Add new cpu variant related rules to SELinux
I added ro.bionic.(2nd_)?_(arch|cpu_variant) to vendor system
properties. And have init to write them to files under dev/.
This change set SELinux rules for these properties and files.
For the system properties: vendor/default.prop will set them. init will
read them.
For the files /dev/cpu_variant:.*: init will write them. bionic libc
will read them. (Basically world readable).
This is to allow libc select the right optimized routine at runtime.
Like memcpy / strcmp etc.
Test: getprop to make sure the properties are set.
Test: ls -laZ to make sure /dev/cpu_variant:.* are correctly labeled.
Change-Id: I41662493dce30eae6d41bf0985709045c44247d3
diff --git a/private/compat/28.0/28.0.ignore.cil b/private/compat/28.0/28.0.ignore.cil
index 353724b..9f4f800 100644
--- a/private/compat/28.0/28.0.ignore.cil
+++ b/private/compat/28.0/28.0.ignore.cil
@@ -18,6 +18,8 @@
apexd_tmpfs
biometric_service
biometric_vendor_data_file
+ cpu_variant_prop
+ dev_cpu_variant
device_config_boot_count_prop
device_config_reset_performed_prop
device_config_flags_health_check_prop
diff --git a/private/file_contexts b/private/file_contexts
index dd957a7..a7880c0 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -83,6 +83,7 @@
/dev/block/zram[0-9]* u:object_r:ram_device:s0
/dev/bus/usb(.*)? u:object_r:usb_device:s0
/dev/console u:object_r:console_device:s0
+/dev/cpu_variant:.* u:object_r:dev_cpu_variant:s0
/dev/device-mapper u:object_r:dm_device:s0
/dev/eac u:object_r:audio_device:s0
/dev/event-log-tags u:object_r:runtime_event_log_tags_file:s0
diff --git a/public/domain.te b/public/domain.te
index b788f0d..09eb3e6 100644
--- a/public/domain.te
+++ b/public/domain.te
@@ -236,6 +236,9 @@
# /proc/cpuinfo
allow domain proc_cpuinfo:file r_file_perms;
+# /dev/cpu_variant:.*
+allow domain dev_cpu_variant:file r_file_perms;
+
# jemalloc needs to read /proc/sys/vm/overcommit_memory
allow domain proc_overcommit_memory:file r_file_perms;
diff --git a/public/file.te b/public/file.te
index 9cdd5f4..9f14621 100644
--- a/public/file.te
+++ b/public/file.te
@@ -183,6 +183,8 @@
# Vold files within /metadata
type vold_metadata_file, file_type;
+# Type for /dev/cpu_variant:.*.
+type dev_cpu_variant, file_type;
# Speedup access for trusted applications to the runtime event tags
type runtime_event_log_tags_file, file_type;
# Type for /system/bin/logcat.
diff --git a/public/property.te b/public/property.te
index 8a1e1fd..0704b9a 100644
--- a/public/property.te
+++ b/public/property.te
@@ -6,6 +6,7 @@
type bootloader_boot_reason_prop, property_type;
type config_prop, property_type, core_property_type;
type cppreopt_prop, property_type, core_property_type;
+type cpu_variant_prop, property_type;
type ctl_adbd_prop, property_type;
type ctl_bootanim_prop, property_type;
type ctl_bugreport_prop, property_type;
diff --git a/public/property_contexts b/public/property_contexts
index 36357b7..f2362d5 100644
--- a/public/property_contexts
+++ b/public/property_contexts
@@ -255,6 +255,10 @@
media.mediadrmservice.enable u:object_r:exported_default_prop:s0 exact bool
persist.rcs.supported u:object_r:exported_default_prop:s0 exact int
rcs.publish.status u:object_r:exported_radio_prop:s0 exact string
+ro.bionic.2nd_arch u:object_r:cpu_variant_prop:s0 exact string
+ro.bionic.2nd_cpu_variant u:object_r:cpu_variant_prop:s0 exact string
+ro.bionic.arch u:object_r:cpu_variant_prop:s0 exact string
+ro.bionic.cpu_variant u:object_r:cpu_variant_prop:s0 exact string
ro.board.platform u:object_r:exported_default_prop:s0 exact string
ro.boot.fake_battery u:object_r:exported_default_prop:s0 exact int
ro.boot.hardware.revision u:object_r:exported_default_prop:s0 exact string
diff --git a/public/vendor_init.te b/public/vendor_init.te
index fe3f87f..9aa1194 100644
--- a/public/vendor_init.te
+++ b/public/vendor_init.te
@@ -192,6 +192,7 @@
allow vendor_init file_contexts_file:file r_file_perms;
set_prop(vendor_init, bluetooth_a2dp_offload_prop)
+set_prop(vendor_init, cpu_variant_prop)
set_prop(vendor_init, debug_prop)
set_prop(vendor_init, exported_audio_prop)
set_prop(vendor_init, exported_bluetooth_prop)