| type teei_daemon, domain; |
| type teei_daemon_exec, exec_type, file_type; |
| |
| allow teei_daemon self:capability sys_module; |
| allow teei_daemon teei_config_device:chr_file rw_file_perms; |
| allow teei_daemon teei_client_device:chr_file create_file_perms; |
| allow teei_daemon teei_vfs_device:chr_file rw_file_perms; |
| allow teei_daemon teei_rpmb_device:chr_file rw_file_perms; |
| allow teei_daemon teei_data_file:dir create_dir_perms; |
| allow teei_daemon teei_data_file:file rw_file_perms; |
| allow teei_daemon teei_data_file:file create_file_perms; |
| allow teei_daemon self:capability dac_override; |
| allow teei_daemon device:dir rw_dir_perms; |
| allow teei_daemon cache_file:file rw_file_perms; |
| |
| #enable access android property |
| allow teei_daemon property_socket:sock_file {read write}; |
| allow teei_daemon init:unix_stream_socket {connectto}; |
| allow teei_daemon soter_teei_prop:property_service {set}; |
| allow teei_daemon teei_vfs_device:chr_file rw_file_perms; |
| allow teei_daemon teei_rpmb_device:chr_file rw_file_perms; |
| |
| #set up domain |
| init_daemon_domain(teei_daemon) |
| |
| #for debug only |
| allow teei_daemon kmsg_device:chr_file {open write}; |
| |
| #define for mlsconstrain |
| typeattribute teei_client_device mlstrustedobject; |