From 52c078f96e68b89f2a5eade20262aa12a80cae86 Mon Sep 17 00:00:00 2001
From: nagendra modadugu <ngm@google.com>
Date: Tue, 14 Aug 2018 11:31:56 -0700
Subject: Update SE-policy to enable citadel communication

Allow dumpstate to invoke citadel_updater (which
communicates with citadeld).

Bug: 112442165
Test: bugreport contains citadel info
Change-Id: I4919938c2c8e734f26f149da55d211dc22e9d8fc
(cherry picked from commit 128453d0c6e2a3835ea29f2a0ab7d5ceb5fa5dca)
---
 vendor/qcom/common/hal_dumpstate_impl.te | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/vendor/qcom/common/hal_dumpstate_impl.te b/vendor/qcom/common/hal_dumpstate_impl.te
index b71a3d9..431bf41 100644
--- a/vendor/qcom/common/hal_dumpstate_impl.te
+++ b/vendor/qcom/common/hal_dumpstate_impl.te
@@ -113,3 +113,10 @@ allow hal_dumpstate_impl debugfs_maxfg:file r_file_perms;
 # Dump PMIC votables
 allow hal_dumpstate_impl debugfs_pmic_votable:dir r_dir_perms;
 allow hal_dumpstate_impl debugfs_pmic_votable:file r_file_perms;
+
+userdebug_or_eng(`
+  # Citadel communication must be via citadeld
+  vndbinder_use(hal_dumpstate_impl)
+  binder_call(hal_dumpstate_impl, citadeld)
+  allow hal_dumpstate_impl citadeld_service:service_manager find;
+')
-- 
cgit v1.2.3