sepolicy: Add sepolicies for graphics

Added file context policy for graphics runtime script
Added sepolicy for qti_graphics_boot oneshot service

Change-Id: I6d09b30cf8b6c3431c5ae862cc1d7e48907bb7aa
diff --git a/generic/vendor/kalama/file_contexts b/generic/vendor/kalama/file_contexts
index 6d3a0eb..dc42fbd 100644
--- a/generic/vendor/kalama/file_contexts
+++ b/generic/vendor/kalama/file_contexts
@@ -315,6 +315,9 @@
 /vendor/bin/hw/vendor\.aks\.gamepad@1\.0-service      u:object_r:hal_gamepad_default_exec:s0
 /dev/aks_input                       u:object_r:vendor_aks_chr_device:s0
 
+#Gfx
+/(vendor|system/vendor)/bin/init\.qti\.graphics\.sh  u:object_r:vendor_qti_graphics_boot_exec:s0
+
 # Microdump collector parameters
 /sys/module/microdump_collector/parameters/.*  u:object_r:vendor_sysfs_microdump:s0
 /vendor/bin/usbudev     u:object_r:vendor_usbudev_qti_exec:s0
diff --git a/generic/vendor/kalama/vendor_qti_graphics_boot.te b/generic/vendor/kalama/vendor_qti_graphics_boot.te
new file mode 100644
index 0000000..4a9b66e
--- /dev/null
+++ b/generic/vendor/kalama/vendor_qti_graphics_boot.te
@@ -0,0 +1,11 @@
+# Copyright (c) 2023 Qualcomm Innovation Center, Inc. All rights reserved.
+# SPDX-License-Identifier: BSD-3-Clause-Clear
+
+type vendor_qti_graphics_boot, domain;
+type vendor_qti_graphics_boot_exec, exec_type, vendor_file_type, file_type;
+
+init_daemon_domain(vendor_qti_graphics_boot)
+
+#============= qti_graphics_boot ==============
+set_prop(vendor_qti_graphics_boot, vendor_display_prop)
+allow vendor_qti_graphics_boot vendor_toolbox_exec:file rx_file_perms;