mirror of
https://gitee.com/openharmony/security_asset
synced 2024-11-23 15:59:42 +00:00
add selinux
Match-id-cc8073e5864d556f3894f61da085937e4d271210
This commit is contained in:
authName
userName
parent
f6e65ae267
commit
9b7ab8117f
16
docs/asset/common_chip/public/type.te
Executable file
16
docs/asset/common_chip/public/type.te
Executable file
@ -0,0 +1,16 @@
|
||||
# Copyright (c) 2023 Huawei Device Co., Ltd.
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
type sa_asset_service, sa_service_attr;
|
||||
type asset_service, sadomain, domain;
|
||||
type data_service_el1_public_assetService_file, file_attr, data_file_attr, data_service_el1_file_relabelto;
|
||||
36
docs/asset/common_chip/system/asset_service.te
Executable file
36
docs/asset/common_chip/system/asset_service.te
Executable file
@ -0,0 +1,36 @@
|
||||
# Copyright (c) 2023 Huawei Device Co., Ltd.
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
allow asset_service sa_asset_service:samgr_class { get add };
|
||||
|
||||
allow asset_service data_service_el1_public_assetService_file:dir { add_name create open read remove_name search write rmdir getattr setattr };
|
||||
allow asset_service data_service_el1_public_assetService_file:file { create getattr open read setattr unlink write lock ioctl };
|
||||
allowxperm asset_service data_service_el1_public_assetService_file:file ioctl { 0xf501 0xf502 0xf50c };
|
||||
|
||||
allow asset_service data_service_el1_file:dir { search };
|
||||
allow asset_service data_service_file:dir { search };
|
||||
allow asset_service data_file:dir { search };
|
||||
allow asset_service dev_unix_socket:dir { search };
|
||||
allow asset_service tracefs:dir { search };
|
||||
allow asset_service hilog_param:file { read map open };
|
||||
allow asset_service debug_param:file { read map open };
|
||||
|
||||
allow asset_service huks_service:binder { call };
|
||||
allow asset_service sa_huks_service:samgr_class { get };
|
||||
|
||||
allow asset_service accesstoken_service:binder { call };
|
||||
allow asset_service sa_accesstoken_manager_service:samgr_class { get };
|
||||
|
||||
allow asset_service foundation:binder { call transfer };
|
||||
allow asset_service sa_foundation_cesfwk_service:samgr_class { get };
|
||||
allow asset_service sa_foundation_bms:samgr_class { get };
|
||||
14
docs/asset/common_chip/system/file_contexts
Executable file
14
docs/asset/common_chip/system/file_contexts
Executable file
@ -0,0 +1,14 @@
|
||||
# Copyright (C) 2023 Huawei Device Co., Ltd.
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
/data/service/el1/public/asset_service(/.*)? u:object_r:data_service_el1_public_assetService_file:s0
|
||||
14
docs/asset/common_chip/system/foundation.te
Executable file
14
docs/asset/common_chip/system/foundation.te
Executable file
@ -0,0 +1,14 @@
|
||||
# Copyright (c) 2023 Huawei Device Co., Ltd.
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
allow foundation asset_service:binder { call transfer };
|
||||
15
docs/asset/common_chip/system/hap_domain.te
Executable file
15
docs/asset/common_chip/system/hap_domain.te
Executable file
@ -0,0 +1,15 @@
|
||||
# Copyright (c) 2023 Huawei Device Co., Ltd.
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
allow hap_domain asset_service:binder { call transfer };
|
||||
allow hap_domain sa_asset_service:samgr_class { get };
|
||||
15
docs/asset/common_chip/system/init.te
Executable file
15
docs/asset/common_chip/system/init.te
Executable file
@ -0,0 +1,15 @@
|
||||
# Copyright (c) 2023 Huawei Device Co., Ltd.
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
allow init data_service_el1_public_assetService_file:dir { add_name create getattr open read relabelto search setattr write };
|
||||
allow init asset_service:process { rlimitinh siginh transition };
|
||||
14
docs/asset/common_chip/system/service_contexts
Executable file
14
docs/asset/common_chip/system/service_contexts
Executable file
@ -0,0 +1,14 @@
|
||||
# Copyright (C) 2023 Huawei Device Co., Ltd.
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
65856 u:object_r:sa_asset_service:s0
|
||||
Loading…
Reference in New Issue
Block a user