| type citadel_provision, domain; |
| type citadel_provision_exec, exec_type, vendor_file_type, file_type; |
| |
| # Extra permissions for userdebug that allow lazy-provisioning of |
| # keymaster preshared-keys, used for faceauth authtoken enforcement. |
| # (i.e. for EVT devices that leave factory unprovisioned). |
| userdebug_or_eng(` |
| |
| init_daemon_domain(citadel_provision) |
| |
| vndbinder_use(citadel_provision) |
| binder_call(citadel_provision, citadeld) |
| allow citadel_provision citadeld_service:service_manager find; |
| hwbinder_use(citadel_provision) |
| get_prop(citadel_provision, hwservicemanager_prop) |
| allow citadel_provision hidl_manager_hwservice:hwservice_manager find; |
| |
| allow citadel_provision vndbinder_device:chr_file ioctl; |
| allow citadel_provision self:qipcrtr_socket create_socket_perms_no_ioctl; |
| allow citadel_provision ion_device:chr_file r_file_perms; |
| allow citadel_provision tee_device:chr_file rw_file_perms; |
| get_prop(citadel_provision, vendor_tee_listener_prop); |
| |
| ') |