# ==============================================
# Common SEPolicy Rule
# ==============================================

typeattribute teed_app coredomain;

app_domain(teed_app)
binder_service(teed_app)
binder_use(teed_app)

add_service(teed_app, tee_service)

hal_client_domain(teed_app, hal_tee)
hal_client_domain(teed_app, hal_allocator)

allow teed_app activity_service:service_manager find;
allow teed_app connectivity_service:service_manager find;
allow teed_app display_service:service_manager find;
allow teed_app network_management_service:service_manager find;
allow teed_app notification_service:service_manager find;

allow teed_app system_app_data_file:dir { getattr search };

#============= teed_app for TUI ==============
allow teed_app surfaceflinger_service:service_manager find;
allow teed_app activity_task_service:service_manager find;
allow teed_app media_session_service:service_manager find;
allow teed_app system_data_file:dir search;
allow teed_app user_profile_root_file:dir search;
allow teed_app audio_service:service_manager find;
allow teed_app content_capture_service:service_manager find;
allow teed_app gpu_service:service_manager find;

#============= teed_app for thermal_service ==============
allow teed_app thermal_service:service_manager find;