usbd sepolicy

Sepolicy for the usb daemon. (ag/3373886/)

Bug: 63669128
Test: Checked for avc denial messages.
Change-Id: I6e2a4ccf597750c47e1ea90c4d43581de4afa4af

private/compat/26.0/26.0.ignore.cil

@@ -88,6 +88,9 @@
     traced_tmpfs
     update_engine_log_data_file
     vendor_default_prop
+    usbd
+    usbd_exec
+    usbd_tmpfs
     vendor_init
     vendor_shell
     vold_prepare_subdirs

private/file_contexts

@@ -240,6 +240,7 @@
 /system/bin/healthd     u:object_r:healthd_exec:s0
 /system/bin/clatd	u:object_r:clatd_exec:s0
 /system/bin/lmkd        u:object_r:lmkd_exec:s0
+/system/bin/usbd   u:object_r:usbd_exec:s0
 /system/bin/inputflinger u:object_r:inputflinger_exec:s0
 /system/bin/logd        u:object_r:logd_exec:s0
 /system/bin/traced        u:object_r:traced_exec:s0

private/usbd.te

@@ -0,0 +1,12 @@
+typeattribute usbd coredomain;
+
+init_daemon_domain(usbd)
+
+# Access usb gadget hal
+hal_client_domain(usbd, hal_usb_gadget)
+
+# Access persist.sys.usb.config
+get_prop(usbd, system_prop)
+
+# start adbd during boot if adb is enabled
+set_prop(usbd, ctl_default_prop)

public/usbd.te

@@ -0,0 +1,3 @@
+type usbd, domain;
+type usbd_exec, exec_type, file_type;
+