unplugged-vendor/device/google/crosshatch-sepolicy/vendor/qcom/common/vold.te

get_prop(vold, vendor_tee_listener_prop)

allow vold sysfs_scsi_devices_0000:file w_file_perms;
allow vold sysfs_scsi_devices_other:file w_file_perms;
allow vold sysfs_devices_block:file write;

# allow vold to trim /mnt/vendor/persist by sending ioctl FITRIM
allow vold persist_file:dir { ioctl open read };

# generated by proc scan, unnecessary
dontaudit vold proc_irq:dir read;