Sepolicy update for Automotive Display Service

Bug: 140395359
Test: make sepolicy -j
Change-Id: Ib6ddf55210d8a8ee4868359c88e3d177edce9610
Signed-off-by: Changyeon Jo <changyeon@google.com>

private/automotive_display_service.te

@@ -0,0 +1,20 @@
+# Display service for Automotive
+type automotive_display, domain, coredomain;
+type automotive_display_exec, system_file_type, exec_type, file_type;
+
+init_daemon_domain(automotive_display)
+
+# Allow to use Binder IPC for SurfaceFlinger.
+binder_use(automotive_display)
+
+# Allow to use HwBinder IPC for HAL implementations.
+hwbinder_use(automotive_display)
+
+# Allow to read the target property.
+get_prop(automotive_display, hwservicemanager_prop)
+
+# Allow to find SurfaceFlinger.
+allow automotive_display surfaceflinger_service:service_manager find;
+
+# Allow client domain to do binder IPC to serverdomain.
+binder_call(automotive_display, surfaceflinger)

private/automotive_display_service_server.te

@@ -0,0 +1 @@
+add_hwservice(automotive_display, fwk_automotive_display_hwservice)

private/compat/29.0/29.0.ignore.cil

@@ -14,6 +14,8 @@
     app_integrity_service
     app_search_service
     auth_service
+    automotive_display
+    automotive_display_exec
     ashmem_libcutils_device
     blob_store_service
     binder_cache_system_server_prop
@@ -30,6 +32,7 @@
     device_config_sys_traced_prop
     exported_camera_prop
     file_integrity_service
+    fwk_automotive_display_hwservice
     gmscore_app
     hal_can_bus_hwservice
     hal_can_controller_hwservice

private/file_contexts

@@ -343,6 +343,7 @@
 /system/bin/notify_traceur\.sh       u:object_r:notify_traceur_exec:s0
 /system/bin/migrate_legacy_obb_data\.sh u:object_r:migrate_legacy_obb_data_exec:s0
 /system/bin/aidl_lazy_test_server    u:object_r:aidl_lazy_test_server_exec:s0
+/system/bin/android\.frameworks\.automotive\.display@1\.0-service u:object_r:automotive_display_exec:s0
 
 #############################
 # Vendor files

private/hwservice_contexts

@@ -4,6 +4,7 @@ android.frameworks.displayservice::IDisplayService              u:object_r:fwk_d
 android.frameworks.schedulerservice::ISchedulingPolicyService   u:object_r:fwk_scheduler_hwservice:s0
 android.frameworks.sensorservice::ISensorManager                u:object_r:fwk_sensor_hwservice:s0
 android.frameworks.stats::IStats                                u:object_r:fwk_stats_hwservice:s0
+android.frameworks.automotive.display::ICarWindowService        u:object_r:fwk_automotive_display_hwservice:s0
 android.hardware.atrace::IAtraceDevice                          u:object_r:hal_atrace_hwservice:s0
 android.hardware.audio.effect::IEffectsFactory                  u:object_r:hal_audio_hwservice:s0
 android.hardware.audio::IDevicesFactory                         u:object_r:hal_audio_hwservice:s0

public/attributes

@@ -353,6 +353,7 @@ hal_attribute(wifi_supplicant);
 # from one core domain to another, without having to update the vendor image
 # which contains clients of this service.
 
+attribute automotive_display_service_server;
 attribute camera_service_server;
 attribute display_service_server;
 attribute scheduler_service_server;

public/hwservice.te

@@ -6,6 +6,7 @@ type fwk_display_hwservice, hwservice_manager_type, coredomain_hwservice, protec
 type fwk_scheduler_hwservice, hwservice_manager_type, coredomain_hwservice, protected_hwservice;
 type fwk_sensor_hwservice, hwservice_manager_type, coredomain_hwservice, protected_hwservice;
 type fwk_stats_hwservice, hwservice_manager_type, coredomain_hwservice, protected_hwservice;
+type fwk_automotive_display_hwservice, hwservice_manager_type, coredomain_hwservice, protected_hwservice;
 type hal_atrace_hwservice, hwservice_manager_type, protected_hwservice;
 type hal_audio_hwservice, hwservice_manager_type, protected_hwservice;
 type hal_audiocontrol_hwservice, hwservice_manager_type, protected_hwservice;