| # allow run xtest as shell |
| domain_auto_trans(shell, tee_exec, tee); |
| allow shell tee_exec:file { getattr execute read open execute_no_trans }; |
| ## allow shell tee_data_file:file { create write open getattr unlink read }; |
| ## allow shell tee_data_file:dir { write add_name remove_name rename search }; |
| ## allow shell tee_data_file:chr_file { read write open ioctl }; |
| allow tee console_device:chr_file { getattr read write ioctl }; |
| allow tee shell:fd { use }; |
| |
| ## allow tee tee_data_file:dir { create rmdir rename }; |
| #allow tee system_data_file:file { append }; #write open |
| allow tee system_data_file:dir { getattr }; # open write |
| allow tee vendor_data_file:dir { getattr open write add_name create}; |
| allow tee vendor_data_file:file { getattr write open read create append }; |
| |
| # For xtest 200x tests |
| allow tee tee:tcp_socket { create connect read write getopt setopt }; |
| allow tee tee:udp_socket { create connect read write getopt getattr }; |
| allow tee tee:capability { net_raw }; |
| allow tee fwmarkd_socket:sock_file { write }; |
| ## allow tee netd:unix_stream_socket { connectto }; |
| allow tee port:tcp_socket { name_connect }; |
| |
| # Rules on netd domain for optee xtest 200x tests |
| allow netd tee:tcp_socket { read write getopt setopt }; |
| allow netd tee:udp_socket { read write getopt setopt }; |
| allow netd tee:fd { use }; |
