diff --git a/dauntless/gsc.mk b/dauntless/gsc.mk
index fd3e3bc..a26644a 100644
--- a/dauntless/gsc.mk
+++ b/dauntless/gsc.mk
@@ -1,2 +1,19 @@
-PRODUCT_PACKAGES += dump_gsc.sh
+# Dauntless
 BOARD_VENDOR_SEPOLICY_DIRS += device/google/gs-common/dauntless/sepolicy
+PRODUCT_SOONG_NAMESPACES += vendor/google_nos/init/dauntless
+
+PRODUCT_PACKAGES += \
+    citadeld \
+    citadel_updater \
+    android.hardware.weaver@1.0-service.citadel \
+    android.hardware.identity@1.0-service.citadel \
+    init_citadel \
+    android.hardware.strongbox_keystore.xml \
+    android.hardware.security.keymint-service.citadel \
+    dump_gsc.sh
+
+# USERDEBUG ONLY: Install test packages
+PRODUCT_PACKAGES_DEBUG += citadel_integration_tests \
+                          pwntest \
+                          nugget_targeted_tests \
+                          CitadelProvision
diff --git a/dauntless/sepolicy/citadel_provision.te b/dauntless/sepolicy/citadel_provision.te
new file mode 100644
index 0000000..5605085
--- /dev/null
+++ b/dauntless/sepolicy/citadel_provision.te
@@ -0,0 +1,6 @@
+type citadel_provision, domain;
+type citadel_provision_exec, exec_type, vendor_file_type, file_type;
+
+userdebug_or_eng(`
+  init_daemon_domain(citadel_provision)
+')
diff --git a/dauntless/sepolicy/citadeld.te b/dauntless/sepolicy/citadeld.te
new file mode 100644
index 0000000..86cb61c
--- /dev/null
+++ b/dauntless/sepolicy/citadeld.te
@@ -0,0 +1,13 @@
+type citadeld, domain;
+type citadeld_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(citadeld)
+
+add_service(citadeld, citadeld_service)
+binder_use(citadeld)
+vndbinder_use(citadeld)
+binder_call(citadeld, system_server)
+
+allow citadeld citadel_device:chr_file rw_file_perms;
+allow citadeld fwk_stats_service:service_manager find;
+allow citadeld hal_power_stats_vendor_service:service_manager find;
diff --git a/dauntless/sepolicy/device.te b/dauntless/sepolicy/device.te
new file mode 100644
index 0000000..f63186f
--- /dev/null
+++ b/dauntless/sepolicy/device.te
@@ -0,0 +1 @@
+type citadel_device, dev_type;
diff --git a/dauntless/sepolicy/file.te b/dauntless/sepolicy/file.te
new file mode 100644
index 0000000..cfc0dea
--- /dev/null
+++ b/dauntless/sepolicy/file.te
@@ -0,0 +1 @@
+type citadel_updater, vendor_file_type, file_type;
diff --git a/dauntless/sepolicy/file_contexts b/dauntless/sepolicy/file_contexts
index 8a03c79..80ff2ae 100644
--- a/dauntless/sepolicy/file_contexts
+++ b/dauntless/sepolicy/file_contexts
@@ -1 +1,10 @@
-/vendor/bin/dump/dump_gsc\.sh        u:object_r:dump_gsc_exec:s0
+/vendor/bin/dump/dump_gsc\.sh                                               u:object_r:dump_gsc_exec:s0
+/vendor/bin/CitadelProvision                                                u:object_r:citadel_provision_exec:s0
+/vendor/bin/hw/init_citadel                                                 u:object_r:init_citadel_exec:s0
+/vendor/bin/hw/android\.hardware\.security\.keymint-service\.citadel        u:object_r:hal_keymint_citadel_exec:s0
+/vendor/bin/hw/android\.hardware\.weaver@1\.0-service\.citadel              u:object_r:hal_weaver_citadel_exec:s0
+/vendor/bin/hw/android\.hardware\.identity@1\.0-service\.citadel            u:object_r:hal_identity_citadel_exec:s0
+/vendor/bin/hw/citadel_updater                                              u:object_r:citadel_updater:s0
+/vendor/bin/hw/citadeld                                                     u:object_r:citadeld_exec:s0
+
+/dev/gsc0                                                                   u:object_r:citadel_device:s0
diff --git a/dauntless/sepolicy/hal_identity_citadel.te b/dauntless/sepolicy/hal_identity_citadel.te
new file mode 100644
index 0000000..c181e27
--- /dev/null
+++ b/dauntless/sepolicy/hal_identity_citadel.te
@@ -0,0 +1,11 @@
+type hal_identity_citadel, domain;
+type hal_identity_citadel_exec, exec_type, vendor_file_type, file_type;
+
+vndbinder_use(hal_identity_citadel)
+binder_call(hal_identity_citadel, citadeld)
+allow hal_identity_citadel citadeld_service:service_manager find;
+allow hal_identity_citadel hal_keymint_citadel:binder call;
+
+hal_server_domain(hal_identity_citadel, hal_identity)
+hal_server_domain(hal_identity_citadel, hal_keymint)
+init_daemon_domain(hal_identity_citadel)
diff --git a/dauntless/sepolicy/hal_keymint_citadel.te b/dauntless/sepolicy/hal_keymint_citadel.te
new file mode 100644
index 0000000..e1a6177
--- /dev/null
+++ b/dauntless/sepolicy/hal_keymint_citadel.te
@@ -0,0 +1,9 @@
+type hal_keymint_citadel, domain;
+type hal_keymint_citadel_exec, exec_type, vendor_file_type, file_type;
+
+hal_server_domain(hal_keymint_citadel, hal_keymint)
+init_daemon_domain(hal_keymint_citadel)
+vndbinder_use(hal_keymint_citadel)
+get_prop(hal_keymint_citadel, vendor_security_patch_level_prop)
+allow hal_keymint_citadel citadeld_service:service_manager find;
+binder_call(hal_keymint_citadel, citadeld)
diff --git a/dauntless/sepolicy/hal_weaver_citadel.te b/dauntless/sepolicy/hal_weaver_citadel.te
new file mode 100644
index 0000000..c47287b
--- /dev/null
+++ b/dauntless/sepolicy/hal_weaver_citadel.te
@@ -0,0 +1,11 @@
+type hal_weaver_citadel, domain;
+type hal_weaver_citadel_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(hal_weaver_citadel)
+hal_server_domain(hal_weaver_citadel, hal_weaver)
+hal_server_domain(hal_weaver_citadel, hal_oemlock)
+hal_server_domain(hal_weaver_citadel, hal_authsecret)
+vndbinder_use(hal_weaver_citadel)
+binder_call(hal_weaver_citadel, citadeld)
+
+allow hal_weaver_citadel citadeld_service:service_manager find;
diff --git a/dauntless/sepolicy/init_citadel.te b/dauntless/sepolicy/init_citadel.te
new file mode 100644
index 0000000..2e986d0
--- /dev/null
+++ b/dauntless/sepolicy/init_citadel.te
@@ -0,0 +1,15 @@
+type init_citadel, domain;
+type init_citadel_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(init_citadel)
+
+# Citadel communication must be via citadeld
+vndbinder_use(init_citadel)
+binder_call(init_citadel, citadeld)
+allow init_citadel citadeld_service:service_manager find;
+
+# Many standard utils are actually vendor_toolbox (like xxd)
+allow init_citadel vendor_toolbox_exec:file rx_file_perms;
+
+# init_citadel needs to invoke citadel_updater
+allow init_citadel citadel_updater:file rx_file_perms;
diff --git a/dauntless/sepolicy/service_contexts b/dauntless/sepolicy/service_contexts
new file mode 100644
index 0000000..ac6a186
--- /dev/null
+++ b/dauntless/sepolicy/service_contexts
@@ -0,0 +1,3 @@
+android.hardware.security.keymint.IKeyMintDevice/strongbox      u:object_r:hal_keymint_service:s0
+android.hardware.security.sharedsecret.ISharedSecret/strongbox  u:object_r:hal_sharedsecret_service:s0
+android.hardware.security.keymint.IRemotelyProvisionedComponent/strongbox  u:object_r:hal_remotelyprovisionedcomponent_service:s0
diff --git a/dauntless/sepolicy/vndservice.te b/dauntless/sepolicy/vndservice.te
new file mode 100644
index 0000000..880c09c
--- /dev/null
+++ b/dauntless/sepolicy/vndservice.te
@@ -0,0 +1 @@
+type citadeld_service, vndservice_manager_type;
diff --git a/dauntless/sepolicy/vndservice_contexts b/dauntless/sepolicy/vndservice_contexts
new file mode 100644
index 0000000..b4df996
--- /dev/null
+++ b/dauntless/sepolicy/vndservice_contexts
@@ -0,0 +1 @@
+android.hardware.citadel.ICitadeld  u:object_r:citadeld_service:s0