profile global /** flags=(complain, mediate_deleted, attach_disconnected) {
   signal,
   ptrace,
   capability,
   mount,
   umount,
   network,

   /usr/sbin/dropbearmulti cx -> dropbearmulti,
   /bin/bash.bash cx -> shell_profile,
   audit /usr/sbin/tcpdump ix,
   audit /nvram/*.sh wl,
   audit /nvram2/*.sh wl,

   / r,
   allow /** pix,
   allow /** rwlkm,


  profile shell_profile flags=(complain, mediate_deleted, attach_disconnected) {
    signal,
    ptrace,
    capability,
    mount,
    umount,
    network,
    /usr/bin/telemetry2_0 px,
    /usr/bin/CcspHotspot px,
    audit /usr/sbin/tcpdump ix,
    audit /sbin/mount-copybind ix,
    audit /usr/bin/ecfsk ix,
    audit /usr/bin/ecryptfs-add-passphrase ix,

    audit /nvram/** ix,
    audit /nvram2/** ix,
    audit /var/** ix,
    audit /tmp/** ix,

    audit /nvram/** m,
    audit /nvram2/** m,
    / r,
    /** rwixkml,

  }

  profile dropbearmulti flags=(complain, mediate_deleted, attach_disconnected) {
    signal,
    ptrace,
    capability,
    mount,
    umount,
    network,

    audit /usr/sbin/tcpdump ix,
    audit /var/spool/cron/crontabs/root w,
    audit /usr/bin/crontab ix,
    audit /sbin/mount-copybind ix,
    audit /opt/secure/data/syscfg.db w,
    audit /tmp/pqp/** r,
    audit /usr/bin/ecfsk ix,
    audit /usr/bin/ecryptfs-add-passphrase ix,

    audit /rdklogs/logs/messages.txt w,

    audit /bin/kmod ix,
    audit /bin/systemctl ix,

    audit /nvram/** wl,
    audit /nvram2/** wl,

    audit /nvram/** ix,
    audit /nvram2/** ix,
    audit /var/** ix,
    audit /tmp/** ix,

    audit /nvram/** m,
    audit /nvram2/** m,
    / r,
    /** rwixkml,
 }
}