1allow tee self:capability { chown setgid setuid sys_rawio sys_admin }; 2 3allow tee vendor_tui_data_file:dir r_dir_perms; 4allow tee vendor_tui_data_file:file rw_file_perms; 5 6allow tee device:dir r_dir_perms; 7 8set_prop(tee, vendor_tee_listener_prop) 9vndbinder_use(tee) 10allow tee block_device:dir r_dir_perms; 11allow tee ssd_block_device:blk_file rw_file_perms; 12allow tee sg_device:chr_file { rw_file_perms setattr }; 13 14allow tee mnt_vendor_file:dir r_dir_perms; 15allow tee persist_file:dir r_dir_perms; 16allow tee persist_file:lnk_file read; 17allow tee persist_drm_file:dir create_dir_perms; 18allow tee persist_drm_file:file create_file_perms; 19 20# b/198130336 21dontaudit tee tmpfs:dir read; 22 23wakelock_use(tee); 24 25hwbinder_use(tee) 26get_prop(tee, hwservicemanager_prop) 27 28binder_call(tee, hal_tui_comm_qti) 29allow tee hal_tui_comm_hwservice:hwservice_manager find; 30 31binder_call(tee, hal_graphics_composer_default) 32allow tee hal_display_config_hwservice:hwservice_manager find; 33allow tee hal_graphics_allocator_default:fd use; 34 35allow tee time_daemon:unix_stream_socket connectto; 36 37# allow tee access for secure UI to work 38allow tee graphics_device:chr_file rw_file_perms; 39