Add adb_root rules

Change-Id: Ibfd8f9ca6a3ac0a1a3ed46024ae5782fab1c3470

common/private/adbd.te

@@ -0,0 +1,2 @@
+allow adbd adbroot:binder call;
+allow adbd adbroot_service:service_manager find;

common/private/adbroot.te

@@ -0,0 +1,11 @@
+type adbroot, domain, coredomain;
+type adbroot_exec, exec_type, file_type, system_file_type;
+
+init_daemon_domain(adbroot)
+
+binder_use(adbroot)
+binder_service(adbroot)
+add_service(adbroot, adbroot_service)
+
+allow adbroot adbroot_data_file:dir rw_dir_perms;
+allow adbroot adbroot_data_file:file create_file_perms;

common/private/file.te

@@ -1 +1,2 @@
 type sysfs_io_sched_tuneable, fs_type, sysfs_type;
+type adbroot_data_file, file_type, data_file_type, core_data_file_type;

common/private/file_contexts

@@ -17,3 +17,7 @@
 /system/bin/backuptool_ab\.functions              u:object_r:otapreopt_chroot_exec:s0
 /system/bin/backuptool_ab\.sh                     u:object_r:otapreopt_chroot_exec:s0
 /system/bin/backuptool_postinstall\.sh            u:object_r:otapreopt_chroot_exec:s0
+
+# ADB Root
+/system/bin/adb_root       u:object_r:adbroot_exec:s0
+/data/adbroot(/.*)?        u:object_r:adbroot_data_file:s0

common/private/service.te

@@ -0,0 +1 @@
+type adbroot_service,                   service_manager_type;

common/private/service_contexts

@@ -6,3 +6,5 @@ lineagestyle                              u:object_r:lineage_style_service:s0
 lineagetrust                              u:object_r:lineage_trust_service:s0
 lineageweather                            u:object_r:lineage_weather_service:s0
 profile                                   u:object_r:lineage_profile_service:s0
+
+adbroot_service                           u:object_r:adbroot_service:s0

common/private/system_server.te

@@ -1,5 +1,7 @@
 allow system_server storage_stub_file:dir getattr;
 
+allow system_server adbroot_service:service_manager find;
+
 # Use HALs
 hal_client_domain(system_server, hal_lineage_fod)
 hal_client_domain(system_server, hal_lineage_livedisplay)