Allow shell to call IRemotelyProvisionedComponent

This change gives the shell process the needed permissions to call the
rkp_factory_extraction_tool without also granting the ability to access
the KeyMint HAL service.

To run the tool from a shell accessible folder, push
rkp_factory_extraction_tool to /data/local/tmp with:

adb push out/target/product/<path/to/tool>/rkp_factory_extraction_tool \
/data/local/tmp

Test: the tool can be executed in SELinux enforcing mode
Change-Id: Idebebffa9bb405d527ab37c17030db3999efe3d1

private/shell.te

@@ -181,6 +181,9 @@ get_prop(shell, bootloader_boot_reason_prop)
 get_prop(shell, last_boot_reason_prop)
 get_prop(shell, system_boot_reason_prop)
 
+# Allow shell to execute the remote key provisioning factory tool
+binder_call(shell, hal_keymint)
+
 # Allow reading the outcome of perf_event_open LSM support test for CTS.
 get_prop(shell, init_perf_lsm_hooks_prop)
 

public/shell.te

@@ -81,6 +81,9 @@ allow shell {
   -apex_service
   -dnsresolver_service
   -gatekeeper_service
+  -hal_keymint_service
+  -hal_secureclock_service
+  -hal_sharedsecret_service
   -incident_service
   -installd_service
   -mdns_service
@@ -196,6 +199,14 @@ recovery_only(`
 ### Neverallow rules
 ###
 
+# Do not allow shell to talk directly to security HAL services other than
+# hal_remotelyprovisionedcomponent_service
+neverallow shell {
+  hal_keymint_service
+  hal_secureclock_service
+  hal_sharedsecret_service
+}:service_manager find;
+
 # Do not allow shell to hard link to any files.
 # In particular, if shell hard links to app data
 # files, installd will not be able to guarantee the deletion