allow tee tee_data_file:dir create_dir_perms;
allow tee self:capability { setuid setgid sys_rawio };
allow tee block_device:dir search;
allow tee rpmb_block_device:blk_file rw_file_perms;