type hal_dice_default, domain;
hal_server_domain(hal_dice_default, hal_dice)

# Block crash dumps to ensure the DICE secrets are not leaked.
typeattribute hal_dice_default no_crash_dump_domain;

type hal_dice_default_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(hal_dice_default)

# hal_dice_default is using bootstrap bionic
use_bootstrap_libs(hal_dice_default)

allow hal_dice_default sysfs_dt_avf:file r_file_perms;
allow hal_dice_default open_dice_device:chr_file rw_file_perms;