sepolicy: Add policy for VR HIDL service.

Test: built and ran on device.
Bug: 31442830
Change-Id: Idd7870b4dd70eed8cd4dc55e292be39ff703edd2

private/android_hardware_vr.te

@@ -0,0 +1,2 @@
+# may be started by init
+init_daemon_domain(android_hardware_vr)

private/file_contexts

@@ -223,6 +223,7 @@
 /system/lib(64)?/libart.*        u:object_r:libart_file:s0
 /system/bin/hw/android.hardware.nfc@1.0-service   u:object_r:android_hardware_nfc_1_0_service_exec:s0
 /system/bin/hw/android.hardware.vibrator@1.0-service   u:object_r:android_hardware_vibrator_service_exec:s0
+/system/bin/hw/android.hardware.vr@1.0-service   u:object_r:android_hardware_vr_exec:s0
 
 #############################
 # Vendor files

public/android_hardware_vr.te

@@ -0,0 +1,9 @@
+# vr subsystem
+type android_hardware_vr, domain;
+type android_hardware_vr_exec, exec_type, file_type;
+
+# hwbinder access
+hwbinder_use(android_hardware_vr)
+
+# call into system_server process
+binder_call(android_hardware_vr, system_server)

public/system_server.te

@@ -148,6 +148,7 @@ allow system_server surfaceflinger:unix_stream_socket { read write setopt };
 # Perform Binder IPC.
 binder_use(system_server)
 binder_call(system_server, android_hardware_vibrator_service)
+binder_call(system_server, android_hardware_vr)
 binder_call(system_server, binderservicedomain)
 binder_call(system_server, gatekeeperd)
 binder_call(system_server, fingerprintd)