Update SE-policy to enable citadel communication
Allow dumpstate to invoke citadel_updater (which
communicates with citadeld).
Bug: 112442165
Test: bugreport contains citadel info
Change-Id: I4919938c2c8e734f26f149da55d211dc22e9d8fc
(cherry picked from commit 128453d0c6e2a3835ea29f2a0ab7d5ceb5fa5dca)
diff --git a/vendor/qcom/common/hal_dumpstate_impl.te b/vendor/qcom/common/hal_dumpstate_impl.te
index b71a3d9..431bf41 100644
--- a/vendor/qcom/common/hal_dumpstate_impl.te
+++ b/vendor/qcom/common/hal_dumpstate_impl.te
@@ -113,3 +113,10 @@
# Dump PMIC votables
allow hal_dumpstate_impl debugfs_pmic_votable:dir r_dir_perms;
allow hal_dumpstate_impl debugfs_pmic_votable:file r_file_perms;
+
+userdebug_or_eng(`
+ # Citadel communication must be via citadeld
+ vndbinder_use(hal_dumpstate_impl)
+ binder_call(hal_dumpstate_impl, citadeld)
+ allow hal_dumpstate_impl citadeld_service:service_manager find;
+')