1allow tee self:capability { setuid setgid sys_rawio }; 2 3allow tee block_device:dir { getattr search }; 4allow tee drm_block_device:blk_file rw_file_perms; 5allow tee ssd_block_device:blk_file rw_file_perms; 6 7allow tee firmware_file:dir r_dir_perms; 8allow tee firmware_file:file r_file_perms; 9 10#allow tee to access dir /data/system/users/0-N/fpdata and the file 11allow tee fingerprintd_data_file:file rw_file_perms; 12allow tee fingerprintd_data_file:dir r_dir_perms; 13 14# Set the sys.listeners.registered property 15set_prop(tee, system_prop) 16 17allow tee time:unix_stream_socket connectto; 18 19allow tee persist_file:dir r_dir_perms; 20allow tee persist_data_file:dir create_dir_perms; 21allow tee persist_data_file:file create_file_perms; 22allow tee persist_drm_file:dir rw_dir_perms; 23allow tee persist_drm_file:file create_file_perms; 24 25#create fingerprint data under /data/fpc 26# b/23190122 27allow tee system_data_file:dir r_dir_perms; 28allow tee fingerprintd_data_file:dir create_dir_perms; 29allow tee fingerprintd_data_file:file create_file_perms; 30