Add policy for USF low latency transport gralloc usage. am: 1082e886c0

Original change: https://googleplex-android-review.googlesource.com/c/device/google/gs101-sepolicy/+/14144079

Change-Id: I32cc4ea5c2f396ddb1b3b288d5531116bf185baf

usf/sensor_hal.te

@@ -41,6 +41,9 @@ allow hal_sensors_default fwk_stats_hwservice:hwservice_manager find;
 # Allow access to the sysfs_aoc.
 allow hal_sensors_default sysfs_aoc:dir search;
 
+# Allow use of the USF low latency transport.
+usf_low_latency_transport(hal_sensors_default)
+
 #
 # Suez type enforcements.
 #

usf/te_macros

@@ -0,0 +1,14 @@
+#
+# USF SELinux type enforcement macros.
+#
+
+#
+# usf_low_latency_transport(domain)
+#
+# Allows domain use of the USF low latency transport.
+#
+define(`usf_low_latency_transport', `
+  allow $1 hal_graphics_mapper_hwservice:hwservice_manager find;
+  hal_client_domain($1, hal_graphics_allocator)
+')
+

whitechapel/vendor/google/chre.te

@@ -11,3 +11,7 @@ allow chre sysfs_aoc_boottime:file r_file_perms;
 
 # Allow CHRE to create thread to watch AOC's device
 allow chre device:dir r_dir_perms;
+
+# Allow CHRE to use the USF low latency transport
+usf_low_latency_transport(chre)
+

whitechapel/vendor/google/rlsservice.te

@@ -22,3 +22,7 @@ binder_call(rlsservice, hal_camera_default)
 # Allow access to always-on compute device node
 allow rlsservice device:dir { read watch };
 allow rlsservice aoc_device:chr_file rw_file_perms;
+
+# Allow use of the USF low latency transport
+usf_low_latency_transport(rlsservice)
+