sepolicy: add permissions to let recovery wipe citadel
This gives recovery the ability to remove user data from citadel in the
same manner as issuing a `fastboot -w` does. This doesn't allow for
resetting FRP data, just user data.
audit: type=1400 audit(1646379959.016:9): avc: denied { getattr } for
pid=348 comm="recovery" path="/dev/gsc0" dev="tmpfs" ino=754
scontext=u:r:recovery:s0 tcontext=u:object_r:citadel_device:s0
tclass=chr_file permissive=0
Bug: 222005928
Change-Id: Ia6113999aecacbbbb31d7a8659a45c0e5a0db2c9
1 file changed