From b627a2f18b0eb7e1541f90fc4a122db1053eea91 Mon Sep 17 00:00:00 2001
From: Adam Shih <adamshih@google.com>
Date: Mon, 3 Jan 2022 10:36:37 +0800
Subject: [PATCH] Grant citadeld access

Test: boot to home under enforcing mode
Bug: 205657177
Bug: 205904322
Change-Id: I49a7f14d4948f94814067e7ef137186610547033
---
 dauntless/citadeld.te        |  2 ++
 tracking_denials/citadeld.te | 12 ------------
 2 files changed, 2 insertions(+), 12 deletions(-)

diff --git a/dauntless/citadeld.te b/dauntless/citadeld.te
index f170c97b..c2dbf74d 100644
--- a/dauntless/citadeld.te
+++ b/dauntless/citadeld.te
@@ -5,6 +5,8 @@ init_daemon_domain(citadeld)
 
 add_service(citadeld, citadeld_service)
 binder_use(citadeld)
+vndbinder_use(citadeld)
 
+allow citadeld citadel_device:chr_file rw_file_perms;
 allow citadeld fwk_stats_service:service_manager find;
 allow citadeld hal_power_stats_vendor_service:service_manager find;
diff --git a/tracking_denials/citadeld.te b/tracking_denials/citadeld.te
index 32621376..d357ce9a 100644
--- a/tracking_denials/citadeld.te
+++ b/tracking_denials/citadeld.te
@@ -1,14 +1,2 @@
-# b/205657177
-dontaudit citadeld citadel_device:chr_file { getattr };
-dontaudit citadeld citadel_device:chr_file { ioctl };
-dontaudit citadeld citadel_device:chr_file { open };
-dontaudit citadeld citadel_device:chr_file { read write };
-dontaudit citadeld vndbinder_device:chr_file { ioctl };
-dontaudit citadeld vndbinder_device:chr_file { map };
-dontaudit citadeld vndbinder_device:chr_file { open };
-dontaudit citadeld vndbinder_device:chr_file { read };
-dontaudit citadeld vndbinder_device:chr_file { write };
 # b/205904322
 dontaudit citadeld system_server:binder { call };
-dontaudit citadeld vndservicemanager:binder { call };
-dontaudit citadeld vndservicemanager:binder { transfer };