1 # allow run xtest as shell 2 domain_auto_trans(shell, tee_exec, tee); 3 allow shell tee_exec:file { getattr execute read open execute_no_trans }; 4 ## allow shell tee_data_file:file { create write open getattr unlink read }; 5 ## allow shell tee_data_file:dir { write add_name remove_name rename search }; 6 ## allow shell tee_data_file:chr_file { read write open ioctl }; 7 allow tee console_device:chr_file { getattr read write ioctl }; 8 allow tee shell:fd { use }; 9 10 ## allow tee tee_data_file:dir { create rmdir rename }; 11 #allow tee system_data_file:file { append }; #write open 12 allow tee system_data_file:dir { getattr }; # open write 13 allow tee vendor_data_file:dir { getattr open write add_name create}; 14 allow tee vendor_data_file:file { getattr write open read create append }; 15 16 # For xtest 200x tests 17 allow tee tee:tcp_socket { create connect read write getopt setopt }; 18 allow tee tee:udp_socket { create connect read write getopt getattr }; 19 allow tee tee:capability { net_raw }; 20 allow tee fwmarkd_socket:sock_file { write }; 21 ## allow tee netd:unix_stream_socket { connectto }; 22 allow tee port:tcp_socket { name_connect }; 23 24 # Rules on netd domain for optee xtest 200x tests 25 allow netd tee:tcp_socket { read write getopt setopt }; 26 allow netd tee:udp_socket { read write getopt setopt }; 27 allow netd tee:fd { use }; 28
