DO NOT MERGE: Add a way to allow untrusted_apps to talk to halserver domains

Vendor HAL extentsions are currently allowed to discover hardware
services that are labelled with 'untrusted_app_visible_hwservice'.
However, the policy doesn't allow these apps to talk to these services.
This CL makes sure that is now possible via the
'untrusted_app_visible_halserver' attribute for vendor domains that host
such a service.

Bug: 64382381
Test: Boot device and observe no new denials.

Change-Id: I1ffc1a62bdf7506a311f5a19acdab8c7caec902b
Signed-off-by: Sandeep Patil <sspatil@google.com>

private/app_neverallows.te

@@ -225,5 +225,6 @@ full_treble_only(`
     -hal_graphics_allocator_server
     -hal_cas_server
     -binder_in_vendor_violators # TODO(b/35870313): Remove once all violations are gone
+    -untrusted_app_visible_halserver
   }:binder { call transfer };
 ')

public/attributes

@@ -157,6 +157,17 @@ expandattribute vendor_executes_system_violators false;
 # app-visibility.
 attribute untrusted_app_visible_hwservice;
 
+# halserver domains that are accessible to untrusted applications.  These
+# domains are typically those hosting  hwservices attributed by the
+# untrusted_app_visible_hwservice.
+# WARNING: Use of this attribute should be avoided unless absolutely necessary.
+# It is a temporary allowance to aid the transition to treble and will be
+# removed in the future platform version, requiring all halserver domains that
+# are labeled with this attribute to be submitted to AOSP in order to maintain
+# their app-visibility.
+attribute untrusted_app_visible_halserver;
+expandattribute untrusted_app_visible_halserver false;
+
 # PDX services
 attribute pdx_endpoint_dir_type;
 attribute pdx_endpoint_socket_type;