Add sepolicy for logd and logcat services

The logd binder service is on logd side.
The logcat binder service is on system_server side.
These two binder services facilitate the binder RPC
between logd and system_server.

Bug: 197901557
Test: manual
Change-Id: I5f08bbb44a88dc72302331ab11c7d54f94db16ac
diff --git a/private/logd.te b/private/logd.te
index 7112c4f..62d4196 100644
--- a/private/logd.te
+++ b/private/logd.te
@@ -10,6 +10,8 @@
 neverallow logd {
   file_type
   -runtime_event_log_tags_file
+  # shell_data_file access is needed to dump bugreports
+  -shell_data_file
   userdebug_or_eng(`-coredump_file -misc_logd_file')
   with_native_coverage(`-method_trace_data_file')
 }:file { create write append };
@@ -39,3 +41,11 @@
   userdebug_or_eng(`-su')
   -system_app
 } runtime_event_log_tags_file:file no_rw_file_perms;
+
+# Only binder communication between logd and system_server is allowed
+binder_use(logd)
+binder_service(logd)
+binder_call(logd, system_server)
+
+add_service(logd, logd_service)
+allow logd logcat_service:service_manager find;
diff --git a/private/service.te b/private/service.te
index 10461ec..7e33715 100644
--- a/private/service.te
+++ b/private/service.te
@@ -1,8 +1,11 @@
 type attention_service,             system_server_service, service_manager_type;
+type compos_internal_service,       service_manager_type;
 type compos_service,                service_manager_type;
 type dynamic_system_service,        system_api_service, system_server_service, service_manager_type;
 type gsi_service,                   service_manager_type;
 type incidentcompanion_service,     app_api_service, system_api_service, system_server_service, service_manager_type;
+type logcat_service,                system_server_service, service_manager_type;
+type logd_service,                  service_manager_type;
 type mediatuner_service,            app_api_service, service_manager_type;
 type profcollectd_service,          service_manager_type;
 type resolver_service,              system_server_service, service_manager_type;
@@ -13,4 +16,3 @@
 type statsmanager_service,          system_api_service, system_server_service, service_manager_type;
 type tracingproxy_service,          system_server_service, service_manager_type;
 type uce_service,                   service_manager_type;
-type compos_internal_service,       service_manager_type;
diff --git a/private/service_contexts b/private/service_contexts
index bee400f..2e79abb 100644
--- a/private/service_contexts
+++ b/private/service_contexts
@@ -198,6 +198,8 @@
 location                                  u:object_r:location_service:s0
 location_time_zone_manager                u:object_r:location_time_zone_manager_service:s0
 lock_settings                             u:object_r:lock_settings_service:s0
+logcat                                    u:object_r:logcat_service:s0
+logd                                      u:object_r:logd_service:s0
 looper_stats                              u:object_r:looper_stats_service:s0
 lpdump_service                            u:object_r:lpdump_service:s0
 media.aaudio                              u:object_r:audioserver_service:s0
diff --git a/private/system_server.te b/private/system_server.te
index 68792e8..d2b4091 100644
--- a/private/system_server.te
+++ b/private/system_server.te
@@ -277,6 +277,7 @@
 binder_call(system_server, storaged)
 binder_call(system_server, update_engine)
 binder_call(system_server, vold)
+binder_call(system_server, logd)
 binder_call(system_server, wificond)
 binder_call(system_server, wpantund)
 binder_service(system_server)
@@ -881,6 +882,7 @@
 allow system_server update_engine_service:service_manager find;
 allow system_server vold_service:service_manager find;
 allow system_server wifinl80211_service:service_manager find;
+allow system_server logd_service:service_manager find;
 userdebug_or_eng(`
   allow system_server profcollectd_service:service_manager find;
 ')