Let incidentd read the wakeup_sources debugfs node for userdebug/eng builds

Currently, incidentd is allowed to read the wakeup_sources debugfs
node only if a device does not enforce debugfs restrictions. If a device
enforces debugfs restrictions, debugfs cannot be mounted on user builds,
but can be mounted on userdebug and eng builds.

Processes that need to use debugfs should therefore be able to
access it on userdebug and eng builds. So, allow incidentd to
read the wakeup sources debugfs node for userdebug and eng builds.

Bug: 300477252
Change-Id: I9bb480a0418a6d176b39753d552f409e139be178
Signed-off-by: Isaac J. Manjarres <isaacmanjarres@google.com>

private/domain.te

@@ -668,6 +668,7 @@ enforce_debugfs_restriction(`
     userdebug_or_eng(`
       -init
       -hal_dumpstate
+      -incidentd
     ')
   } { debugfs_type
       userdebug_or_eng(`-debugfs_kcov')

private/incidentd.te

@@ -29,9 +29,7 @@ unix_socket_send(incidentd, statsdw, statsd)
 allow incidentd proc_pagetypeinfo:file r_file_perms;
 
 # section id 2002, allow reading /d/wakeup_sources
-no_debugfs_restriction(`
-  allow incidentd debugfs_wakeup_sources:file r_file_perms;
-')
+userdebug_or_eng(`allow incidentd debugfs_wakeup_sources:file r_file_perms');
 
 # section id 2003, allow executing top
 allow incidentd proc_meminfo:file { open read };