Update automotive display service rules

This change updates sepolicies for automotive display service to make it
available to the vendor processes.

Bug: 149017572
Test: m -j selinux_policy
Change-Id: I48708fe25e260f9302e02749c3777c0ca0d84e4b
Signed-off-by: Changyeon Jo <changyeon@google.com>

private/automotive_display_service.te

@@ -1,20 +1,33 @@
-# Display service for Automotive
+# Display proxy service for Automotive
-type automotive_display, domain, coredomain;
+type automotive_display_service, domain, coredomain;
-type automotive_display_exec, system_file_type, exec_type, file_type;
+type automotive_display_service_exec, system_file_type, exec_type, file_type;
 
-init_daemon_domain(automotive_display)
+typeattribute automotive_display_service automotive_display_service_server;
+
+# Allow to add a display service to the manager
+add_hwservice(automotive_display_service, fwk_automotive_display_hwservice);
+
+# Allow init to launch automotive display service
+init_daemon_domain(automotive_display_service)
 
 # Allow to use Binder IPC for SurfaceFlinger.
-binder_use(automotive_display)
+binder_use(automotive_display_service)
 
 # Allow to use HwBinder IPC for HAL implementations.
-hwbinder_use(automotive_display)
+hwbinder_use(automotive_display_service)
+hal_client_domain(automotive_display_service, hal_graphics_composer)
 
 # Allow to read the target property.
-get_prop(automotive_display, hwservicemanager_prop)
+get_prop(automotive_display_service, hwservicemanager_prop)
 
 # Allow to find SurfaceFlinger.
-allow automotive_display surfaceflinger_service:service_manager find;
+allow automotive_display_service surfaceflinger_service:service_manager find;
 
 # Allow client domain to do binder IPC to serverdomain.
-binder_call(automotive_display, surfaceflinger)
+binder_call(automotive_display_service, surfaceflinger)
+
+# Allow to use a graphics mapper
+allow automotive_display_service hal_graphics_mapper_hwservice:hwservice_manager find;
+
+# Allow to use hidl token service
+allow automotive_display_service hidl_token_hwservice:hwservice_manager find;

private/automotive_display_service_server.te

@@ -1 +0,0 @@
-add_hwservice(automotive_display, fwk_automotive_display_hwservice)

private/compat/29.0/29.0.ignore.cil

@@ -16,8 +16,8 @@
     app_integrity_service
     app_search_service
     auth_service
-    automotive_display
+    automotive_display_service
-    automotive_display_exec
+    automotive_display_service_exec
     ashmem_libcutils_device
     blob_store_service
     binder_cache_bluetooth_server_prop

private/file_contexts

@@ -346,7 +346,7 @@
 /system/bin/simpleperf_app_runner    u:object_r:simpleperf_app_runner_exec:s0
 /system/bin/notify_traceur\.sh       u:object_r:notify_traceur_exec:s0
 /system/bin/migrate_legacy_obb_data\.sh u:object_r:migrate_legacy_obb_data_exec:s0
-/system/bin/android\.frameworks\.automotive\.display@1\.0-service u:object_r:automotive_display_exec:s0
+/system/bin/android\.frameworks\.automotive\.display@1\.0-service u:object_r:automotive_display_service_exec:s0
 
 #############################
 # Vendor files

private/hwservice_contexts

@@ -1,10 +1,10 @@
+android.frameworks.automotive.display::IAutomotiveDisplayProxyService u:object_r:fwk_automotive_display_hwservice:s0
 android.frameworks.bufferhub::IBufferHub                        u:object_r:fwk_bufferhub_hwservice:s0
 android.frameworks.cameraservice.service::ICameraService        u:object_r:fwk_camera_hwservice:s0
 android.frameworks.displayservice::IDisplayService              u:object_r:fwk_display_hwservice:s0
 android.frameworks.schedulerservice::ISchedulingPolicyService   u:object_r:fwk_scheduler_hwservice:s0
 android.frameworks.sensorservice::ISensorManager                u:object_r:fwk_sensor_hwservice:s0
 android.frameworks.stats::IStats                                u:object_r:fwk_stats_hwservice:s0
-android.frameworks.automotive.display::ICarWindowService        u:object_r:fwk_automotive_display_hwservice:s0
 android.hardware.atrace::IAtraceDevice                          u:object_r:hal_atrace_hwservice:s0
 android.hardware.audio.effect::IEffectsFactory                  u:object_r:hal_audio_hwservice:s0
 android.hardware.audio::IDevicesFactory                         u:object_r:hal_audio_hwservice:s0

vendor/hal_evs_default.te

@@ -6,5 +6,10 @@ hal_server_domain(hal_evs_default, hal_evs)
 type hal_evs_default_exec, exec_type, vendor_file_type, file_type;
 init_daemon_domain(hal_evs_default)
 
-allow hal_evs_default hal_graphics_allocator_default:fd use;
+allow hal_evs_default hal_graphics_allocator_server:fd use;
 
+# allow to use surface flinger
+allow hal_evs_default automotive_display_service_server:fd use;
+
+# allow to use automotive display service
+allow hal_evs_default fwk_automotive_display_hwservice:hwservice_manager find;