From ecc3a24449de25916e0eade736cfa6cde40028df Mon Sep 17 00:00:00 2001
From: Adam Shih <adamshih@google.com>
Date: Wed, 20 Oct 2021 10:35:18 +0800
Subject: [PATCH] fix identity service access

10-20 10:32:58.701   438   438 E SELinux : avc:  denied  { find } for pid=742 uid=9999 name=android.hardware.citadel.ICitadeld scontext=u:r:hal_identity_citadel:s0 tcontext=u:object_r:citadeld_service:s0 tclass=service_manager permissive=1
Bug: 202906902
Test: boot to home with no relevant error

Change-Id: Ia6e09343843f9a5c96e06998ba5c50fb64948d7f
---
 dauntless/hal_identity_citadel.te        | 2 ++
 tracking_denials/hal_identity_citadel.te | 2 --
 2 files changed, 2 insertions(+), 2 deletions(-)
 delete mode 100644 tracking_denials/hal_identity_citadel.te

diff --git a/dauntless/hal_identity_citadel.te b/dauntless/hal_identity_citadel.te
index 7b2c37c3..038a4c58 100644
--- a/dauntless/hal_identity_citadel.te
+++ b/dauntless/hal_identity_citadel.te
@@ -2,3 +2,5 @@ type hal_identity_citadel, domain;
 type hal_identity_citadel_exec, exec_type, vendor_file_type, file_type;
 
 init_daemon_domain(hal_identity_citadel)
+hal_server_domain(hal_identity_citadel, hal_identity)
+allow hal_identity_citadel citadeld_service:service_manager find;
diff --git a/tracking_denials/hal_identity_citadel.te b/tracking_denials/hal_identity_citadel.te
deleted file mode 100644
index c0c7e374..00000000
--- a/tracking_denials/hal_identity_citadel.te
+++ /dev/null
@@ -1,2 +0,0 @@
-# b/202906902
-dontaudit hal_identity_citadel default_android_vndservice:service_manager { find };