1 allow tee self:capability { chown setgid setuid sys_rawio sys_admin }; 2 3 # scan SCSI devices 4 allow tee device:dir r_dir_perms; 5 allow tee sg_device:chr_file { ioctl open read setattr write }; 6 7 # access to ssd partition for HW FDE 8 allow tee block_device:dir r_dir_perms; 9 allow tee ssd_block_device:blk_file { open read write }; 10 11 # Set the sys.listeners.registered property 12 set_prop(tee, system_prop) 13 14 allow tee system_data_file:dir r_dir_perms; 15 allow tee fingerprintd_data_file:dir rw_dir_perms; 16 allow tee fingerprintd_data_file:file create_file_perms; 17 18 # /persist 19 r_dir_file(tee, persist_file) 20 allow tee persist_data_file:dir create_dir_perms; 21 allow tee persist_data_file:file create_file_perms; 22
