14 lines
695 B
Plaintext
14 lines
695 B
Plaintext
allow tee tee_exec:file entrypoint;
|
|
allow tee tee_device:chr_file { read write ioctl open };
|
|
allow tee self:capability { chown setgid setuid sys_admin sys_rawio };
|
|
|
|
allow tee device:dir r_dir_perms;
|
|
|
|
allow tee block_device:dir { getattr search };
|
|
allow tee security_block_device:blk_file { ioctl open read write };
|
|
allowxperm tee security_block_device:blk_file ioctl { 0x800ca400 0xc010a401 0x8010a402 0x8004a405 0x8010a403 0x8008a404 0x8010a407 0x8010a406 0x4d01 };
|
|
allow tee uboot_block_device:blk_file { ioctl open read write };
|
|
allow tee rpmb_block_device:blk_file { ioctl open read write };
|
|
allow tee rpmb_block_device:chr_file rw_file_perms;
|
|
allow tee metadata_file:dir create_dir_perms;
|