Allow vmlauncher_app to create ptys to communicate with shell

* Allow vmlauncher_app to create pty/pts
* Allow vmlauncher_app to change permission of created pts
* Allow shell to read/write vmlauncher_app pts

adb shell can open and communicate with vmlauncher_app via the pts
device. VM console would be available on the pts.

Bug: 335362012
Test: adb shell -t microcom /dev/pts/0
Test: No new avc denials in logcat
Change-Id: If630235b486bf5ffffb45aeac3e29438029edb04

private/shell.te

@@ -430,6 +430,12 @@ allow shell sysfs_batteryinfo:file r_file_perms;
 # Allow reads (but not writes) of the MGLRU state
 allow shell sysfs_lru_gen_enabled:file r_file_perms;
 
+# Allow communicating with the VM terminal.
+userdebug_or_eng(`
+  allow shell vmlauncher_app_devpts:chr_file rw_file_perms;
+  allowxperm shell vmlauncher_app_devpts:chr_file ioctl unpriv_tty_ioctls;
+')
+
 # Allow access to ion memory allocation device.
 allow shell ion_device:chr_file rw_file_perms;
 

private/vmlauncher_app.te

@@ -16,3 +16,10 @@ is_flag_enabled(RELEASE_AVF_SUPPORT_CUSTOM_VM_WITH_PARAVIRTUALIZED_DEVICES, `
   allow vmlauncher_app virtualizationservice:binder call;
   allow vmlauncher_app crosvm:binder { call transfer };
 ')
+
+userdebug_or_eng(`
+  # Create pty/pts and connect it to the guest terminal.
+  create_pty(vmlauncher_app)
+  # Allow other processes to access the pts.
+  allow vmlauncher_app vmlauncher_app_devpts:chr_file setattr;
+')