1allow tee self:capability { chown setgid setuid sys_rawio sys_admin }; 2 3# scan SCSI devices 4allow tee device:dir r_dir_perms; 5allow tee sg_device:chr_file { ioctl open read setattr write }; 6 7# access to ssd partition for HW FDE 8allow tee block_device:dir r_dir_perms; 9allow tee ssd_block_device:blk_file { open read write }; 10 11# Set the sys.listeners.registered property 12set_prop(tee, system_prop) 13 14allow tee system_data_file:dir r_dir_perms; 15allow tee fingerprintd_data_file:dir rw_dir_perms; 16allow tee fingerprintd_data_file:file create_file_perms; 17 18# /persist 19r_dir_file(tee, persist_file) 20allow tee persist_data_file:dir create_dir_perms; 21allow tee persist_data_file:file create_file_perms; 22