openharmony/security_selinux
1
0
Fork 0
mirror of https://gitee.com/openharmony/security_selinux synced 2025-02-23 14:24:07 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

!2403 回退 'Pull Request !2400 : 回退 'Pull Request !2341 : add parameter_service sepolicy for accountmgr''

Browse Source 
Merge pull request !2403 from openharmony_ci/revert-merge-2400-master
This commit is contained in:
openharmony_ci 2023-05-27 02:43:53 +00:00 committed by Gitee
commit 58b657ec0b
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 20 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
sepolicy/ohos_policy/account/os_account/system/accountmgr.te
View File

@ -70,6 +70,7 @@ allow accountmgr sa_time_service:samgr_class { get };
allow accountmgr accessibility:binder { transfer };
allow accountmgr bootevent_param:file { map open read };
allow accountmgr bootevent_param:parameter_service { set };
allow accountmgr bootevent_samgr_param:file { map open read };
allow accountmgr build_version_param:file { map open read };
allow accountmgr const_allow_mock_param:file { map open read };
@ -84,6 +85,7 @@ allow accountmgr const_product_param:file { map open read };
allow accountmgr debug_param:file { map open read };
allow accountmgr default_param:file { map open read };
allow accountmgr deviceauth_service:binder { transfer };
allow accountmgr dev_console_file:chr_file { read write };
allow accountmgr time_service:binder { call transfer };
allow accountmgr distributedfiledaemon:binder { call transfer };
@ -102,6 +104,7 @@ allow accountmgr net_param:file { map open read };
allow accountmgr net_tcp_param:file { map open read };
allow accountmgr ohos_boot_param:file { map open read };
allow accountmgr ohos_param:file { map open read };
allow accountmgr paramservice_socket:sock_file { write };
allow accountmgr persist_param:file { map open read };
allow accountmgr persist_sys_param:file { map open read };
allow accountmgr security_param:file { map open read };
@ -110,6 +113,9 @@ allow accountmgr startup_param:file { map open read };
allow accountmgr sys_param:file { map open read };
allow accountmgr system_bin_file:dir { search };
allow accountmgr sys_usb_param:file { map open read };
allow accountmgr sysfs_devices_system_cpu:file { open read getattr };
allow accountmgr kernel:unix_stream_socket { connectto };
allow accountmgr vendor_etc_file:dir { search };
# avc: denied { open } for pid=541 comm="IPC_0_735" path="/dev/ashmem" dev="tmpfs" ino=170 scontext=u:r:accountmgr:s0 tcontext=u:object_r:dev_ashmem_file:s0 tclass=chr_file permissive=0
allow accountmgr dev_ashmem_file:chr_file { open };

14
sepolicy/ohos_policy/account/os_account/system/memmgrservice.te Normal file
View File

@ -0,0 +1,14 @@
# Copyright (c) 2023 Huawei Device Co., Ltd.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
allow memmgrservice accountmgr:file { getattr };