From 221b3a25e6a4f996631471f57e40208577a7a34c Mon Sep 17 00:00:00 2001
From: lizeqiang <lizeqiang4@h-partners.com>
Date: Sat, 6 Sep 2025 19:01:35 +0800
Subject: [PATCH] =?UTF-8?q?=E5=8F=8C=E5=86=85=E6=A0=B8selinux=E6=95=B4?=
 =?UTF-8?q?=E6=94=B9?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: lizeqiang <lizeqiang4@h-partners.com>
---
 .../web/webview/public/parameter_contexts      | 14 ++++++++++++++
 .../ohos_policy/web/webview/system/webview.te  | 18 ++++++++++++++++++
 2 files changed, 32 insertions(+)
 create mode 100644 sepolicy/ohos_policy/web/webview/public/parameter_contexts
 create mode 100644 sepolicy/ohos_policy/web/webview/system/webview.te

diff --git a/sepolicy/ohos_policy/web/webview/public/parameter_contexts b/sepolicy/ohos_policy/web/webview/public/parameter_contexts
new file mode 100644
index 000000000..c76177280
--- /dev/null
+++ b/sepolicy/ohos_policy/web/webview/public/parameter_contexts
@@ -0,0 +1,14 @@
+# Copyright (c) 2025 Huawei Device Co., Ltd.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+web.engine.                             u:object_r:web_private_param:s0
diff --git a/sepolicy/ohos_policy/web/webview/system/webview.te b/sepolicy/ohos_policy/web/webview/system/webview.te
new file mode 100644
index 000000000..824051ba8
--- /dev/null
+++ b/sepolicy/ohos_policy/web/webview/system/webview.te
@@ -0,0 +1,18 @@
+# Copyright (c) 2025 Huawei Device Co., Ltd.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# avc:  denied  { set } for parameter=web.engine.default pid=10001 uid=0 gid=0 scontext=u:r:appspawn:s0 tcontext=u:object_r:default_param:s0 tclass=parameter_service permissive=0
+# avc:  denied  { set } for parameter=web.engine.enforce pid=10001 uid=0 gid=0 scontext=u:r:appspawn:s0 tcontext=u:object_r:default_param:s0 tclass=parameter_service permissive=0
+allow appspawn web_private_param:parameter_service { set };
+allow { hap_domain isolated_render appspawn init isolated_gpu } web_private_param:file { map open read };
+
-- 
Gitee