selinux: New aocx service

Add new aocxd server domain
- Allow aocxd to access AOC resources
- Add new aocx binder vendor service

Allow audio hal to find and talk to aocx

avc error tcontext=u:object_r:binder_device:s0 tclass=chr_file or tcontext=u:object_r:vndbinder_device:s0 tclass=chr_file

avc:  denied  { add } for pid=1073 uid=0 name=aocx.IAocx scontext=u:r:aocxd:s0 tcontext=u:object_r:aocx:s0 tclass=service_manager

avc:  denied  { call } for  scontext=u:r:hal_audio_default:s0 tcontext=u:r:aocxd:s0 tclass=binder

BUG: 315853303
Change-Id: Ide16a2be9f032bef60f43d4d3daa6372ae06b057

aoc/sepolicy/aocxd.te

@@ -0,0 +1,25 @@
+# aocxd server domain
+type aocxd, domain;
+type aocxd_exec, vendor_file_type, exec_type, file_type;
+init_daemon_domain(aocxd)
+
+# sysfs operations
+allow aocxd sysfs_aoc:dir search;
+
+# dev operations
+allow aocxd aoc_device:chr_file rw_file_perms;
+
+# allow inotify to watch for additions/removals from /dev
+allow aocxd device:dir r_dir_perms;
+
+# set properties
+set_prop(aocxd, vendor_aoc_prop);
+
+# allow binder access
+vndbinder_use(aocxd);
+
+# allow managing wakelocks
+wakelock_use(aocxd);
+
+# add aocx service to the domain
+add_service(aocxd, aocx);

aoc/sepolicy/file_contexts

@@ -27,11 +27,13 @@
 /dev/acd-audio_ap_offload_rx        u:object_r:aoc_device:s0
 /dev/acd-audio_ap_offload_tx        u:object_r:aoc_device:s0
 /dev/acd-mel_processor              u:object_r:aoc_device:s0
+/dev/acd-aocx_control               u:object_r:aoc_device:s0
 
 # AoC vendor binaries
 /vendor/bin/aocd                    u:object_r:aocd_exec:s0
 /vendor/bin/aocdump                 u:object_r:aocdump_exec:s0
 /vendor/bin/dump/dump_aoc           u:object_r:dump_aoc_exec:s0
+/vendor/bin/aocxd                   u:object_r:aocxd_exec:s0
 
 # AoC audio files
 /vendor/etc/aoc(/.*)?               u:object_r:aoc_audio_file:s0

aoc/sepolicy/vndservice.te

@@ -0,0 +1 @@
+type aocx, vndservice_manager_type;

aoc/sepolicy/vndservice_contexts

@@ -0,0 +1 @@
+aocx.IAocx    u:object_r:aocx:s0