From 52a2bb7d305eb479df46af77ab64a9e0211cd19e Mon Sep 17 00:00:00 2001 From: fangzz Date: Mon, 1 Sep 2025 13:17:21 +0000 Subject: [PATCH] =?UTF-8?q?=E9=9F=B3=E8=A7=86=E9=A2=91=E5=8D=A1=E9=A1=BF?= =?UTF-8?q?=E6=A3=80=E6=B5=8B=E7=9B=B8=E5=85=B3=E6=9D=83=E9=99=90?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: fangzz --- sepolicy/ohos_policy/hiviewdfx/hiview/system/hiview.te | 3 +++ sepolicy/ohos_policy/multimedia/audio/system/audio_server.te | 5 +++++ .../multimedia/av_codec/system/av_codec_service.te | 2 ++ 3 files changed, 10 insertions(+) diff --git a/sepolicy/ohos_policy/hiviewdfx/hiview/system/hiview.te b/sepolicy/ohos_policy/hiviewdfx/hiview/system/hiview.te index eee8f227f..894585948 100644 --- a/sepolicy/ohos_policy/hiviewdfx/hiview/system/hiview.te +++ b/sepolicy/ohos_policy/hiviewdfx/hiview/system/hiview.te @@ -299,3 +299,6 @@ allow hiview sa_netsys_native_manager:samgr_class { get }; allow hiview data_log:fifo_file { create read write open unlink }; allow hiview sa_xperf_service:samgr_class { add }; + +# avc: denied { call } for pid=619, comm="/system/bin/hiview" scontext=u:r:hiview:s0 tcontext=u:r:av_codec_service:s0 tclass=binder permissive=1 +allow hiview av_codec_service:binder { call }; diff --git a/sepolicy/ohos_policy/multimedia/audio/system/audio_server.te b/sepolicy/ohos_policy/multimedia/audio/system/audio_server.te index 32fbef4d2..690a1ac09 100644 --- a/sepolicy/ohos_policy/multimedia/audio/system/audio_server.te +++ b/sepolicy/ohos_policy/multimedia/audio/system/audio_server.te @@ -215,3 +215,8 @@ allow audio_server sa_foundation_appms:samgr_class { get }; allow audio_server audio_server:capability { sys_nice }; allow audio_server sa_storage_manager_service:samgr_class { get }; +# avc: denied { call } for pid=787, comm="/system/bin/sa_main" scontext=u:r:audio_server:s0 tcontext=u:r:hiview:s0 tclass=binder permissive=1 +allow audio_server hiview:binder { call }; + +# avc: denied { get } for service=8600 sid=u:r:audio_server:s0 scontext=u:r:audio_server:s0 tcontext=u:object_r:sa_xperf_service:s0 tclass=samgr_class permissive=1 +allow audio_server sa_xperf_service:samgr_class { get }; diff --git a/sepolicy/ohos_policy/multimedia/av_codec/system/av_codec_service.te b/sepolicy/ohos_policy/multimedia/av_codec/system/av_codec_service.te index b189fdbb6..d736e072d 100755 --- a/sepolicy/ohos_policy/multimedia/av_codec/system/av_codec_service.te +++ b/sepolicy/ohos_policy/multimedia/av_codec/system/av_codec_service.te @@ -137,3 +137,5 @@ allow av_codec_service foundation:binder { call }; allow av_codec_service dev_kmsg_file:chr_file { open read write }; allow av_codec_service tty_device:chr_file { open read write }; allow av_codec_service sys_prod_file:dir { search }; +# avc: denied { get } for service=8600 sid=u:r:av_codec_service:s0 scontext=u:r:av_codec_service:s0 tcontext=u:object_r:sa_xperf_service:s0 tclass=samgr_class permissive=1 +allow av_codec_service sa_xperf_service:samgr_class { get }; -- Gitee