Dice HAL: Add policy for dice HAL.

And allow diced to talk to the dice HAL.

Bug: 198197213
Test: N/A
Change-Id: I74797b13656b38b50d7cd28a4c4c6ec4c8d1d1aa

private/compat/31.0/31.0.ignore.cil

@@ -16,6 +16,7 @@
     extra_free_kbytes
     extra_free_kbytes_exec
     hal_contexthub_service
+    hal_dice_service
     hal_graphics_composer_service
     hal_health_service
     hal_radio_config_service

private/diced.te

@@ -3,5 +3,4 @@ typeattribute diced coredomain;
 init_daemon_domain(diced)
 
 # Talk to dice HAL.
-# TODO uncomment when implemented.
-# hal_client_domain(diced, hal_dice)
+hal_client_domain(diced, hal_dice)

private/service_contexts

@@ -34,6 +34,7 @@ android.hardware.radio.voice.IRadioVoice/slot1                       u:object_r:
 android.hardware.radio.voice.IRadioVoice/slot2                       u:object_r:hal_radio_voice_service:s0
 android.hardware.radio.voice.IRadioVoice/slot3                       u:object_r:hal_radio_voice_service:s0
 android.hardware.rebootescrow.IRebootEscrow/default                  u:object_r:hal_rebootescrow_service:s0
+android.hardware.security.dice.IDiceDevice/default                   u:object_r:hal_dice_service:s0
 android.hardware.security.keymint.IKeyMintDevice/default             u:object_r:hal_keymint_service:s0
 android.hardware.security.keymint.IRemotelyProvisionedComponent/default u:object_r:hal_remotelyprovisionedcomponent_service:s0
 android.hardware.security.secureclock.ISecureClock/default             u:object_r:hal_secureclock_service:s0

public/attributes

@@ -333,6 +333,7 @@ hal_attribute(codec2);
 hal_attribute(configstore);
 hal_attribute(confirmationui);
 hal_attribute(contexthub);
+hal_attribute(dice);
 hal_attribute(drm);
 hal_attribute(dumpstate);
 hal_attribute(evs);

public/hal_dice.te

@@ -0,0 +1,4 @@
+binder_call(hal_dice_client, hal_dice_server)
+
+hal_attribute_service(hal_dice, hal_dice_service)
+binder_call(hal_dice_server, servicemanager)

public/service.te

@@ -261,6 +261,7 @@ type hal_audio_service, vendor_service, protected_service, service_manager_type;
 type hal_audiocontrol_service, vendor_service, service_manager_type;
 type hal_authsecret_service, vendor_service, protected_service, service_manager_type;
 type hal_contexthub_service, vendor_service, protected_service, service_manager_type;
+type hal_dice_service, vendor_service, protected_service, service_manager_type;
 type hal_face_service, vendor_service, protected_service, service_manager_type;
 type hal_fingerprint_service, vendor_service, protected_service, service_manager_type;
 type hal_gnss_service, vendor_service, protected_service, service_manager_type;

vendor/file_contexts

@@ -75,6 +75,7 @@
 /(vendor|system/vendor)/bin/hw/android\.hardware\.sensors@[0-9]\.[0-9]-service(\.multihal)?  u:object_r:hal_sensors_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.sensors-service\.example  u:object_r:hal_sensors_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.secure_element@1\.0-service u:object_r:hal_secure_element_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.security\.dice-service\.non-secure-software   u:object_r:hal_dice_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.security\.keymint-service   u:object_r:hal_keymint_default_exec:s0
 /(vendor|system/vendor)/bin/hw/rild                                           u:object_r:rild_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.thermal@1\.[01]-service        u:object_r:hal_thermal_default_exec:s0

vendor/hal_dice_default.te

@@ -0,0 +1,5 @@
+type hal_dice_default, domain;
+hal_server_domain(hal_dice_default, hal_dice)
+
+type hal_dice_default_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(hal_dice_default)