/devices/system/cpu/online" dev="" ino=94 scontext=u:r:gamecontroller_server:s0 tcontext=u:object_r:sysfs_devices_system_cpu:s0 tclass=file permissive=1 +# avc_audit_slow:278] avc: denied { read } for pid=9185, comm="/system/bin/sa_main" path="/sys/devices/system/cpu/online" dev="" ino=94 scontext=u:r:gamecontroller_server:s0 tcontext=u:object_r:sysfs_devices_system_cpu:s0 tclass=file permissive=1 +allow gamecontroller_server sysfs_devices_system_cpu:file { getattr open read }; + +# avc_audit_slow:278] avc: denied { ioctl } for pid=9185, comm="/system/bin/sa_main" path="/data/service/el1/public/gamecontroller_server/game_support_key_mapping.json" dev="/dev/block/platform/fa500000.ufs/by-name/userdata" ino=55153 ioctlcmd=0x5413 scontext=u:r:gamecontroller_server:s0 tcontext=u:object_r:data_service_el1_file:s0 tclass=file permissive=1 +allowxperm gamecontroller_server data_service_el1_file:file ioctl { 0x5413 }; + + diff --git a/sepolicy/ohos_policy/gamecontroller/game_controller_service/system/init.te b/sepolicy/ohos_policy/gamecontroller/game_controller_service/system/init.te new file mode 100644 index 000000000..b6fa16ac5 --- /dev/null +++ b/sepolicy/ohos_policy/gamecontroller/game_controller_service/system/init.te @@ -0,0 +1,15 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +allow init gamecontroller_server:process { rlimitinh siginh transition }; + diff --git a/sepolicy/ohos_policy/gamecontroller/game_controller_service/system/normal_hap_attr.te b/sepolicy/ohos_policy/gamecontroller/game_controller_service/system/normal_hap_attr.te new file mode 100644 index 000000000..98fe1f4e9 --- /dev/null +++ b/sepolicy/ohos_policy/gamecontroller/game_controller_service/system/normal_hap_attr.te @@ -0,0 +1,18 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +allow normal_hap_attr gamecontroller_server:binder { call transfer }; +allow normal_hap_attr sa_gamecontroller_server:samgr_class { get }; + + + diff --git a/sepolicy/ohos_policy/gamecontroller/game_controller_service/system/service.te b/sepolicy/ohos_policy/gamecontroller/game_controller_service/system/service.te new file mode 100644 index 000000000..c6451d884 --- /dev/null +++ b/sepolicy/ohos_policy/gamecontroller/game_controller_service/system/service.te @@ -0,0 +1,14 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +type sa_gamecontroller_server, sa_service_attr; diff --git a/sepolicy/ohos_policy/gamecontroller/game_controller_service/system/service_contexts b/sepolicy/ohos_policy/gamecontroller/game_controller_service/system/service_contexts new file mode 100644 index 000000000..a884eb2e7 --- /dev/null +++ b/sepolicy/ohos_policy/gamecontroller/game_controller_service/system/service_contexts @@ -0,0 +1,14 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +8450 u:object_r:sa_gamecontroller_server:s0 diff --git a/sepolicy/ohos_policy/gamecontroller/game_controller_service/system/type.te b/sepolicy/ohos_policy/gamecontroller/game_controller_service/system/type.te new file mode 100644 index 000000000..d8b1f3556 --- /dev/null +++ b/sepolicy/ohos_policy/gamecontroller/game_controller_service/system/type.te @@ -0,0 +1,16 @@ +# Copyright (c) 2025 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +type gamecontroller_server, sadomain, domain; + + -- Gitee From be09a8df2d168bfb0fc541b14f30d3dc014301cd Mon Sep 17 00:00:00 2001 From: jinsitao Date: Fri, 22 Aug 2025 11:23:30 +0800 Subject: [PATCH 2/2] =?UTF-8?q?=E6=96=B0=E5=A2=9Egamecontroller=E7=9A=84po?= =?UTF-8?q?licy?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: jinsitao --- .../game_controller_service/system/debug_hap.te | 0 .../game_controller_service/system/foundation.te | 0 .../system/gamecontroller_server.te | 8 +++++++- .../game_controller_service/system/init.te | 0 .../game_controller_service/system/normal_hap_attr.te | 0 .../game_controller_service/system/service.te | 0 .../game_controller_service/system/service_contexts | 0 .../game_controller_service/system/type.te | 0 8 files changed, 7 insertions(+), 1 deletion(-) rename sepolicy/ohos_policy/{gamecontroller => game}/game_controller_service/system/debug_hap.te (100%) rename sepolicy/ohos_policy/{gamecontroller => game}/game_controller_service/system/foundation.te (100%) rename sepolicy/ohos_policy/{gamecontroller => game}/game_controller_service/system/gamecontroller_server.te (97%) rename sepolicy/ohos_policy/{gamecontroller => game}/game_controller_service/system/init.te (100%) rename sepolicy/ohos_policy/{gamecontroller => game}/game_controller_service/system/normal_hap_attr.te (100%) rename sepolicy/ohos_policy/{gamecontroller => game}/game_controller_service/system/service.te (100%) rename sepolicy/ohos_policy/{gamecontroller => game}/game_controller_service/system/service_contexts (100%) rename sepolicy/ohos_policy/{gamecontroller => game}/game_controller_service/system/type.te (100%) diff --git a/sepolicy/ohos_policy/gamecontroller/game_controller_service/system/debug_hap.te b/sepolicy/ohos_policy/game/game_controller_service/system/debug_hap.te similarity index 100% rename from sepolicy/ohos_policy/gamecontroller/game_controller_service/system/debug_hap.te rename to sepolicy/ohos_policy/game/game_controller_service/system/debug_hap.te diff --git a/sepolicy/ohos_policy/gamecontroller/game_controller_service/system/foundation.te b/sepolicy/ohos_policy/game/game_controller_service/system/foundation.te similarity index 100% rename from sepolicy/ohos_policy/gamecontroller/game_controller_service/system/foundation.te rename to sepolicy/ohos_policy/game/game_controller_service/system/foundation.te diff --git a/sepolicy/ohos_policy/gamecontroller/game_controller_service/system/gamecontroller_server.te b/sepolicy/ohos_policy/game/game_controller_service/system/gamecontroller_server.te similarity index 97% rename from sepolicy/ohos_policy/gamecontroller/game_controller_service/system/gamecontroller_server.te rename to sepolicy/ohos_policy/game/game_controller_service/system/gamecontroller_server.te index 4e5453d93..03b6ad4f2 100644 --- a/sepolicy/ohos_policy/gamecontroller/game_controller_service/system/gamecontroller_server.te +++ b/sepolicy/ohos_policy/game/game_controller_service/system/gamecontroller_server.te @@ -65,7 +65,8 @@ allow gamecontroller_server data_service_el1_file:dir { search write add_name se # avc_audit_slow:278] avc: denied { read } for pid=9185, comm="/system/bin/sa_main" path="/data/service/el1/public/gamecontroller_server/device_config.json" dev="/dev/block/platform/fa500000.ufs/by-name/userdata" ino=55160 scontext=u:r:gamecontroller_server:s0 tcontext=u:object_r:data_service_el1_file:s0 tclass=file permissive=1 # avc_audit_slow:278] avc: denied { setattr } for pid=9185, comm="/system/bin/sa_main" name="/service/el1/public/gamecontroller_server/device_config.json" dev="/dev/block/platform/fa500000.ufs/by-name/userdata" ino=55160 scontext=u:r:gamecontroller_server:s0 tcontext=u:object_r:data_service_el1_file:s0 tclass=file permissive=1 # avc_audit_slow:278] avc: denied { write } for pid=9185, comm="/system/bin/sa_main" path="/data/service/el1/public/gamecontroller_server/game_support_key_mapping.json" dev="/dev/block/platform/fa500000.ufs/by-name/userdata" ino=55153 scontext=u:r:gamecontroller_server:s0 tcontext=u:object_r:data_service_el1_file:s0 tclass=file permissive=1 -allow gamecontroller_server data_service_el1_file:file { create getattr ioctl open read setattr write }; +allow gamecontroller_server data_service_el1_file:file { create getattr ioctl open read setattr write relabelto}; + # avc: denied { get } for service=3299 sid=u:r:gamecontroller_server:s0 scontext=u:r:gamecontroller_server:s0 tcontext=u:object_r:sa_foundation_cesfwk_service:s0 tclass=samgr_class permissive=1 allow gamecontroller_server sa_foundation_cesfwk_service:samgr_class { get }; @@ -78,4 +79,9 @@ allow gamecontroller_server sysfs_devices_system_cpu:file { getattr open read }; # avc_audit_slow:278] avc: denied { ioctl } for pid=9185, comm="/system/bin/sa_main" path="/data/service/el1/public/gamecontroller_server/game_support_key_mapping.json" dev="/dev/block/platform/fa500000.ufs/by-name/userdata" ino=55153 ioctlcmd=0x5413 scontext=u:r:gamecontroller_server:s0 tcontext=u:object_r:data_service_el1_file:s0 tclass=file permissive=1 allowxperm gamecontroller_server data_service_el1_file:file ioctl { 0x5413 }; +allow gamecontroller_server hiviewdfx_hiview_param:file { read open map }; + +allow gamecontroller_server persist_param:file { open read }; + +allow gamecontroller_server data_file:dir { search }; diff --git a/sepolicy/ohos_policy/gamecontroller/game_controller_service/system/init.te b/sepolicy/ohos_policy/game/game_controller_service/system/init.te similarity index 100% rename from sepolicy/ohos_policy/gamecontroller/game_controller_service/system/init.te rename to sepolicy/ohos_policy/game/game_controller_service/system/init.te diff --git a/sepolicy/ohos_policy/gamecontroller/game_controller_service/system/normal_hap_attr.te b/sepolicy/ohos_policy/game/game_controller_service/system/normal_hap_attr.te similarity index 100% rename from sepolicy/ohos_policy/gamecontroller/game_controller_service/system/normal_hap_attr.te rename to sepolicy/ohos_policy/game/game_controller_service/system/normal_hap_attr.te diff --git a/sepolicy/ohos_policy/gamecontroller/game_controller_service/system/service.te b/sepolicy/ohos_policy/game/game_controller_service/system/service.te similarity index 100% rename from sepolicy/ohos_policy/gamecontroller/game_controller_service/system/service.te rename to sepolicy/ohos_policy/game/game_controller_service/system/service.te diff --git a/sepolicy/ohos_policy/gamecontroller/game_controller_service/system/service_contexts b/sepolicy/ohos_policy/game/game_controller_service/system/service_contexts similarity index 100% rename from sepolicy/ohos_policy/gamecontroller/game_controller_service/system/service_contexts rename to sepolicy/ohos_policy/game/game_controller_service/system/service_contexts diff --git a/sepolicy/ohos_policy/gamecontroller/game_controller_service/system/type.te b/sepolicy/ohos_policy/game/game_controller_service/system/type.te similarity index 100% rename from sepolicy/ohos_policy/gamecontroller/game_controller_service/system/type.te rename to sepolicy/ohos_policy/game/game_controller_service/system/type.te -- Gitee