Add Vehicle monitor service.

Initial commit of vehicle monitor service. This service will be
monitoring resources (CPU, memory, disk IO) usage and enforce policies
by terminating abusive apps.
bug: 31117339
Change-Id: Ieda8d76d22ac30e659c519a99051f9215ce23d2d

3 files changed, 16 insertions, 2 deletions

diff --git a/car_product/sepolicy/file_contexts b/car_product/sepolicy/file_contexts
index e95a012c09..182c923b54 100644
--- a/car_product/sepolicy/file_contexts
+++ b/car_product/sepolicy/file_contexts
@@ -3,7 +3,6 @@
 # System files
 #
 /system/bin/vehicle_network_service              u:object_r:vns_exec:s0
+/system/bin/vehicle_monitor_service              u:object_r:vms_exec:s0
 
 ###################################
-
-
diff --git a/car_product/sepolicy/vehicle_monitor_service.te b/car_product/sepolicy/vehicle_monitor_service.te
new file mode 100644
index 0000000000..16c6f81e26
--- /dev/null
+++ b/car_product/sepolicy/vehicle_monitor_service.te
@@ -0,0 +1,4 @@
+type vehicle_monitor_service_exec, exec_type, file_type;
+type vehicle_monitor_service, domain;
+
+init_daemon_domain(vehicle_monitor_service)
diff --git a/car_product/sepolicy/vms.te b/car_product/sepolicy/vms.te
new file mode 100644
index 0000000000..fc77b53651
--- /dev/null
+++ b/car_product/sepolicy/vms.te
@@ -0,0 +1,11 @@
+# Vehicle monitor service
+type vms, domain;
+type vms_exec, exec_type, file_type;
+
+allow vms system_app:binder { call };
+allow vms car_service:service_manager { add };
+allow vms priv_app:binder { call };
+
+init_daemon_domain(vms)
+
+binder_use(vms);
\ No newline at end of file