device/rockchip/common/sepolicy/vendor/rk_store_keybox.te

type rk_store_keybox, domain, mlstrustedsubject;
type rk_store_keybox_exec, exec_type, vendor_file_type, file_type;

init_daemon_domain(rk_store_keybox)
allow rk_store_keybox tee_device:chr_file { read write ioctl open };
allow rk_store_keybox rootfs:lnk_file getattr;
allow rk_store_keybox rk_store_keybox_exec:file { read open getattr execute execute_no_trans };

allow rk_store_keybox uboot_block_device:blk_file { ioctl open read write };
allow rk_store_keybox storage_device:chr_file { ioctl open read write setattr };
allow rk_store_keybox rpmb_block_device:blk_file { ioctl open read write };
allow rk_store_keybox vendor_shell_exec:file { execute execute_no_trans };

dontaudit rk_store_keybox self:capability { dac_override };
android 13 from xiaosuan 2025-08-25 08:28:21 +08:00			`type rk_store_keybox, domain, mlstrustedsubject;`
			`type rk_store_keybox_exec, exec_type, vendor_file_type, file_type;`

			`init_daemon_domain(rk_store_keybox)`
			`allow rk_store_keybox tee_device:chr_file { read write ioctl open };`
			`allow rk_store_keybox rootfs:lnk_file getattr;`
			`allow rk_store_keybox rk_store_keybox_exec:file { read open getattr execute execute_no_trans };`

			`allow rk_store_keybox uboot_block_device:blk_file { ioctl open read write };`
			`allow rk_store_keybox storage_device:chr_file { ioctl open read write setattr };`
			`allow rk_store_keybox rpmb_block_device:blk_file { ioctl open read write };`
			`allow rk_store_keybox vendor_shell_exec:file { execute execute_no_trans };`

			`dontaudit rk_store_keybox self:capability { dac_override };`