blob: 878baa769971170d60e3ab8482ee5f6f4fa35808 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
|
type teei_daemon, domain;
type teei_daemon_exec, exec_type, file_type;
allow teei_daemon self:capability sys_module;
allow teei_daemon teei_config_device:chr_file rw_file_perms;
allow teei_daemon teei_client_device:chr_file create_file_perms;
allow teei_daemon teei_vfs_device:chr_file rw_file_perms;
allow teei_daemon teei_rpmb_device:chr_file rw_file_perms;
allow teei_daemon teei_data_file:dir create_dir_perms;
allow teei_daemon teei_data_file:file rw_file_perms;
allow teei_daemon teei_data_file:file create_file_perms;
allow teei_daemon self:capability dac_override;
allow teei_daemon device:dir rw_dir_perms;
allow teei_daemon cache_file:file rw_file_perms;
#enable access android property
allow teei_daemon property_socket:sock_file {read write};
allow teei_daemon init:unix_stream_socket {connectto};
allow teei_daemon soter_teei_prop:property_service {set};
allow teei_daemon teei_vfs_device:chr_file rw_file_perms;
allow teei_daemon teei_rpmb_device:chr_file rw_file_perms;
#set up domain
init_daemon_domain(teei_daemon)
#for debug only
allow teei_daemon kmsg_device:chr_file {open write};
#define for mlsconstrain
typeattribute teei_client_device mlstrustedobject;
|
