Add sepolicy for consumerir HIDL HAL

Test: logging confirms service runs on boot
Change-Id: If86fa7daf4a626b3e04fa0d2677d4cb590eb71ce
Signed-off-by: Connor O'Brien <connoro@google.com>
diff --git a/private/file_contexts b/private/file_contexts
index cdc6d45..4547b6a 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -230,6 +230,7 @@
 /system/lib(64)?/libart.*        u:object_r:libart_file:s0
 /system/bin/hw/android\.hardware\.audio@2\.0-service          u:object_r:hal_audio_exec:s0
 /system/bin/hw/android\.hardware\.boot@1\.0-service           u:object_r:hal_boot_exec:s0
+/system/bin/hw/android\.hardware\.ir@1\.0-service           u:object_r:hal_ir_default_exec:s0
 /system/bin/hw/android\.hardware\.graphics\.allocator@2\.0-service   u:object_r:hal_graphics_allocator_exec:s0
 /system/bin/hw/android\.hardware\.graphics\.composer@2\.1-service    u:object_r:hal_graphics_composer_exec:s0
 /system/bin/hw/android\.hardware\.light@2\.0-service          u:object_r:hal_light_default_exec:s0
diff --git a/private/hal_ir_default.te b/private/hal_ir_default.te
new file mode 100644
index 0000000..0ccd436
--- /dev/null
+++ b/private/hal_ir_default.te
@@ -0,0 +1,5 @@
+type hal_ir_default, hal_ir, domain;
+type hal_ir_default_exec, exec_type, file_type;
+
+# may be started by init
+init_daemon_domain(hal_ir_default)
diff --git a/public/attributes b/public/attributes
index 5b68eea..497cb90 100644
--- a/public/attributes
+++ b/public/attributes
@@ -116,3 +116,4 @@
 
 # HALs
 attribute hal_light;
+attribute hal_ir;
diff --git a/public/hal_ir.te b/public/hal_ir.te
new file mode 100644
index 0000000..3c7b51a
--- /dev/null
+++ b/public/hal_ir.te
@@ -0,0 +1,5 @@
+# hwbinder access
+hwbinder_use(hal_ir)
+
+# call into system_server process (callbacks)
+binder_call(hal_ir, system_server)
diff --git a/public/system_server.te b/public/system_server.te
index 146e557..f7f87f8 100644
--- a/public/system_server.te
+++ b/public/system_server.te
@@ -159,6 +159,7 @@
 # Perform HwBinder IPC.
 hwbinder_use(system_server)
 binder_call(system_server, hal_boot)
+binder_call(system_server, hal_ir)
 binder_call(system_server, hal_light)
 binder_call(system_server, hal_memtrack)
 binder_call(system_server, hal_power)