| Alex Klyubin | 304d653 | 2017-04-03 11:05:45 -0700 | [diff] [blame] | 1 | ## |
| 2 | # trusted execution environment (tee) daemon |
| 3 | # |
| Sandeep Patil | 2ee66e7 | 2017-04-10 13:03:28 -0700 | [diff] [blame] | 4 | type tee_exec, exec_type, vendor_file_type, file_type; |
| Alex Klyubin | 304d653 | 2017-04-03 11:05:45 -0700 | [diff] [blame] | 5 | init_daemon_domain(tee) |
| 6 | |
| Benjamin Gordon | 9b2e0cb | 2017-11-09 15:51:26 -0700 | [diff] [blame] | 7 | allow tee self:global_capability_class_set { dac_override }; |
| Alex Klyubin | 304d653 | 2017-04-03 11:05:45 -0700 | [diff] [blame] | 8 | allow tee tee_device:chr_file rw_file_perms; |
| Ilya Matyukhin | 93b6949 | 2022-04-11 17:32:16 +0000 | [diff] [blame] | 9 | allow tee tee_data_file:dir create_dir_perms; |
| Alex Klyubin | 304d653 | 2017-04-03 11:05:45 -0700 | [diff] [blame] | 10 | allow tee tee_data_file:file create_file_perms; |
| 11 | allow tee self:netlink_socket create_socket_perms_no_ioctl; |
| 12 | allow tee self:netlink_generic_socket create_socket_perms_no_ioctl; |
| 13 | allow tee ion_device:chr_file r_file_perms; |
| 14 | r_dir_file(tee, sysfs_type) |
| 15 | |
| Alex Klyubin | 304d653 | 2017-04-03 11:05:45 -0700 | [diff] [blame] | 16 | allow tee system_data_file:file { getattr read }; |
| Jeff Vander Stoep | 13c69b8 | 2017-11-15 20:15:22 -0800 | [diff] [blame] | 17 | allow tee system_data_file:lnk_file { getattr read }; |