Add sepolicy for dm backend app

Tracked-On:
Signed-off-by: chenyanxzhu <[email protected]>

graphics/dm_backend/backend_client_app.te

@@ -0,0 +1,46 @@
+type dm_backend_ipc_data_file, file_type, data_file_type;
+type dm_backend_app_data_file, file_type, data_file_type, app_data_file_type;
+type dm_backend_client_app, domain;
+
+#============= dm_backend_client_app ==============
+allow dm_backend_client_app dm_backend_ipc_data_file:dir { add_name remove_name };
+allow dm_backend_client_app dm_backend_ipc_data_file:sock_file { create unlink write };
+
+allow dm_backend_client_app dm_backend_app_data_file:dir create_dir_perms;
+
+#============= dm_backend_client_app ==============
+allow dm_backend_client_app activity_service:service_manager find;
+allow dm_backend_client_app activity_task_service:service_manager find;
+allow dm_backend_client_app content_capture_service:service_manager find;
+allow dm_backend_client_app dm_backend_app_data_file:file { create open read setattr write };
+allow dm_backend_client_app game_service:service_manager find;
+allow dm_backend_client_app gpu_device:chr_file { ioctl map read write };
+allow dm_backend_client_app gpu_service:service_manager find;
+# allow dm_backend_client_app hal_configstore_ISurfaceFlingerConfigs:hwservice_manager find;
+allow dm_backend_client_app hal_graphics_allocator_default:binder call;
+allow dm_backend_client_app hal_graphics_allocator_default_tmpfs:file { map read write };
+# allow dm_backend_client_app hal_graphics_allocator_service:service_manager find;
+allow dm_backend_client_app hal_graphics_composer_default:fd use;
+allow dm_backend_client_app hal_graphics_mapper_hwservice:hwservice_manager find;
+allow dm_backend_client_app netstats_service:service_manager find;
+allow dm_backend_client_app surfaceflinger:fd use;
+allow dm_backend_client_app surfaceflinger_service:service_manager find;
+# allow dm_backend_client_app system_userdir_file:dir search;
+# allow dm_backend_client_app tmpfs:file { execute map read write };
+allow dm_backend_client_app virtual_device_service:service_manager find;
+allow dm_backend_client_app voiceinteraction_service:service_manager find;
+
+#============= hal_graphics_composer_default ==============
+allow hal_graphics_composer_default dm_backend_client_app:fd use;
+
+#============= surfaceflinger ==============
+allow surfaceflinger dm_backend_client_app:binder { call transfer };
+allow surfaceflinger dm_backend_client_app:fd use;
+
+#============= system_server ==============
+allow system_server dm_backend_client_app:binder call;
+allow system_server dm_backend_client_app:process { getpgid sigkill };
+
+#============= zygote ==============
+# allow zygote dm_backend_client_app:process dyntransition;
+

graphics/dm_backend/file_contexts

@@ -0,0 +1,3 @@
+#dm_backend_app /data/vendor/dm_backend_app permission
+/data/vendor/dm_backend_app(/.*)?       u:object_r:dm_backend_ipc_data_file:s0
+

graphics/dm_backend/seapp_contexts

@@ -0,0 +1 @@
+user=_app seinfo=platform name=com.intel.dm_backend domain=dm_backend_client_app type=dm_backend_app_data_file