1# secure-os storage-daemon 2 3allow tee self:capability { setuid setgid sys_rawio }; 4 5# secure os communication 6# in global tee.te 7 8# rpmb operations 9allow tee block_device:dir { search }; 10allow tee mmc_rpmb_block_device:blk_file rw_file_perms; 11 12# data 13allow tee tee_data_file:dir create_dir_perms; 14# create files -- in global tee.te 15