Allow system server to access composd.

Also allow composd to kill odrefresh (it execs it); this is necessary
for cancel() to work.

Bug: 199147668
Test: manual
Change-Id: I233cac50240130da2f4e99f452697c1162c10c40

private/composd.te

@@ -6,6 +6,9 @@ init_daemon_domain(composd)
 binder_use(composd)
 add_service(composd, compos_service)
 
+# Call back into system server
+binder_call(composd, system_server)
+
 # Start a VM
 virtualizationservice_use(composd)
 
@@ -14,5 +17,7 @@ allow composd apex_module_data_file:dir search;
 allow composd apex_compos_data_file:dir create_dir_perms;
 allow composd apex_compos_data_file:file create_file_perms;
 
-# Run odrefresh to refresh ART artifacts
+# TODO(b/205750213): Removed these when we run odrefresh in the VM
+# Run odrefresh to refresh ART artifacts, and kill it if we need to
 domain_auto_trans(composd, odrefresh_exec, odrefresh)
+allow composd odrefresh:process sigkill;

private/system_server.te

@@ -262,6 +262,7 @@ allow system_server app_zygote:unix_stream_socket { read write connectto setopt
 binder_use(system_server)
 binder_call(system_server, appdomain)
 binder_call(system_server, binderservicedomain)
+binder_call(system_server, composd)
 binder_call(system_server, dumpstate)
 binder_call(system_server, fingerprintd)
 binder_call(system_server, gatekeeperd)
@@ -849,6 +850,7 @@ allow system_server audioserver_service:service_manager find;
 allow system_server authorization_service:service_manager find;
 allow system_server batteryproperties_service:service_manager find;
 allow system_server cameraserver_service:service_manager find;
+allow system_server compos_service:service_manager find;
 allow system_server dataloader_manager_service:service_manager find;
 allow system_server dnsresolver_service:service_manager find;
 allow system_server drmserver_service:service_manager find;