restart dauntless sepolicy

Bug: 199685763
Test: build ROM with relevant modules labeled correctly
Change-Id: I9d01ad1dea9da059cb91142adadd3f55f50cf9ca

dauntless/citadel_provision.te

@@ -0,0 +1,6 @@
+type citadel_provision, domain;
+type citadel_provision_exec, exec_type, vendor_file_type, file_type;
+
+userdebug_or_eng(`
+  init_daemon_domain(citadel_provision)
+')

dauntless/citadeld.te

@@ -0,0 +1,4 @@
+type citadeld, domain;
+type citadeld_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(citadeld)

dauntless/device.te

@@ -0,0 +1 @@
+type citadel_device, dev_type;

dauntless/file.te

@@ -0,0 +1 @@
+type citadel_updater, vendor_file_type, file_type;

dauntless/file_contexts

@@ -0,0 +1,9 @@
+/vendor/bin/CitadelProvision                                                u:object_r:citadel_provision_exec:s0
+/vendor/bin/hw/init_citadel                                                 u:object_r:init_citadel_exec:s0
+/vendor/bin/hw/android\.hardware\.security\.keymint-service\.citadel        u:object_r:hal_keymint_citadel_exec:s0
+/vendor/bin/hw/android\.hardware\.weaver@1\.0-service\.citadel              u:object_r:hal_weaver_citadel_exec:s0
+/vendor/bin/hw/android\.hardware\.identity@1\.0-service\.citadel            u:object_r:hal_identity_citadel_exec:s0
+/vendor/bin/hw/citadel_updater                                              u:object_r:citadel_updater:s0
+/vendor/bin/hw/citadeld                                                     u:object_r:citadeld_exec:s0
+
+/dev/gsc0                                                                   u:object_r:citadel_device:s0

dauntless/hal_identity_citadel.te

@@ -0,0 +1,4 @@
+type hal_identity_citadel, domain;
+type hal_identity_citadel_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(hal_identity_citadel)

dauntless/hal_keymint_citadel.te

@@ -0,0 +1,4 @@
+type hal_keymint_citadel, domain;
+type hal_keymint_citadel_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(hal_keymint_citadel)

dauntless/hal_weaver_citadel.te

@@ -0,0 +1,4 @@
+type hal_weaver_citadel, domain;
+type hal_weaver_citadel_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(hal_weaver_citadel)

dauntless/init_citadel.te

@@ -0,0 +1,4 @@
+type init_citadel, domain;
+type init_citadel_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(init_citadel)

dauntless/vndservice.te

@@ -0,0 +1 @@
+type citadeld_service, vndservice_manager_type;

gs201-sepolicy.mk

@@ -14,8 +14,8 @@ SYSTEM_EXT_PRIVATE_SEPOLICY_DIRS += device/google/gs201-sepolicy/system_ext/priv
 #
 # Pixel-wide
 #
-#   Dauntless (uses Citadel policy currently)
-BOARD_SEPOLICY_DIRS += hardware/google/pixel-sepolicy/citadel
+# Dauntless sepolicy (b/199685763)
+BOARD_SEPOLICY_DIRS += device/google/gs201-sepolicy/dauntless
 
 #   Wifi
 BOARD_SEPOLICY_DIRS += hardware/google/pixel-sepolicy/wifi_ext

legacy/file_contexts

@@ -183,9 +183,6 @@
 # R4
 /vendor/bin/hw/hardware\.qorvo\.uwb-service                          u:object_r:hal_uwb_vendor_default_exec:s0
 
-# Citadel StrongBox
-/dev/gsc0                                                                   u:object_r:citadel_device:s0
-
 # Tetheroffload Service
 /dev/dit2                      u:object_r:vendor_toe_device:s0
 /vendor/bin/hw/vendor\.samsung_slsi\.hardware\.tetheroffload@1\.0-service     u:object_r:hal_tetheroffload_default_exec:s0

legacy/hal_dumpstate_default.te

@@ -84,7 +84,7 @@ allow hal_dumpstate_default sysfs_scsi_devices_0000:dir r_dir_perms;
 allow hal_dumpstate_default sysfs_scsi_devices_0000:file r_file_perms;
 
 allow hal_dumpstate_default citadeld_service:service_manager find;
-allow hal_dumpstate_default citadel_updater_exec:file execute_no_trans;
+allow hal_dumpstate_default citadel_updater:file execute_no_trans;
 binder_call(hal_dumpstate_default, citadeld);
 
 allow hal_dumpstate_default vendor_displaycolor_service:service_manager find;

whitechapel_pro/vndservice.te

@@ -0,0 +1 @@
+type hal_power_stats_vendor_service,      vndservice_manager_type;