Touch up microdroid sepolicy after removing keystore

Avoid divergence in the files that will eventually shared with the main
Android sepolicy and fix a style mistake.

Bug: 215747811
Test: atest MicrodroidTests
Change-Id: I40b0bebb432d73ab6ab847c117e72d8bc18fe873

microdroid/reqd_mask/access_vectors

@@ -684,6 +684,68 @@ class service_manager
 	list
 }
 
+class hwservice_manager
+{
+	add
+	find
+	list
+}
+
+class keystore_key
+{
+	get_state
+	get
+	insert
+	delete
+	exist
+	list
+	reset
+	password
+	lock
+	unlock
+	is_empty
+	sign
+	verify
+	grant
+	duplicate
+	clear_uid
+	add_auth
+	user_changed
+	gen_unique_id
+}
+
+class keystore2
+{
+	add_auth
+	change_password
+	change_user
+	clear_ns
+	clear_uid
+	early_boot_ended
+	get_auth_token
+	get_state
+	list
+	lock
+	report_off_body
+	reset
+	unlock
+}
+
+class keystore2_key
+{
+	convert_storage_key_to_ephemeral
+	delete
+	gen_unique_id
+	get_info
+	grant
+	manage_blob
+	rebind
+	req_forced_op
+	update
+	use
+	use_dev_id
+}
+
 class drmservice {
 	consumeRights
 	setPlaybackStatus

microdroid/reqd_mask/security_classes

@@ -151,5 +151,17 @@ class property_service          # userspace
 # Service manager
 class service_manager           # userspace
 
+# hardware service manager      # userspace
+class hwservice_manager
+
+# Legacy Keystore key permissions
+class keystore_key              # userspace
+
+# Keystore 2.0 permissions
+class keystore2                 # userspace
+
+# Keystore 2.0 key permissions
+class keystore2_key             # userspace
+
 class drmservice                # userspace
 # FLASK

microdroid/system/private/access_vectors

@@ -684,6 +684,68 @@ class service_manager
 	list
 }
 
+class hwservice_manager
+{
+	add
+	find
+	list
+}
+
+class keystore_key
+{
+	get_state
+	get
+	insert
+	delete
+	exist
+	list
+	reset
+	password
+	lock
+	unlock
+	is_empty
+	sign
+	verify
+	grant
+	duplicate
+	clear_uid
+	add_auth
+	user_changed
+	gen_unique_id
+}
+
+class keystore2
+{
+	add_auth
+	change_password
+	change_user
+	clear_ns
+	clear_uid
+	early_boot_ended
+	get_auth_token
+	get_state
+	list
+	lock
+	report_off_body
+	reset
+	unlock
+}
+
+class keystore2_key
+{
+	convert_storage_key_to_ephemeral
+	delete
+	gen_unique_id
+	get_info
+	grant
+	manage_blob
+	rebind
+	req_forced_op
+	update
+	use
+	use_dev_id
+}
+
 class diced
 {
 	demote

microdroid/system/private/domain.te

@@ -47,7 +47,7 @@ allow domain null_device:chr_file rw_file_perms;
 allow domain zero_device:chr_file rw_file_perms;
 
 # /dev/binder can be accessed by ... everyone! :)
-allow { domain } binder_device:chr_file rw_file_perms;
+allow domain binder_device:chr_file rw_file_perms;
 
 # Restrict binder ioctls to an allowlist. Additional ioctl commands may be
 # added to individual domains, but this sets safe defaults for all processes.

microdroid/system/private/security_classes

@@ -151,6 +151,18 @@ class property_service          # userspace
 # Service manager
 class service_manager           # userspace
 
+# hardware service manager      # userspace
+class hwservice_manager
+
+# Legacy Keystore key permissions
+class keystore_key              # userspace
+
+# Keystore 2.0 permissions
+class keystore2                 # userspace
+
+# Keystore 2.0 key permissions
+class keystore2_key             # userspace
+
 # Diced permissions
 class diced                     # userspace