# teecd manager
type teecd, domain;
type teecd_exec, exec_type, file_type;

init_daemon_domain(teecd)
domain_auto_trans(shell, teecd_exec, teecd)

allow teecd shell:fd {use};

allow teecd serial_device:chr_file { read write};
allow teecd console_device:chr_file { read write getattr ioctl};
allow teecd tc_ns_client_device:chr_file {open read write ioctl};

allow teecd self:capability { dac_override chown};
allow teecd system_data_file:dir { create write add_name setattr};

allow teecd tmpfs:dir {create  write add_name};
allow teecd teecd_tmpfs:file {create  open getattr };


#allow teecd system_data_file: file { write open create };
#allow teecd mediaserver: dir { search };
#allow teecd mediaserver: file { read open getattr };
#allow teecd drmserver: dir { search };
#allow teecd drmserver: file { read open getattr };
#allow teecd paymentserver: dir { search };
#allow teecd paymentserver: file { read open getattr};

#allow teecd init:dir { search };
#allow teecd init:file { read open getattr };
#allow teecd dcasserver:dir { search };
#allow teecd dcasserver:file { read open getattr };