1allow tee self:capability { chown setgid setuid sys_rawio sys_admin }; 2 3allow tee vendor_tui_data_file:dir r_dir_perms; 4allow tee vendor_tui_data_file:file rw_file_perms; 5 6allow tee device:dir r_dir_perms; 7 8set_prop(tee, vendor_tee_listener_prop) 9vndbinder_use(tee) 10allow tee block_device:dir r_dir_perms; 11allow tee ssd_block_device:blk_file rw_file_perms; 12allow tee sg_device:chr_file { rw_file_perms setattr }; 13 14allow tee mnt_vendor_file:dir search; 15allow tee persist_file:dir search; 16allow tee persist_file:lnk_file read; 17allow tee persist_drm_file:dir create_dir_perms; 18allow tee persist_drm_file:file create_file_perms; 19 20wakelock_use(tee); 21 22hwbinder_use(tee) 23get_prop(tee, hwservicemanager_prop) 24 25binder_call(tee, hal_tui_comm_qti) 26allow tee hal_tui_comm_hwservice:hwservice_manager find; 27 28binder_call(tee, hal_graphics_composer_default) 29allow tee hal_display_config_hwservice:hwservice_manager find; 30allow tee hal_graphics_allocator_default:fd use; 31 32allow tee time_daemon:unix_stream_socket connectto; 33 34# allow tee access for secure UI to work 35allow tee graphics_device:chr_file rw_file_perms; 36