Add vehicle_binding_util SELinux context

Adds required context for 'vehicle_binding_util' to 'vold' interactions.
The vehicle_binding_util actually fork/execvp vdc.
And vdc will call vold to set the binding seed value.

Cherry-picks aosp/1723726

Test: manual 'make'
Bug: 157501579
Change-Id: I5194c9cd0f5a910b1309b547aabf66bb9c397738
Merged-In: I5194c9cd0f5a910b1309b547aabf66bb9c397738

private/file_contexts

@@ -371,6 +371,7 @@
 /system/bin/android\.frameworks\.automotive\.display@1\.0-service u:object_r:automotive_display_service_exec:s0
 /system/bin/snapuserd            u:object_r:snapuserd_exec:s0
 /system/bin/odsign               u:object_r:odsign_exec:s0
+/system/bin/vehicle_binding_util     u:object_r:vehicle_binding_util_exec:s0
 
 #############################
 # Vendor files

private/vdc.te

@@ -1,3 +1,6 @@
 typeattribute vdc coredomain;
 
 init_daemon_domain(vdc)
+
+# Allow stdin/out back to vehicle_binding_util
+allow vdc vehicle_binding_util:fd use;

private/vehicle_binding_util.te

@@ -0,0 +1,20 @@
+# vehicle binding util startup application
+type vehicle_binding_util, domain, coredomain;
+
+# allow init to start vehicle_binding_util
+type vehicle_binding_util_exec, exec_type, file_type, system_file_type;
+init_daemon_domain(vehicle_binding_util)
+
+# allow writing to kmsg during boot
+allow vehicle_binding_util kmsg_device:chr_file { getattr w_file_perms };
+
+# allow reading the binding property from vhal
+hwbinder_use(vehicle_binding_util)
+hal_client_domain(vehicle_binding_util, hal_vehicle)
+
+# allow executing vdc
+domain_auto_trans(vehicle_binding_util, vdc_exec, vdc)
+
+# devpts is needed to redirect output from vdc
+allow vehicle_binding_util devpts:chr_file rw_file_perms;
+