宏隔离，权限修改

Signed-off-by: y1135885 <yuqigang1@huawei.com>

sepolicy/ohos_policy/developtools/smartperf/system/console.te

@@ -11,6 +11,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License
 
+debug_only(`
 allow console dev_console_file:chr_file { ioctl read write };
 allow console lib_file:lnk_file { read };
 allow console system_bin_file:dir { search };
@@ -19,3 +20,5 @@ allow console system_bin_file:lnk_file { read };
 allow console tty_device:chr_file { ioctl };
 allowxperm console dev_console_file:chr_file ioctl { 0x5413 };
 allowxperm console tty_device:chr_file ioctl { 0x5403 };
+')
+

sepolicy/ohos_policy/developtools/smartperf/system/hidumper.te

@@ -11,8 +11,10 @@
 # See the License for the specific language governing permissions and
 # limitations under the License
 
+debug_only(`
 allow hidumper sh:fd { use };
 allow hidumper sh:fifo_file { read write };
+')
 allow hidumper hiprofilerd:fd { use };
 allow hidumper hiprofiler_plugins:fd { use };
 allow hidumper hiprofiler_plugins:fifo_file { write };

sepolicy/ohos_policy/developtools/smartperf/system/hidumper_service.te

@@ -11,9 +11,12 @@
 # See the License for the specific language governing permissions and
 # limitations under the License
 
+debug_only(`
 allow hidumper_service sh:dir { search };
 allow hidumper_service sh:fd { use };
 allow hidumper_service sh:fifo_file { write };
 allow hidumper_service sh:file { open read };
+')
 allow hidumper_service hiprofiler_plugins:fd { use };
 allow hidumper_service hiprofiler_plugins:fifo_file { write };
+

sepolicy/ohos_policy/developtools/smartperf/system/sh.te

@@ -0,0 +1,7 @@
+allow sh musl_param:file { map open };
+debug_only(`
+allow sh sh:udp_socket { read };
+#allow sh system_basic_hap_data_file:dir { open };
+allow sh system_basic_hap_data_file:dir { search }
+')
+