oemlock: add oemlock hal [1/4]

PD#GH-409
BUG: 156227655

Problem:
Currently, we use 'fastboot flashing unlock' command to
unlock the device. But it's not a standard method.
We need follow below doc to implement it.
https://source.android.com/devices/bootloader/unlock-trusty

Solution:
add oemlock sepolicy

Verify:
sabrina

Change-Id: If6b031bc4df19908d8fd08562d2e055777e8a981
Signed-off-by: Xindong Xu <xindong.xu@amlogic.com>

2 files changed, 10 insertions, 0 deletions

diff --git a/sepolicy/file_contexts b/sepolicy/file_contexts
index 7eeb141..79b29d0 100755..100644
--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts
@@ -309,6 +309,8 @@
 /vendor/bin/hw/android\.hardware\.graphics\.composer@2\.3-service\.droidlogic u:object_r:hal_graphics_composer_default_exec:s0
 /vendor/bin/hw/android\.hardware\.thermal@2\.0-service.droidlogic        u:object_r:hal_thermal_default_exec:s0
 /vendor/bin/hw/android\.hardware\.audio@2\.0-service-droidlogic          u:object_r:hal_audio_default_exec:s0
+/vendor/bin/hw/android\.hardware\.oemlock@1\.0-service\.droidlogic       u:object_r:hal_oemlock_default_exec:s0
+
 
 /data/vendor/mediadrm(/.*)?         u:object_r:hal_drm_data:s0
 
diff --git a/sepolicy/hal_oemlock_default.te b/sepolicy/hal_oemlock_default.te
new file mode 100644
index 0000000..dbc0dd1
--- a/dev/null
+++ b/sepolicy/hal_oemlock_default.te
@@ -0,0 +1,8 @@
+type hal_oemlock_default, domain;
+type hal_oemlock_default_exec, exec_type, vendor_file_type, file_type;
+
+allow hal_oemlock_default system_control:binder { call transfer };
+allow hal_oemlock_default systemcontrol_hwservice:hwservice_manager { find };
+
+hal_server_domain(hal_oemlock_default, hal_oemlock)
+init_daemon_domain(hal_oemlock_default)