1type init_citadel, domain; 2type init_citadel_exec, exec_type, vendor_file_type, file_type; 3 4init_daemon_domain(init_citadel) 5 6# Citadel communication must be via citadeld 7vndbinder_use(init_citadel) 8binder_call(init_citadel, citadeld) 9allow init_citadel citadeld_service:service_manager find; 10 11# Many standard utils are actually vendor_toolbox (like xxd) 12allow init_citadel vendor_toolbox_exec:file rx_file_perms; 13 14# init_citadel needs to invoke citadel_updater 15allow init_citadel citadel_updater:file rx_file_perms; 16