From be9bc5e2dabf3f8fb81f391f10aa37061b204d02 Mon Sep 17 00:00:00 2001
From: Adam Shih <adamshih@google.com>
Date: Mon, 3 Jan 2022 10:32:22 +0800
Subject: [PATCH] Grant hal_weaver_citadel access to vndbinder and citadeld

Test: boot to home under enforcing mode
Bug: 205657092
Bug: 205904286
Change-Id: Ic6f46f0c827d202fd81fb744f4ec3241b24396d6
---
 dauntless/hal_weaver_citadel.te        | 2 ++
 tracking_denials/hal_weaver_citadel.te | 9 ---------
 2 files changed, 2 insertions(+), 9 deletions(-)
 delete mode 100644 tracking_denials/hal_weaver_citadel.te

diff --git a/dauntless/hal_weaver_citadel.te b/dauntless/hal_weaver_citadel.te
index 26528c4b..c47287b9 100644
--- a/dauntless/hal_weaver_citadel.te
+++ b/dauntless/hal_weaver_citadel.te
@@ -5,5 +5,7 @@ init_daemon_domain(hal_weaver_citadel)
 hal_server_domain(hal_weaver_citadel, hal_weaver)
 hal_server_domain(hal_weaver_citadel, hal_oemlock)
 hal_server_domain(hal_weaver_citadel, hal_authsecret)
+vndbinder_use(hal_weaver_citadel)
+binder_call(hal_weaver_citadel, citadeld)
 
 allow hal_weaver_citadel citadeld_service:service_manager find;
diff --git a/tracking_denials/hal_weaver_citadel.te b/tracking_denials/hal_weaver_citadel.te
deleted file mode 100644
index b847751f..00000000
--- a/tracking_denials/hal_weaver_citadel.te
+++ /dev/null
@@ -1,9 +0,0 @@
-# b/205657092
-dontaudit hal_weaver_citadel vndbinder_device:chr_file { ioctl };
-dontaudit hal_weaver_citadel vndbinder_device:chr_file { map };
-dontaudit hal_weaver_citadel vndbinder_device:chr_file { open };
-dontaudit hal_weaver_citadel vndbinder_device:chr_file { read };
-dontaudit hal_weaver_citadel vndbinder_device:chr_file { write };
-# b/205904286
-dontaudit hal_weaver_citadel citadeld:binder { call };
-dontaudit hal_weaver_citadel vndservicemanager:binder { call };