gs-sepolicy(uwb): Changes for new UCI stack

1. Rename uwb vendor app.
2. Rename uwb vendor HAL binary name & service name.
3. Allow vendor HAL to host the AOSP UWB HAL service.
4. Allow NFC HAL to access uwb calibration files.

Bug: 186585880
Test: Manual Tests
Change-Id: I2c7c2466f42317d643634e24b1efb1855e673d09

whitechapel/vendor/google/file_contexts

@@ -347,7 +347,7 @@
 
 # Uwb
 # R4
-/vendor/bin/hw/hardware\.qorvo\.uwb-service                          u:object_r:hal_uwb_vendor_default_exec:s0
+/vendor/bin/hw/android\.hardware\.qorvo\.uwb\.service                u:object_r:hal_uwb_vendor_default_exec:s0
 /vendor/bin/init\.uwb\.calib\.sh                                     u:object_r:vendor_uwb_init_exec:s0
 /mnt/vendor/persist/uwb(/.*)?                                        u:object_r:persist_uwb_file:s0
 /data/vendor/uwb(/.*)?                                               u:object_r:uwb_data_vendor:s0

whitechapel/vendor/google/hal_nfc_default.te

@@ -10,3 +10,6 @@ set_prop(hal_nfc_default, vendor_modem_prop)
 # Access uwb cal for SecureRanging Applet
 allow hal_nfc_default uwb_data_vendor:dir r_dir_perms;
 allow hal_nfc_default uwb_data_vendor:file r_file_perms;
+
+# allow nfc to read uwb calibration file
+get_prop(hal_nfc_default, vendor_uwb_calibration_prop)

whitechapel/vendor/google/hal_uwb_vendor_default.te

@@ -2,6 +2,7 @@ type hal_uwb_vendor_default, domain;
 type hal_uwb_vendor_default_exec, vendor_file_type, exec_type, file_type;
 init_daemon_domain(hal_uwb_vendor_default)
 
+hal_server_domain(hal_uwb_vendor_default, hal_uwb)
 add_service(hal_uwb_vendor_default, hal_uwb_vendor_service)
 
 hal_server_domain(hal_uwb_vendor_default, hal_uwb_vendor)
@@ -9,3 +10,5 @@ binder_call(hal_uwb_vendor_default, uwb_vendor_app)
 
 allow hal_uwb_vendor_default uwb_data_vendor:dir create_dir_perms;
 allow hal_uwb_vendor_default uwb_data_vendor:file create_file_perms;
+
+get_prop(hal_uwb_vendor_default, vendor_uwb_calibration_prop)

whitechapel/vendor/google/property.te

@@ -53,3 +53,5 @@ vendor_internal_prop(vendor_fingerprint_fake_prop)
 # Dynamic sensor
 vendor_internal_prop(vendor_dynamic_sensor_prop)
 
+# UWB calibration
+system_vendor_config_prop(vendor_uwb_calibration_prop)

whitechapel/vendor/google/property_contexts

@@ -110,3 +110,5 @@ vendor.fingerprint.disable.fake                 u:object_r:vendor_fingerprint_fa
 # Dynamic sensor
 vendor.dynamic_sensor.                          u:object_r:vendor_dynamic_sensor_prop:s0
 
+# uwb
+ro.vendor.uwb.calibration.                      u:object_r:vendor_uwb_calibration_prop:s0 exact string

whitechapel/vendor/google/seapp_contexts

@@ -48,7 +48,8 @@ user=_app seinfo=platform name=com.google.googlecbrs domain=cbrs_setup_app type=
 user=_app isPrivApp=true  seinfo=platform name=com.thales.device.ofl.app.basicagent domain=ofl_app type=app_data_file levelFrom=user
 
 # Qorvo UWB system app
-user=uwb isPrivApp=true seinfo=uwb name=com.qorvo.uwb domain=uwb_vendor_app type=uwb_vendor_data_file levelFrom=all
+# TODO(b/222204912): Should this run under uwb user?
+user=_app isPrivApp=true seinfo=uwb name=com.qorvo.uwb.vendorservice domain=uwb_vendor_app type=uwb_vendor_data_file levelFrom=all
 
 # Domain for EuiccSupportPixel
 user=_app isPrivApp=true seinfo=EuiccSupportPixel name=com.google.euiccpixel domain=euiccpixel_app type=app_data_file levelFrom=all

whitechapel/vendor/google/service_contexts

@@ -1,4 +1,4 @@
 com.google.hardware.pixel.display.IDisplay/default         u:object_r:hal_pixel_display_service:s0
 uwb_vendor                                                 u:object_r:uwb_vendor_service:s0
-hardware.qorvo.uwb.IUwb/default                            u:object_r:hal_uwb_vendor_service:s0
+hardware.qorvo.uwb.IUwbVendor/default                      u:object_r:hal_uwb_vendor_service:s0
 android.hardware.drm.IDrmFactory/widevine                  u:object_r:hal_drm_service:s0