## # trusted execution environment (tee) daemon # type tee, domain; permissive tee; type tee_exec, exec_type, file_type; type tee_device, dev_type; type tee_data_file, file_type, data_file_type; init_daemon_domain(tee) allow tee self:capability { dac_override }; allow tee tee_device:chr_file rw_file_perms; allow tee tee_data_file:dir { getattr write add_name }; allow tee tee_data_file:file create_file_perms; allow tee self:netlink_socket { create bind read };