rpcraig | e07b8a5 | 2012-08-13 06:09:39 -0400 | [diff] [blame] | 1 | ## |
| 2 | # trusted execution environment (tee) daemon |
| 3 | # |
| 4 | type tee, domain; |
| 5 | type tee_exec, exec_type, file_type; |
| 6 | type tee_device, dev_type; |
| 7 | type tee_data_file, file_type, data_file_type; |
| 8 | |
| 9 | init_daemon_domain(tee) |
| 10 | allow tee self:capability { dac_override }; |
| 11 | allow tee tee_device:chr_file rw_file_perms; |
| 12 | allow tee tee_data_file:dir { getattr write add_name }; |
| 13 | allow tee tee_data_file:file create_file_perms; |
rpcraig | 41e5390 | 2012-12-04 06:45:21 -0500 | [diff] [blame] | 14 | allow tee self:netlink_socket { create bind read }; |