Keystore 2.0: Add early_boot_ended permission

Add early_boot_ended permission to the keystore2 access vector. This
permission must be checked before allowing calls to earlyBootEnded() on
Keymint devices.

Bug: 181821046
Bug: 181910578
Change-Id: I8860a4424a249455ab540b6c2896e7d836ceb8a3

private/access_vectors

@@ -721,6 +721,7 @@ class keystore2
 	change_user
 	clear_ns
 	clear_uid
+	early_boot_ended
 	get_auth_token
 	get_state
 	list

private/vold.te

@@ -45,6 +45,12 @@ allow vold vold_key:keystore2_key {
     use
 };
 
+# vold needs to find keystore2 services
+allow vold keystore_maintenance_service:service_manager find;
+
+# vold needs to be able to call earlyBootEnded()
+allow vold keystore:keystore2 early_boot_ended;
+
 neverallow {
     domain
     -system_server