Add mDL oem hal sepolicy for bonito.
Bug: 136506289
Test: build success
Change-Id: I1f52e138397d16136b8a41238a9ff536eca173cf
diff --git a/vendor/google/file_contexts b/vendor/google/file_contexts
index 286acd7..f05a961 100644
--- a/vendor/google/file_contexts
+++ b/vendor/google/file_contexts
@@ -9,6 +9,7 @@
/vendor/bin/hw/android\.hardware\.weaver@1\.0-service\.citadel u:object_r:hal_weaver_citadel_exec:s0
/vendor/bin/hw/android\.hardware\.keymaster@4\.1-service\.citadel u:object_r:hal_keymaster_citadel_exec:s0
/vendor/bin/hw/android\.hardware\.rebootescrow-service\.citadel u:object_r:hal_rebootescrow_citadel_exec:s0
+/vendor/bin/hw/android\.hardware\.identity@1\.0-service\.citadel u:object_r:hal_identity_citadel_exec:s0
/vendor/bin/hw/citadeld u:object_r:citadeld_exec:s0
/vendor/bin/hw/init_citadel u:object_r:init_citadel_exec:s0
/vendor/bin/hw/wait_for_strongbox u:object_r:wait_for_strongbox_exec:s0
diff --git a/vendor/google/hal_identity_citadel.te b/vendor/google/hal_identity_citadel.te
new file mode 100644
index 0000000..e29310c
--- /dev/null
+++ b/vendor/google/hal_identity_citadel.te
@@ -0,0 +1,9 @@
+type hal_identity_citadel, domain;
+type hal_identity_citadel_exec, exec_type, vendor_file_type, file_type;
+
+vndbinder_use(hal_identity_citadel)
+binder_call(hal_identity_citadel, citadeld)
+allow hal_identity_citadel citadeld_service:service_manager find;
+
+hal_server_domain(hal_identity_citadel, hal_identity)
+init_daemon_domain(hal_identity_citadel)
