Add sepolicies OemLock HAL.

This HAL is no longer implemented with the SE but, instead, communicates
with the bootloader.

Bug: 62052545
Test: Build and boot
Change-Id: I929f184019a782372c09dd6264e6ccec0f822f0f

sepolicy/esed.te

@@ -1,9 +1,8 @@
-# android.hardware.oemlock and weaver HAL implementation
+# android.hardware.weaver HAL implementation
 # Clean up naming after via b/38447431
 type esed, domain;
 type esed_exec, exec_type, vendor_file_type, file_type;
 
-hal_server_domain(esed, hal_oemlock)
 hal_server_domain(esed, hal_weaver)
 
 allow esed pn81a_device:chr_file rw_file_perms;

sepolicy/file_contexts

@@ -222,6 +222,7 @@
 /vendor/bin/ese_load            u:object_r:init_ese_exec:s0
 /vendor/bin/ese-replay          u:object_r:esed_exec:s0
 /vendor/bin/ese-ls-provision    u:object_r:esed_exec:s0
+/vendor/bin/hw/android\.hardware\.oemlock@1\.0-service               u:object_r:hal_oemlock_default_exec:s0
 /vendor/bin/hw/android\.hardware\.usb@1\.1-service.wahoo             u:object_r:hal_usb_default_exec:s0
 /vendor/bin/chre                u:object_r:chre_exec:s0
 /vendor/bin/folio_daemon        u:object_r:folio_daemon_exec:s0

sepolicy/hal_oemlock_default.te

@@ -0,0 +1,9 @@
+type hal_oemlock_default, domain;
+hal_server_domain(hal_oemlock_default, hal_oemlock)
+
+# TODO: work out new permissions
+#allow hal_oemlock_default misc_block_device:blk_file rw_file_perms;
+#allow hal_oemlock_default frp_block_device:blk_file rw_file_perms;
+
+type hal_oemlock_default_exec, exec_type, vendor_file_type, file_type;
+init_daemon_domain(hal_oemlock_default)