#============= rpmb_dev_system ==============
type rpmb_dev_system, domain, coredomain;
type rpmb_dev_system_exec, exec_type, system_file_type, file_type;
type secure_storage_rpmb_system_file, file_type, data_file_type, core_data_file_type;
type rpmb_dev_system_socket, file_type, data_file_type, core_data_file_type;
init_daemon_domain(rpmb_dev_system)
allow rpmb_dev_system metadata_file:dir { search add_name write };
allow rpmb_dev_system metadata_file:file { create open read write };
allow rpmb_dev_system tmpfs:lnk_file read;
allow rpmb_dev_system secure_storage_rpmb_system_file:dir rw_dir_perms;
allow rpmb_dev_system secure_storage_rpmb_system_file:{file sock_file} create_file_perms;
allow rpmb_dev_system secure_storage_rpmb_system_file:lnk_file read;
allow rpmb_dev_system rpmb_dev_system_socket:sock_file rw_file_perms;

#============= storageproxyd_system ==============
type storageproxyd_system, domain, coredomain;
type storageproxyd_system_exec, exec_type, system_file_type, file_type;
type secure_storage_persist_system_file, file_type, data_file_type, core_data_file_type;
type secure_storage_system_file, file_type, data_file_type, core_data_file_type;

init_daemon_domain(storageproxyd_system)
allow storageproxyd_system metadata_file:dir search;
allow storageproxyd_system secure_storage_persist_system_file:dir rw_dir_perms;
allow storageproxyd_system secure_storage_persist_system_file:file { create open read write };
allow storageproxyd_system secure_storage_system_file:dir rw_dir_perms;
allow storageproxyd_system secure_storage_system_file:file { create open read write getattr };
allow storageproxyd_system self:vsock_socket { create_socket_perms_no_ioctl };

unix_socket_connect(storageproxyd_system, rpmb_dev_system, rpmb_dev_system)

# Allow storageproxyd_system access to gsi_public_metadata_file
read_fstab(storageproxyd_system)