Merge "Add mDL oem hal sepolicy for sunfish." into rvc-dev

2 files changed, 10 insertions, 0 deletions

diff --git a/vendor/google/file_contexts b/vendor/google/file_contexts
index df7bfa6..1e80b98 100644
--- a/vendor/google/file_contexts
+++ b/vendor/google/file_contexts
@@ -21,6 +21,7 @@
 /vendor/bin/hw/android\.hardware\.contexthub@1\.1-service\.generic                    u:object_r:hal_contexthub_default_exec:s0
 /vendor/bin/hw/android\.hardware\.dumpstate@1\.1-service\.sunfish                     u:object_r:hal_dumpstate_impl_exec:s0
 /vendor/bin/hw/android\.hardware\.keymaster@4\.1-service\.citadel                     u:object_r:hal_keymaster_citadel_exec:s0
+/vendor/bin/hw/android\.hardware\.identity@1\.0-service\.citadel                      u:object_r:hal_identity_citadel_exec:s0
 /vendor/bin/hw/android\.hardware\.neuralnetworks@1\.0-service-paintbox                u:object_r:hal_neuralnetworks_paintbox_exec:s0
 /vendor/bin/hw/android\.hardware\.neuralnetworks@1\.2-service-noronha                 u:object_r:hal_neuralnetworks_darwinn_exec:s0
 /vendor/bin/hw/android\.hardware\.power\.stats@1\.0-service\.pixel                    u:object_r:hal_power_stats_default_exec:s0
diff --git a/vendor/google/hal_identity_citadel.te b/vendor/google/hal_identity_citadel.te
new file mode 100644
index 0000000..e29310c
--- /dev/null
+++ b/vendor/google/hal_identity_citadel.te
@@ -0,0 +1,9 @@
+type hal_identity_citadel, domain;
+type hal_identity_citadel_exec, exec_type, vendor_file_type, file_type;
+
+vndbinder_use(hal_identity_citadel)
+binder_call(hal_identity_citadel, citadeld)
+allow hal_identity_citadel citadeld_service:service_manager find;
+
+hal_server_domain(hal_identity_citadel, hal_identity)
+init_daemon_domain(hal_identity_citadel)