Allow vendor apps to use surfaceflinger_service

Vendor apps may only use servicemanager provided services
marked as app_api_service. surfaceflinger_service should be
available to vendor apps, so add this attribute and clean up
duplicate grants.

Addresses:
avc:  denied  { find } scontext=u:r:qtelephony:s0
tcontext=u:object_r:surfaceflinger_service:s0 tclass=service_manager
avc:  denied  { find } scontext=u:r:ssr_detector:s0
tcontext=u:object_r:surfaceflinger_service:s0 tclass=service_manager
avc:  denied  { find } scontext=u:r:qcneservice:s0
tcontext=u:object_r:surfaceflinger_service:s0 tclass=service_manager

Bug: 69064190
Test: build
Change-Id: I00fcf43b0a8bde232709aac1040a5d7f4792fa0f

private/bluetooth.te

@@ -47,7 +47,6 @@ allow bluetooth bluetooth_service:service_manager find;
 allow bluetooth drmserver_service:service_manager find;
 allow bluetooth mediaserver_service:service_manager find;
 allow bluetooth radio_service:service_manager find;
-allow bluetooth surfaceflinger_service:service_manager find;
 allow bluetooth app_api_service:service_manager find;
 allow bluetooth system_api_service:service_manager find;
 

private/ephemeral_app.te

@@ -28,7 +28,6 @@ allow ephemeral_app mediacodec_service:service_manager find;
 allow ephemeral_app mediametrics_service:service_manager find;
 allow ephemeral_app mediadrmserver_service:service_manager find;
 allow ephemeral_app drmserver_service:service_manager find;
-allow ephemeral_app surfaceflinger_service:service_manager find;
 allow ephemeral_app radio_service:service_manager find;
 allow ephemeral_app ephemeral_app_api_service:service_manager find;
 

private/mediaprovider.te

@@ -19,7 +19,6 @@ allow mediaprovider app_api_service:service_manager find;
 allow mediaprovider audioserver_service:service_manager find;
 allow mediaprovider drmserver_service:service_manager find;
 allow mediaprovider mediaserver_service:service_manager find;
-allow mediaprovider surfaceflinger_service:service_manager find;
 
 # Allow MediaProvider to read/write cached ringtones (opened by system).
 allow mediaprovider ringtone_file:file { getattr read write };

private/nfc.te

@@ -21,7 +21,6 @@ allow nfc mediaextractor_service:service_manager find;
 allow nfc mediaserver_service:service_manager find;
 
 allow nfc radio_service:service_manager find;
-allow nfc surfaceflinger_service:service_manager find;
 allow nfc app_api_service:service_manager find;
 allow nfc system_api_service:service_manager find;
 allow nfc vr_manager_service:service_manager find;

private/platform_app.te

@@ -53,7 +53,6 @@ allow platform_app mediacodec_service:service_manager find;
 allow platform_app mediadrmserver_service:service_manager find;
 allow platform_app persistent_data_block_service:service_manager find;
 allow platform_app radio_service:service_manager find;
-allow platform_app surfaceflinger_service:service_manager find;
 allow platform_app thermal_service:service_manager find;
 allow platform_app timezone_service:service_manager find;
 allow platform_app app_api_service:service_manager find;

private/priv_app.te

@@ -32,7 +32,6 @@ allow priv_app mediaserver_service:service_manager find;
 allow priv_app nfc_service:service_manager find;
 allow priv_app oem_lock_service:service_manager find;
 allow priv_app radio_service:service_manager find;
-allow priv_app surfaceflinger_service:service_manager find;
 allow priv_app app_api_service:service_manager find;
 allow priv_app system_api_service:service_manager find;
 allow priv_app persistent_data_block_service:service_manager find;

private/untrusted_app_all.te

@@ -75,7 +75,6 @@ allow untrusted_app_all mediametrics_service:service_manager find;
 allow untrusted_app_all mediadrmserver_service:service_manager find;
 allow untrusted_app_all nfc_service:service_manager find;
 allow untrusted_app_all radio_service:service_manager find;
-allow untrusted_app_all surfaceflinger_service:service_manager find;
 allow untrusted_app_all app_api_service:service_manager find;
 allow untrusted_app_all vr_manager_service:service_manager find;
 

private/untrusted_v2_app.te

@@ -34,7 +34,6 @@ allow untrusted_v2_app mediametrics_service:service_manager find;
 allow untrusted_v2_app mediadrmserver_service:service_manager find;
 allow untrusted_v2_app nfc_service:service_manager find;
 allow untrusted_v2_app radio_service:service_manager find;
-allow untrusted_v2_app surfaceflinger_service:service_manager find;
 # TODO: potentially provide a tighter list of services here
 allow untrusted_v2_app app_api_service:service_manager find;
 

public/domain.te

@@ -551,7 +551,6 @@ full_treble_only(`
     -mediaserver_service
     -nfc_service
     -radio_service
-    -surfaceflinger_service
     -virtual_touchpad_service
     -vr_hwc_service
     -vr_manager_service

public/radio.te

@@ -30,7 +30,6 @@ allow radio cameraserver_service:service_manager find;
 allow radio drmserver_service:service_manager find;
 allow radio mediaserver_service:service_manager find;
 allow radio nfc_service:service_manager find;
-allow radio surfaceflinger_service:service_manager find;
 allow radio app_api_service:service_manager find;
 allow radio system_api_service:service_manager find;
 

public/service.te

@@ -23,7 +23,7 @@ type nfc_service,               service_manager_type;
 type radio_service,             service_manager_type;
 type statscompanion_service,    service_manager_type;
 type storaged_service,          service_manager_type;
-type surfaceflinger_service,    service_manager_type;
+type surfaceflinger_service,    app_api_service, ephemeral_app_api_service, service_manager_type;
 type system_app_service,        service_manager_type;
 type thermal_service,           service_manager_type;
 type update_engine_service,     service_manager_type;