From d2282b71eabb40b82eed62d47f21eb8120eb3dbd Mon Sep 17 00:00:00 2001
From: zhanghaifeng <zhanghaifeng@huawei.com>
Date: Mon, 13 Feb 2023 16:12:53 +0800
Subject: [PATCH] Description: Change patch to master Signed-off-by:
 zhanghaifeng <zhanghaifeng11@huawei.com>

---
 .../ohos_policy/ability/ability_runtime/system/foundation.te   | 2 ++
 .../ohos_policy/communication/netmanager/system/netmanager.te  | 3 +++
 2 files changed, 5 insertions(+)

diff --git a/sepolicy/ohos_policy/ability/ability_runtime/system/foundation.te b/sepolicy/ohos_policy/ability/ability_runtime/system/foundation.te
index 66630e9e5..ab787bb0f 100644
--- a/sepolicy/ohos_policy/ability/ability_runtime/system/foundation.te
+++ b/sepolicy/ohos_policy/ability/ability_runtime/system/foundation.te
@@ -90,5 +90,7 @@ allowxperm foundation data_system_ce:file ioctl {  0xf50c  };
 allowxperm foundation dev_mali:chr_file ioctl {  0x8002  };
 allowxperm foundation sys_file:file ioctl {  0x5413  };
 allow foundation foundation:capability { sys_ptrace };
+allow foundation storage_manager:dir { search };
+allow foundation netmanager:binder { transfer };
 neverallow foundation *:process ptrace;
 
diff --git a/sepolicy/ohos_policy/communication/netmanager/system/netmanager.te b/sepolicy/ohos_policy/communication/netmanager/system/netmanager.te
index e1eacecff..964dd606b 100644
--- a/sepolicy/ohos_policy/communication/netmanager/system/netmanager.te
+++ b/sepolicy/ohos_policy/communication/netmanager/system/netmanager.te
@@ -20,6 +20,7 @@ allow netmanager data_file:dir { remove_name rmdir search };
 allow netmanager data_init_agent:dir { search };
 allow netmanager data_init_agent:file { ioctl open read append };
 allow netmanager data_service_el1_file:dir { add_name create getattr ioctl lock open read remove_name rmdir search setattr unlink write };
+allow netmanager data_service_el1_file:dir { add_name create getattr ioctl lock open read remove_name search setattr unlink write rmdir };
 allow netmanager data_service_el1_file:file { append create getattr ioctl lock map open read setattr unlink write };
 allow netmanager data_service_file:dir { add_name create getattr ioctl lock open read remove_name search setattr unlink write };
 allow netmanager data_system:dir { add_name search write };
@@ -67,3 +68,5 @@ allowxperm netmanager netmanager:udp_socket ioctl { 0x8915 0x8916 0x891b 0x891c
 allowxperm netmanager netmanager:unix_dgram_socket ioctl { 0x8910 };
 allow netsysnative netmanager:fd { use };
 allow netsysnative netmanager:tcp_socket { read write bind getopt setopt connect };
+allow netmanager data_service_el1_file:file { rename };
+allow netmanager sa_foundation_appms:samgr_class { get };
\ No newline at end of file
-- 
Gitee