sepolicy: add chr_file access rule for citadel_updater
citadel_updater: type=1400 audit(0.0:272): avc: denied { getattr }
for path="/dev/citadel0" dev="tmpfs" ino=20212 scontext=u:r:init_citadel:s0
tcontext=u:object_r:citadel_device:s0 tclass=chr_file permissive=1
citadel_updater: type=1400 audit(0.0:273): avc: denied { read write }
for name="citadel0" dev="tmpfs" ino=20212 scontext=u:r:init_citadel:s0
tcontext=u:object_r:citadel_device:s0 tclass=chr_file permissive=1
citadel_updater: type=1400 audit(0.0:274): avc: denied { open } for
path="/dev/citadel0" dev="tmpfs" ino=20212 scontext=u:r:init_citadel:s0
tcontext=u:object_r:citadel_device:s0 tclass=chr_file permissive=1
Bug: 158141330
Bug: 155575137
Change-Id: Ie4b9ead91e8368939c526bceb0d0c5f3b42e394e
diff --git a/vendor/google/init_citadel.te b/vendor/google/init_citadel.te
index f96ab15..1f055c6 100644
--- a/vendor/google/init_citadel.te
+++ b/vendor/google/init_citadel.te
@@ -6,6 +6,8 @@
allow init_citadel vendor_toolbox_exec:file rx_file_perms;
allow init_citadel vendor_file:file rx_file_perms;
+allow init_citadel citadel_device:chr_file rw_file_perms;
+
# Citadel communication must be via citadeld
vndbinder_use(init_citadel)
binder_call(init_citadel, citadeld)
