Introduce vmlauncher_app domain

Bug: 333485208
Test: check display
Change-Id: I64c09f09615e89cf24398c01b8f87b0136be0a7f
diff --git a/private/crosvm.te b/private/crosvm.te
index a96a22a..fced92f 100644
--- a/private/crosvm.te
+++ b/private/crosvm.te
@@ -93,7 +93,7 @@
 
   # To provide display service to an app to get surface.
   # TODO(b/332677707): remove them when display service uses binder RPC.
-  allow crosvm priv_app:binder { transfer call };
+  allow crosvm vmlauncher_app:binder { transfer call };
   allow crosvm servicemanager:binder { call transfer };
   allow crosvm virtualization_service:service_manager find;
   allow crosvm virtualizationservice:binder { call transfer };
diff --git a/private/priv_app.te b/private/priv_app.te
index 76682f1..9ba2c95 100644
--- a/private/priv_app.te
+++ b/private/priv_app.te
@@ -124,13 +124,6 @@
 allow priv_app preloads_media_file:file r_file_perms;
 allow priv_app preloads_media_file:dir r_dir_perms;
 
-is_flag_enabled(RELEASE_AVF_SUPPORT_CUSTOM_VM_WITH_PARAVIRTUALIZED_DEVICES, `
-  # TODO(b/332677707): remove them when display service uses binder RPC.
-  allow priv_app virtualization_service:service_manager find;
-  allow priv_app virtualizationservice:binder call;
-  allow priv_app crosvm:binder { call transfer };
-')
-
 read_runtime_log_tags(priv_app)
 
 # Allow priv_apps to request and collect incident reports.
diff --git a/private/seapp_contexts b/private/seapp_contexts
index 2219631..9b194b8 100644
--- a/private/seapp_contexts
+++ b/private/seapp_contexts
@@ -224,3 +224,4 @@
 user=_app domain=untrusted_app_25 type=app_data_file levelFrom=user
 user=_app minTargetSdkVersion=28 fromRunAs=true domain=runas_app levelFrom=all
 user=_app fromRunAs=true domain=runas_app levelFrom=user
+user=_app isPrivApp=true name=com.android.virtualization.vmlauncher domain=vmlauncher_app type=privapp_data_file levelFrom=all
diff --git a/private/virtualizationservice.te b/private/virtualizationservice.te
index 2d14f5d..f096e89 100644
--- a/private/virtualizationservice.te
+++ b/private/virtualizationservice.te
@@ -47,7 +47,7 @@
 is_flag_enabled(RELEASE_AVF_SUPPORT_CUSTOM_VM_WITH_PARAVIRTUALIZED_DEVICES, `
   # To provide display service to an app to get surface.
   # TODO(b/332677707): remove them when display service uses binder RPC.
-  allow virtualizationservice priv_app:binder transfer;
+  allow virtualizationservice vmlauncher_app:binder transfer;
 ')
 
 # Let virtualizationservice set the owner of a VM's temporary directory.
diff --git a/private/vmlauncher_app.te b/private/vmlauncher_app.te
new file mode 100644
index 0000000..dcc4f55
--- /dev/null
+++ b/private/vmlauncher_app.te
@@ -0,0 +1,18 @@
+type vmlauncher_app, domain;
+typeattribute vmlauncher_app coredomain;
+
+app_domain(vmlauncher_app)
+
+allow vmlauncher_app app_api_service:service_manager find;
+allow vmlauncher_app system_api_service:service_manager find;
+
+allow vmlauncher_app shell_data_file:dir search;
+allow vmlauncher_app shell_data_file:file { read open write };
+virtualizationservice_use(vmlauncher_app)
+
+is_flag_enabled(RELEASE_AVF_SUPPORT_CUSTOM_VM_WITH_PARAVIRTUALIZED_DEVICES, `
+  # TODO(b/332677707): remove them when display service uses binder RPC.
+  allow vmlauncher_app virtualization_service:service_manager find;
+  allow vmlauncher_app virtualizationservice:binder call;
+  allow vmlauncher_app crosvm:binder { call transfer };
+')