Update SE-policy to enable citadel communication

Allow dumpstate to invoke citadel_updater (which communicates with citadeld). Bug: 112442165 Test: bugreport contains citadel info Change-Id: I4919938c2c8e734f26f149da55d211dc22e9d8fc (cherry picked from commit 128453d0c6e2a3835ea29f2a0ab7d5ceb5fa5dca)
author: nagendra modadugu <ngm@google.com> 2018-08-14 11:31:56 -0700
committer: android-build-team Robot <android-build-team-robot@google.com> 2018-08-16 02:13:06 +0000
commit: 52c078f96e68b89f2a5eade20262aa12a80cae86 (patch)
tree: 20c57898097f938d7b650a25d25670a443b31af9
parent: a215aef826b0c90246f766c1c678c05d12cd95ca (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/vendor/qcom/common/hal_dumpstate_impl.te b/vendor/qcom/common/hal_dumpstate_impl.te
index b71a3d9..431bf41 100644
--- a/vendor/qcom/common/hal_dumpstate_impl.te
+++ b/vendor/qcom/common/hal_dumpstate_impl.te
@@ -113,3 +113,10 @@ allow hal_dumpstate_impl debugfs_maxfg:file r_file_perms;
 # Dump PMIC votables
 allow hal_dumpstate_impl debugfs_pmic_votable:dir r_dir_perms;
 allow hal_dumpstate_impl debugfs_pmic_votable:file r_file_perms;
+
+userdebug_or_eng(`
+  # Citadel communication must be via citadeld
+  vndbinder_use(hal_dumpstate_impl)
+  binder_call(hal_dumpstate_impl, citadeld)
+  allow hal_dumpstate_impl citadeld_service:service_manager find;
+')
author	nagendra modadugu <ngm@google.com>	2018-08-14 11:31:56 -0700
committer	android-build-team Robot <android-build-team-robot@google.com>	2018-08-16 02:13:06 +0000
commit	52c078f96e68b89f2a5eade20262aa12a80cae86 (patch)
tree	20c57898097f938d7b650a25d25670a443b31af9
parent	a215aef826b0c90246f766c1c678c05d12cd95ca (diff)