From 589821e55859ce31a7f63ff8c48291f538e1f382 Mon Sep 17 00:00:00 2001
From: zhangzhewei <zhewei.zhang@thundersoft.com>
Date: Wed, 31 May 2023 14:51:02 +0800
Subject: [PATCH 1/8] add netsysnative

Signed-off-by: zhangzhewei <zhewei.zhang@thundersoft.com>
Change-Id: I81ecf9cb4c38f8cf8217e5e3806e0091050b1c25
---
 .../ohos_policy/communication/netmanager/system/netsysnative.te  | 1 +
 1 file changed, 1 insertion(+)

diff --git a/sepolicy/ohos_policy/communication/netmanager/system/netsysnative.te b/sepolicy/ohos_policy/communication/netmanager/system/netsysnative.te
index 9f5688a98..56c5bbbe0 100644
--- a/sepolicy/ohos_policy/communication/netmanager/system/netsysnative.te
+++ b/sepolicy/ohos_policy/communication/netmanager/system/netsysnative.te
@@ -92,6 +92,7 @@ allow netsysnative fs_bpf:dir { getattr search mounton add_name create write };
 allow netsysnative fs_bpf:file { create write read };
 allow netsysnative fs_bpf:filesystem { mount };
 allow netsysnative netsysnative:netlink_route_socket { setopt bind setattr getattr listen read nlmsg_read nlmsg_write create write };
+allow netsysnative netsysnative:netlink_tcpdiag_socket { create connect };
 
 allow netsysnative sa_distributed_net_service:samgr_class { add get };
 allow netmanager sa_distributed_net_service:samgr_class { add get };
-- 
Gitee


From 67b9f92fab5bd37ee5d11ca43c6fe77a3e26f209 Mon Sep 17 00:00:00 2001
From: zhangzhewei <zhewei.zhang@thundersoft.com>
Date: Wed, 31 May 2023 19:14:09 +0800
Subject: [PATCH 2/8] add write

Signed-off-by: zhangzhewei <zhewei.zhang@thundersoft.com>
Change-Id: I764416aad09458a56f5d01e6ab0e41f542bbd8ec
---
 .../ohos_policy/communication/netmanager/system/netsysnative.te | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sepolicy/ohos_policy/communication/netmanager/system/netsysnative.te b/sepolicy/ohos_policy/communication/netmanager/system/netsysnative.te
index 56c5bbbe0..bc4a5ad21 100644
--- a/sepolicy/ohos_policy/communication/netmanager/system/netsysnative.te
+++ b/sepolicy/ohos_policy/communication/netmanager/system/netsysnative.te
@@ -92,7 +92,7 @@ allow netsysnative fs_bpf:dir { getattr search mounton add_name create write };
 allow netsysnative fs_bpf:file { create write read };
 allow netsysnative fs_bpf:filesystem { mount };
 allow netsysnative netsysnative:netlink_route_socket { setopt bind setattr getattr listen read nlmsg_read nlmsg_write create write };
-allow netsysnative netsysnative:netlink_tcpdiag_socket { create connect };
+allow netsysnative netsysnative:netlink_tcpdiag_socket { create connect write };
 
 allow netsysnative sa_distributed_net_service:samgr_class { add get };
 allow netmanager sa_distributed_net_service:samgr_class { add get };
-- 
Gitee


From 27676c6d7a03d7fb3b094a43632b5dc43f27258b Mon Sep 17 00:00:00 2001
From: zhangzhewei <zhewei.zhang@thundersoft.com>
Date: Sat, 3 Jun 2023 20:10:19 +0800
Subject: [PATCH 3/8] fix

Signed-off-by: zhangzhewei <zhewei.zhang@thundersoft.com>
Change-Id: If1c80d37a88283155335bc1ef2ef23b96435bf45
---
 .../communication/netmanager/system/netsysnative.te            | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/sepolicy/ohos_policy/communication/netmanager/system/netsysnative.te b/sepolicy/ohos_policy/communication/netmanager/system/netsysnative.te
index bc4a5ad21..4199f88e1 100644
--- a/sepolicy/ohos_policy/communication/netmanager/system/netsysnative.te
+++ b/sepolicy/ohos_policy/communication/netmanager/system/netsysnative.te
@@ -92,7 +92,8 @@ allow netsysnative fs_bpf:dir { getattr search mounton add_name create write };
 allow netsysnative fs_bpf:file { create write read };
 allow netsysnative fs_bpf:filesystem { mount };
 allow netsysnative netsysnative:netlink_route_socket { setopt bind setattr getattr listen read nlmsg_read nlmsg_write create write };
-allow netsysnative netsysnative:netlink_tcpdiag_socket { create connect write };
+allow netsysnative netsysnative:netlink_tcpdiag_socket { create connect write nlmsg_read };
+allow netsysnative system_core_hap:fd { use };
 
 allow netsysnative sa_distributed_net_service:samgr_class { add get };
 allow netmanager sa_distributed_net_service:samgr_class { add get };
-- 
Gitee


From 8ca9565fd1792f4ec1b949852817cb0fae81b585 Mon Sep 17 00:00:00 2001
From: zhangzhewei <zhewei.zhang@thundersoft.com>
Date: Sat, 3 Jun 2023 22:34:27 +0800
Subject: [PATCH 4/8] fix

Signed-off-by: zhangzhewei <zhewei.zhang@thundersoft.com>
Change-Id: Ib74b243591a6691fb0dc8357f238e5f27c9481fc
---
 .../communication/netmanager/system/netsysnative.te            | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/sepolicy/ohos_policy/communication/netmanager/system/netsysnative.te b/sepolicy/ohos_policy/communication/netmanager/system/netsysnative.te
index 4199f88e1..d2efb6ae3 100644
--- a/sepolicy/ohos_policy/communication/netmanager/system/netsysnative.te
+++ b/sepolicy/ohos_policy/communication/netmanager/system/netsysnative.te
@@ -92,8 +92,9 @@ allow netsysnative fs_bpf:dir { getattr search mounton add_name create write };
 allow netsysnative fs_bpf:file { create write read };
 allow netsysnative fs_bpf:filesystem { mount };
 allow netsysnative netsysnative:netlink_route_socket { setopt bind setattr getattr listen read nlmsg_read nlmsg_write create write };
-allow netsysnative netsysnative:netlink_tcpdiag_socket { create connect write nlmsg_read };
+allow netsysnative netsysnative:netlink_tcpdiag_socket { create connect write nlmsg_read read };
 allow netsysnative system_core_hap:fd { use };
+allow netsysnative system_core_hap:tcp_socket { read write };
 
 allow netsysnative sa_distributed_net_service:samgr_class { add get };
 allow netmanager sa_distributed_net_service:samgr_class { add get };
-- 
Gitee


From afeeea88c15bb6b062b2b38c3becb6ebd144b191 Mon Sep 17 00:00:00 2001
From: zhangzhewei <zhewei.zhang@thundersoft.com>
Date: Mon, 5 Jun 2023 13:49:21 +0800
Subject: [PATCH 5/8] fix

Signed-off-by: zhangzhewei <zhewei.zhang@thundersoft.com>
Change-Id: I19e59f45847847cfa5d73a3586a22432a2a8d223
---
 sepolicy/base/te/hiview.te | 1 +
 1 file changed, 1 insertion(+)

diff --git a/sepolicy/base/te/hiview.te b/sepolicy/base/te/hiview.te
index 415a630ff..96ff0f56d 100644
--- a/sepolicy/base/te/hiview.te
+++ b/sepolicy/base/te/hiview.te
@@ -74,6 +74,7 @@ allow hiview system_core_hap:file { open read };
 allow hiview sys_usb_param:file { map open read };
 allow hiview tmpfs:dir { add_name create setattr write };
 allow hiview tty_device:chr_file { open read write };
+allow hiview default_service:samgr_class { get };
 
 allow sadomain hiview:unix_dgram_socket { sendto };
 allowxperm hiview dev_at_file:chr_file ioctl { 0x4103 };
-- 
Gitee


From e2764c17aa3f1d12b8c938e52d717b3ee2c28706 Mon Sep 17 00:00:00 2001
From: zhangzhewei <zhewei.zhang@thundersoft.com>
Date: Mon, 5 Jun 2023 15:10:32 +0800
Subject: [PATCH 6/8] fix

Signed-off-by: zhangzhewei <zhewei.zhang@thundersoft.com>
Change-Id: Ib885182f21d718b26ebc7548a5fedd51ee14dead
---
 sepolicy/base/te/hiview.te                                      | 1 -
 .../ohos_policy/communication/netmanager/system/netsysnative.te | 2 +-
 2 files changed, 1 insertion(+), 2 deletions(-)

diff --git a/sepolicy/base/te/hiview.te b/sepolicy/base/te/hiview.te
index 96ff0f56d..415a630ff 100644
--- a/sepolicy/base/te/hiview.te
+++ b/sepolicy/base/te/hiview.te
@@ -74,7 +74,6 @@ allow hiview system_core_hap:file { open read };
 allow hiview sys_usb_param:file { map open read };
 allow hiview tmpfs:dir { add_name create setattr write };
 allow hiview tty_device:chr_file { open read write };
-allow hiview default_service:samgr_class { get };
 
 allow sadomain hiview:unix_dgram_socket { sendto };
 allowxperm hiview dev_at_file:chr_file ioctl { 0x4103 };
diff --git a/sepolicy/ohos_policy/communication/netmanager/system/netsysnative.te b/sepolicy/ohos_policy/communication/netmanager/system/netsysnative.te
index d2efb6ae3..2e923feea 100644
--- a/sepolicy/ohos_policy/communication/netmanager/system/netsysnative.te
+++ b/sepolicy/ohos_policy/communication/netmanager/system/netsysnative.te
@@ -92,7 +92,7 @@ allow netsysnative fs_bpf:dir { getattr search mounton add_name create write };
 allow netsysnative fs_bpf:file { create write read };
 allow netsysnative fs_bpf:filesystem { mount };
 allow netsysnative netsysnative:netlink_route_socket { setopt bind setattr getattr listen read nlmsg_read nlmsg_write create write };
-allow netsysnative netsysnative:netlink_tcpdiag_socket { create connect write nlmsg_read read };
+allow netsysnative netsysnative:netlink_tcpdiag_socket { create connect write nlmsg_read read nlmsg_write };
 allow netsysnative system_core_hap:fd { use };
 allow netsysnative system_core_hap:tcp_socket { read write };
 
-- 
Gitee


From 33c563898c717c316e9cfc050adb3ead2d749b52 Mon Sep 17 00:00:00 2001
From: zhangzhewei <zhewei.zhang@thundersoft.com>
Date: Mon, 5 Jun 2023 17:21:38 +0800
Subject: [PATCH 7/8] add

Signed-off-by: zhangzhewei <zhewei.zhang@thundersoft.com>
Change-Id: I387b989a9a86cc7497afc215b227351c0bda8ea3
---
 .../ohos_policy/communication/netmanager/system/netsysnative.te | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sepolicy/ohos_policy/communication/netmanager/system/netsysnative.te b/sepolicy/ohos_policy/communication/netmanager/system/netsysnative.te
index 2e923feea..313e052bd 100644
--- a/sepolicy/ohos_policy/communication/netmanager/system/netsysnative.te
+++ b/sepolicy/ohos_policy/communication/netmanager/system/netsysnative.te
@@ -94,7 +94,7 @@ allow netsysnative fs_bpf:filesystem { mount };
 allow netsysnative netsysnative:netlink_route_socket { setopt bind setattr getattr listen read nlmsg_read nlmsg_write create write };
 allow netsysnative netsysnative:netlink_tcpdiag_socket { create connect write nlmsg_read read nlmsg_write };
 allow netsysnative system_core_hap:fd { use };
-allow netsysnative system_core_hap:tcp_socket { read write };
+allow netsysnative system_core_hap:tcp_socket { read write getopt };
 
 allow netsysnative sa_distributed_net_service:samgr_class { add get };
 allow netmanager sa_distributed_net_service:samgr_class { add get };
-- 
Gitee


From 4e5a5e60a2f212a593ded5e1a16c49c7ab472545 Mon Sep 17 00:00:00 2001
From: zhangzhewei <zhewei.zhang@thundersoft.com>
Date: Mon, 5 Jun 2023 17:30:19 +0800
Subject: [PATCH 8/8] fix

Signed-off-by: zhangzhewei <zhewei.zhang@thundersoft.com>
Change-Id: I385987202423b6b8424f108b70fe024388d53e13
---
 .../ohos_policy/communication/netmanager/system/netsysnative.te | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sepolicy/ohos_policy/communication/netmanager/system/netsysnative.te b/sepolicy/ohos_policy/communication/netmanager/system/netsysnative.te
index 313e052bd..955f3b840 100644
--- a/sepolicy/ohos_policy/communication/netmanager/system/netsysnative.te
+++ b/sepolicy/ohos_policy/communication/netmanager/system/netsysnative.te
@@ -94,7 +94,7 @@ allow netsysnative fs_bpf:filesystem { mount };
 allow netsysnative netsysnative:netlink_route_socket { setopt bind setattr getattr listen read nlmsg_read nlmsg_write create write };
 allow netsysnative netsysnative:netlink_tcpdiag_socket { create connect write nlmsg_read read nlmsg_write };
 allow netsysnative system_core_hap:fd { use };
-allow netsysnative system_core_hap:tcp_socket { read write getopt };
+allow netsysnative system_core_hap:tcp_socket { read write getopt setopt };
 
 allow netsysnative sa_distributed_net_service:samgr_class { add get };
 allow netmanager sa_distributed_net_service:samgr_class { add get };
-- 
Gitee