2017-04-03 20:05:45 +02:00
|
|
|
##
|
|
|
|
|
# trusted execution environment (tee) daemon
|
|
|
|
|
#
|
2017-04-10 22:03:28 +02:00
|
|
|
type tee_exec, exec_type, vendor_file_type, file_type;
|
2017-04-03 20:05:45 +02:00
|
|
|
init_daemon_domain(tee)
|
|
|
|
|
|
2017-11-09 23:51:26 +01:00
|
|
|
allow tee self:global_capability_class_set { dac_override };
|
2017-04-03 20:05:45 +02:00
|
|
|
allow tee tee_device:chr_file rw_file_perms;
|
2022-04-11 19:32:16 +02:00
|
|
|
allow tee tee_data_file:dir create_dir_perms;
|
2017-04-03 20:05:45 +02:00
|
|
|
allow tee tee_data_file:file create_file_perms;
|
|
|
|
|
allow tee self:netlink_socket create_socket_perms_no_ioctl;
|
|
|
|
|
allow tee self:netlink_generic_socket create_socket_perms_no_ioctl;
|
|
|
|
|
allow tee ion_device:chr_file r_file_perms;
|
|
|
|
|
r_dir_file(tee, sysfs_type)
|
|
|
|
|
|
|
|
|
|
allow tee system_data_file:file { getattr read };
|
2017-11-16 05:15:22 +01:00
|
|
|
allow tee system_data_file:lnk_file { getattr read };
|
