non_plat: Label and grant required permissions to keinstall hidl/service

Signed-off-by: Aayush Gupta <aayushgupta219@gmail.com>
Change-Id: I482e9dd6b42ad62553d1451269eb7ef6c3c3fc3b

non_plat/file_contexts

@@ -708,6 +708,7 @@
 
 # Keymaster
 /dev/ut_keymaster u:object_r:ut_keymaster_device:s0
+/(system\/vendor|vendor)/bin/hw/vendor\.mediatek\.hardware\.keyinstall@1\.0-service u:object_r:mtk_hal_keyinstall_exec:s0
 
 # Ipsec
 /(system\/vendor|vendor)/bin/ipsec		u:object_r:ipsec_exec:s0

non_plat/hwservice.te

@@ -64,3 +64,6 @@ type mtk_hal_bgs_hwservice, hwservice_manager_type;
 
 # vtservice
 type mtk_hal_videotelephony_hwservice, hwservice_manager_type;
+
+# Keyinstall
+type mtk_hal_keyinstall_hwservice, hwservice_manager_type;

non_plat/hwservice_contexts

@@ -78,3 +78,6 @@ vendor.mediatek.hardware.camera.atms::IATMs u:object_r:hal_camera_hwservice:s0
 
 # vtservice
 vendor.mediatek.hardware.videotelephony::IVideoTelephony u:object_r:mtk_hal_videotelephony_hwservice:s0
+
+# Keyinstall
+vendor.mediatek.hardware.keyinstall::IKeyinstall u:object_r:mtk_hal_keyinstall_hwservice:s0

non_plat/mtk_hal_keyinstall.te

@@ -0,0 +1,17 @@
+type mtk_hal_keyinstall_exec, exec_type, file_type, vendor_file_type;
+type mtk_hal_keyinstall, domain;
+
+hal_server_domain(mtk_hal_keyinstall, hal_keymaster)
+init_daemon_domain(mtk_hal_keyinstall)
+
+add_hwservice(hal_keymaster_server, mtk_hal_keyinstall_hwservice)
+
+allow hal_keymaster_client mtk_hal_keyinstall_hwservice:hwservice_manager find;
+
+allow mtk_hal_keyinstall persist_data_file:dir { search write add_name };
+allow mtk_hal_keyinstall persist_data_file:file { read write create open setattr getattr };
+
+allow mtk_hal_keyinstall key_install_data_file:dir { write add_name remove_name search };
+allow mtk_hal_keyinstall key_install_data_file:file { write create setattr read getattr unlink open append };
+
+allow mtk_hal_keyinstall debugfs_tracing:file { write };