Keymint: Fix SELinux denial

Also remove -dontaudit- configuration.

Bug: 205073229
Bug: 205655569
Bug: 205904323
Change-Id: If8de3b4e6ee01488fdd563b702fbba1bd7c73ef0

dauntless/hal_keymint_citadel.te

@@ -1,8 +1,9 @@
 type hal_keymint_citadel, domain;
 type hal_keymint_citadel_exec, exec_type, vendor_file_type, file_type;
 
-init_daemon_domain(hal_keymint_citadel)
-
 hal_server_domain(hal_keymint_citadel, hal_keymint)
-
+init_daemon_domain(hal_keymint_citadel)
+vndbinder_use(hal_keymint_citadel)
+get_prop(hal_keymint_citadel, vendor_security_patch_level_prop)
 allow hal_keymint_citadel citadeld_service:service_manager find;
+binder_call(hal_keymint_citadel, citadeld)

tracking_denials/hal_keymint_citadel.te

@@ -1,14 +0,0 @@
-# b/205073229
-dontaudit hal_keymint_citadel vendor_security_patch_level_prop:file { getattr };
-dontaudit hal_keymint_citadel vendor_security_patch_level_prop:file { map };
-dontaudit hal_keymint_citadel vendor_security_patch_level_prop:file { open };
-dontaudit hal_keymint_citadel vendor_security_patch_level_prop:file { read };
-# b/205655569
-dontaudit hal_keymint_citadel vndbinder_device:chr_file { ioctl };
-dontaudit hal_keymint_citadel vndbinder_device:chr_file { map };
-dontaudit hal_keymint_citadel vndbinder_device:chr_file { open };
-dontaudit hal_keymint_citadel vndbinder_device:chr_file { read };
-dontaudit hal_keymint_citadel vndbinder_device:chr_file { write };
-# b/205904323
-dontaudit hal_keymint_citadel citadeld:binder { call };
-dontaudit hal_keymint_citadel vndservicemanager:binder { call };