1## 2# trusted execution environment (tee) daemon 3# 4type tee_exec, exec_type, vendor_file_type, file_type; 5init_daemon_domain(tee) 6 7allow tee self:capability { dac_override }; 8allow tee tee_device:chr_file rw_file_perms; 9allow tee tee_data_file:dir rw_dir_perms; 10allow tee tee_data_file:file create_file_perms; 11allow tee self:netlink_socket create_socket_perms_no_ioctl; 12allow tee self:netlink_generic_socket create_socket_perms_no_ioctl; 13allow tee ion_device:chr_file r_file_perms; 14r_dir_file(tee, sysfs_type) 15 16allow tee system_data_file:file { getattr read }; 17allow tee system_data_file:lnk_file r_file_perms; 18