allow tee tee_exec:file entrypoint;
allow tee tee_device:chr_file { read write ioctl open };
allow tee self:capability { chown setgid setuid sys_admin sys_rawio };

allow tee device:dir r_dir_perms;

allow tee block_device:dir { getattr search };
allow tee security_block_device:blk_file { ioctl open read write };
allowxperm tee security_block_device:blk_file ioctl { 0x800ca400 0xc010a401 0x8010a402  0x8004a405 0x8010a403 0x8008a404 0x8010a407 0x8010a406 0x4d01 };
allow tee uboot_block_device:blk_file { ioctl open read write };
allow tee rpmb_block_device:blk_file { ioctl open read write };
allow tee rpmb_block_device:chr_file rw_file_perms;
allow tee metadata_file:dir create_dir_perms;