Add sepolicy for consumerir HIDL HAL

Test: logging confirms service runs on boot
Change-Id: If86fa7daf4a626b3e04fa0d2677d4cb590eb71ce
Signed-off-by: Connor O'Brien <connoro@google.com>

private/file_contexts

@@ -230,6 +230,7 @@
 /system/lib(64)?/libart.*        u:object_r:libart_file:s0
 /system/bin/hw/android\.hardware\.audio@2\.0-service          u:object_r:hal_audio_exec:s0
 /system/bin/hw/android\.hardware\.boot@1\.0-service           u:object_r:hal_boot_exec:s0
+/system/bin/hw/android\.hardware\.ir@1\.0-service           u:object_r:hal_ir_default_exec:s0
 /system/bin/hw/android\.hardware\.graphics\.allocator@2\.0-service   u:object_r:hal_graphics_allocator_exec:s0
 /system/bin/hw/android\.hardware\.graphics\.composer@2\.1-service    u:object_r:hal_graphics_composer_exec:s0
 /system/bin/hw/android\.hardware\.light@2\.0-service          u:object_r:hal_light_default_exec:s0

private/hal_ir_default.te

@@ -0,0 +1,5 @@
+type hal_ir_default, hal_ir, domain;
+type hal_ir_default_exec, exec_type, file_type;
+
+# may be started by init
+init_daemon_domain(hal_ir_default)

public/attributes

@@ -116,3 +116,4 @@ attribute update_engine_common;
 
 # HALs
 attribute hal_light;
+attribute hal_ir;

public/hal_ir.te

@@ -0,0 +1,5 @@
+# hwbinder access
+hwbinder_use(hal_ir)
+
+# call into system_server process (callbacks)
+binder_call(hal_ir, system_server)

public/system_server.te

@@ -159,6 +159,7 @@ binder_service(system_server)
 # Perform HwBinder IPC.
 hwbinder_use(system_server)
 binder_call(system_server, hal_boot)
+binder_call(system_server, hal_ir)
 binder_call(system_server, hal_light)
 binder_call(system_server, hal_memtrack)
 binder_call(system_server, hal_power)