!2556 异构路由需求的权限相关配置修改合入

Merge pull request !2556 from 郭春婷/0626-gct
This commit is contained in:
openharmony_ci
2023-06-27 01:40:11 +00:00
committed by Gitee
2 changed files with 31 additions and 2 deletions
@@ -0,0 +1,17 @@
# Copyright (c) 2023 Huawei Device Co., Ltd.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#avc: denied { setattr } for pid=1 comm="init" name="btdev0" dev="tmpfs" ino=184 scontext=u:r:init:s0 tcontext=u:object_r:dev_file:s0 tclass=chr_file permissive=0
debug_only(`
allow init dev_file:chr_file { setattr read write };
')
+14 -2
View File
@@ -50,13 +50,13 @@ debug_only(`
')
#avc: denied { create } for pid=540 comm="softbus_server" scontext=u:r:softbus_server:s0 tcontext=u:r:softbus_server:s0 tclass=socket permissive=0
allow softbus_server softbus_server:socket { bind create ioctl setopt shutdown };
allow softbus_server softbus_server:socket { bind create ioctl setopt shutdown getattr connect accept listen read write getopt };
#avc: denied { getopt } for pid=482 comm="THREAD_POOL" scontext=u:r:softbus_server:s0 tcontext=u:r:softbus_server:s0 tclass=tcp_socket permissive=1
allow softbus_server softbus_server:tcp_socket { getopt };
#avc: denied { ioctl } for pid=526 comm="softbus_server" path="socket:[36080]" dev="sockfs" ino=36080 ioctlcmd=0x8933 scontext=u:r:softbus_server:s0 tcontext=u:r:softbus_server:s0 tclass=socket permissive=0
allowxperm softbus_server softbus_server:socket ioctl { 0x8933 };
allowxperm softbus_server softbus_server:socket ioctl { 0x8933 0x8916 0x890B 0x8913 0x8936 0x890c };
#avc: denied { call } for pid=509 comm="0IPC_686" scontext=u:r:softbus_server:s0 tcontext=u:r:system_core_hap:s0 tclass=binder permissive=0
allow softbus_server system_core_hap:binder { call };
@@ -76,3 +76,15 @@ allow softbus_server sa_dataobs_mgr_service_service:samgr_class { get };
#avc: denied { get } for service=401 pid=512 scontext=u:r:softbus_server:s0 tcontext=u:object_r:sa_foundation_bms:s0 tclass=samgr_class permissive=0
allow softbus_server sa_foundation_bms:samgr_class { get };
# avc: denied { read write } for pid=2312 comm="SaInit0" name="btdev0" dev="tmpfs" ino=184 scontext =u:r:softbus_server:s0 tcontext=u:object_r:dev_file:s0 tclass=chr_file permissive=0
debug_only(`
allow softbus_server dev_file:chr_file { read write open ioctl };
')
#avc: denied { read } for pid=456 comm="softbus_server" name="af_ninet" dev="sysfs" ino=13529 scontext=u:r:softbus_server:s0 tcontext=u:object_r:sys_file:s0 tclass=file permissive=0
allow softbus_server sys_file:file { open read };
#avc: denied { read } for pid=497 comm="softbus_server" name="nip_route" dev="proc" ino=4026532651 scontext=u:r:softbus_server:s0 tcontext=u:object_r:proc_net:s0 tclass=file permissive=0
#avc: denied { getattr } for pid=540 comm="SaInit0" path="/proc/540/net/nip_route" dev="proc" ino=4026532673 scontext=u:r:softbus_server:s0 tcontext=u:object_r:proc_net:s0 tclass=file permissive=0
allow softbus_server proc_net:file { open getattr read };