1# allow run xtest as shell 2domain_auto_trans(shell, tee_exec, tee); 3allow shell tee_exec:file { getattr execute read open execute_no_trans }; 4## allow shell tee_data_file:file { create write open getattr unlink read }; 5## allow shell tee_data_file:dir { write add_name remove_name rename search }; 6## allow shell tee_data_file:chr_file { read write open ioctl }; 7allow tee console_device:chr_file { getattr read write ioctl }; 8allow tee shell:fd { use }; 9 10## allow tee tee_data_file:dir { create rmdir rename }; 11#allow tee system_data_file:file { append }; #write open 12allow tee system_data_file:dir { getattr }; # open write 13allow tee vendor_data_file:dir { getattr open write add_name create}; 14allow tee vendor_data_file:file { getattr write open read create append }; 15 16# For xtest 200x tests 17allow tee tee:tcp_socket { create connect read write getopt setopt }; 18allow tee tee:udp_socket { create connect read write getopt getattr }; 19allow tee tee:capability { net_raw }; 20allow tee fwmarkd_socket:sock_file { write }; 21## allow tee netd:unix_stream_socket { connectto }; 22allow tee port:tcp_socket { name_connect }; 23 24# Rules on netd domain for optee xtest 200x tests 25allow netd tee:tcp_socket { read write getopt setopt }; 26allow netd tee:udp_socket { read write getopt setopt }; 27allow netd tee:fd { use }; 28