sepolicy: bsp: non_plat: Label MTK keyinstall interface

* This was dropped in the S sepolicy, but we still need
  it since we're on R blobs.

Signed-off-by: bengris32 <bengris32@protonmail.ch>
Change-Id: Ie0c2ea88b1a8aed96183cce856bbdb0b73c50f65

bsp/non_plat/hwservice.te

@@ -6,6 +6,7 @@ type mtk_hal_netdagent_hwservice, hwservice_manager_type;
 type volte_rcs_ua_hwservice, hwservice_manager_type;
 type mtk_hal_dfps_hwservice, hwservice_manager_type;
 type mtk_hal_dplanner_hwservice, hwservice_manager_type;
+type mtk_hal_keyinstall_hwservice, hwservice_manager_type;
 type mtk_hal_pplagent_hwservice, hwservice_manager_type;
 # omadm hidl
 type mtk_hal_omadm_hwservice, hwservice_manager_type;

bsp/non_plat/hwservice_contexts

@@ -36,6 +36,9 @@ vendor.mediatek.hardware.dplanner::IDPlanner u:object_r:mtk_hal_dplanner_hwservi
 # tablet DRM Key Manage HIDL
 vendor.mediatek.hardware.keymanage::IKeymanage u:object_r:mtk_hal_keymanage_hwservice:s0
 
+# DRM Key Installation HIDL
+vendor.mediatek.hardware.keyinstall::IKeyinstall u:object_r:mtk_hal_keyinstall_hwservice:s0
+
 # Date: 2018/05/07
 vendor.mediatek.hardware.pplagent::IPplAgent u:object_r:mtk_hal_pplagent_hwservice:s0
 

bsp/non_plat/mtk_hal_keyinstall.te

@@ -7,6 +7,12 @@ type mtk_hal_keyinstall_exec, exec_type, file_type, vendor_file_type;
 # Setup for domain transition
 init_daemon_domain(mtk_hal_keyinstall)
 
+# Associate mtk_hal_keyinstall_hwservice with all server domain
+add_hwservice(hal_keymaster_server, mtk_hal_keyinstall_hwservice)
+
+# Give permission for hal_keymaster_client to find mtk_hal_keyinstall_hwservice via hwservice_manager
+allow hal_keymaster_client mtk_hal_keyinstall_hwservice:hwservice_manager find;
+
 # Allow mtk_hal_keyinstall to communicate with mobicore
 allow mtk_hal_keyinstall mobicore:unix_stream_socket connectto;
 allow mtk_hal_keyinstall mobicore_data_file:dir search;