From 1a2513f519c8868b8c30d03d424cef67a393c015 Mon Sep 17 00:00:00 2001
From: qianyong325 <qianyong15@h-partners.com>
Date: Mon, 8 Sep 2025 08:57:24 +0800
Subject: [PATCH] add sqlite3 avc for simulator

Signed-off-by: qianyong325 <qianyong15@h-partners.com>
---
 .../ohos_policy/distributeddatamgr/sqlite3/system/sqlite3.te   | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/sepolicy/ohos_policy/distributeddatamgr/sqlite3/system/sqlite3.te b/sepolicy/ohos_policy/distributeddatamgr/sqlite3/system/sqlite3.te
index 69315bf1b..f511a5139 100644
--- a/sepolicy/ohos_policy/distributeddatamgr/sqlite3/system/sqlite3.te
+++ b/sepolicy/ohos_policy/distributeddatamgr/sqlite3/system/sqlite3.te
@@ -94,6 +94,9 @@ allow sqlite3 tty_device:chr_file { ioctl read write };
 
 # avc: denied { ioctl } for pid=25124, comm="/bin/sqlite3"  name="0" dev="0" major=136 minor=0 ioctlcmd=0x5413 scontext=u:r:sqlite3:s0 tcontext=u:object_r:tty_device:s0 tclass=chr_file permissive=1
 allowxperm sqlite3 tty_device:chr_file ioctl { 0x5413 };
+
+# avc: denied { get } for service=182 sid=u:r:sqlite3:s0 scontext=u:r:sqlite3:s0 tcontext=u:object_r:sa_dataobs_mgr_service_service:s0 tclass=samgr_class permissive=1
+allow sqlite3 sa_dataobs_mgr_service_service:samgr_class { get };
 ')
  
 # only shell allowed execute sqlite3_exec
-- 
Gitee