1##
2# trusted execution environment (tee) daemon
3#
4type tee_exec, exec_type, vendor_file_type, file_type;
5init_daemon_domain(tee)
6
7allow tee self:capability { dac_override };
8allow tee tee_device:chr_file rw_file_perms;
9allow tee tee_data_file:dir rw_dir_perms;
10allow tee tee_data_file:file create_file_perms;
11allow tee self:netlink_socket create_socket_perms_no_ioctl;
12allow tee self:netlink_generic_socket create_socket_perms_no_ioctl;
13allow tee ion_device:chr_file r_file_perms;
14r_dir_file(tee, sysfs_type)
15
16allow tee system_data_file:file { getattr read };
17allow tee system_data_file:lnk_file r_file_perms;
18