1 allow tee self:capability { setuid setgid sys_rawio }; 2 3 allow tee block_device:dir { getattr search }; 4 allow tee drm_block_device:blk_file rw_file_perms; 5 allow tee ssd_block_device:blk_file rw_file_perms; 6 7 allow tee firmware_file:dir r_dir_perms; 8 allow tee firmware_file:file r_file_perms; 9 10 #allow tee to access dir /data/system/users/0-N/fpdata and the file 11 allow tee fingerprintd_data_file:file rw_file_perms; 12 allow tee fingerprintd_data_file:dir r_dir_perms; 13 14 # Set the sys.listeners.registered property 15 set_prop(tee, system_prop) 16 17 allow tee time:unix_stream_socket connectto; 18 19 allow tee persist_file:dir r_dir_perms; 20 allow tee persist_data_file:dir create_dir_perms; 21 allow tee persist_data_file:file create_file_perms; 22 allow tee persist_drm_file:dir rw_dir_perms; 23 allow tee persist_drm_file:file create_file_perms; 24 25 #create fingerprint data under /data/fpc 26 # b/23190122 27 allow tee system_data_file:dir r_dir_perms; 28 allow tee fingerprintd_data_file:dir create_dir_perms; 29 allow tee fingerprintd_data_file:file create_file_perms; 30
