Grant hal_weaver_citadel access to vndbinder and citadeld

Test: boot to home under enforcing mode Bug: 205657092 Bug: 205904286 Change-Id: Ic6f46f0c827d202fd81fb744f4ec3241b24396d6
2022-01-03 10:32:22 +08:00 · 2022-01-03 10:32:22 +08:00 · be9bc5e2da
commit be9bc5e2da
parent 70d78900fd
2 changed files with 2 additions and 9 deletions
--- a/dauntless/hal_weaver_citadel.te
+++ b/dauntless/hal_weaver_citadel.te
@ -5,5 +5,7 @@ init_daemon_domain(hal_weaver_citadel)
 hal_server_domain(hal_weaver_citadel, hal_weaver)
 hal_server_domain(hal_weaver_citadel, hal_oemlock)
 hal_server_domain(hal_weaver_citadel, hal_authsecret)
+vndbinder_use(hal_weaver_citadel)
+binder_call(hal_weaver_citadel, citadeld)

 allow hal_weaver_citadel citadeld_service:service_manager find;
--- a/tracking_denials/hal_weaver_citadel.te
+++ b/tracking_denials/hal_weaver_citadel.te
@ -1,9 +0,0 @@
-# b/205657092
-dontaudit hal_weaver_citadel vndbinder_device:chr_file { ioctl };
-dontaudit hal_weaver_citadel vndbinder_device:chr_file { map };
-dontaudit hal_weaver_citadel vndbinder_device:chr_file { open };
-dontaudit hal_weaver_citadel vndbinder_device:chr_file { read };
-dontaudit hal_weaver_citadel vndbinder_device:chr_file { write };
-# b/205904286
-dontaudit hal_weaver_citadel citadeld:binder { call };
-dontaudit hal_weaver_citadel vndservicemanager:binder { call };