Introduce ro.boot.hypervisor properties

In virtualized deployments of Android, it can be useful to have
access to a description of the hypervisor/host environment being
used to run the guest OS instance.

This is represented by means of a new system property
ro.boot.hypervisor.version, which is meant to convey a
free-form descriptor of the current host/hypervisor version

The property is meant to be provided to Android as androidboot.
by whatever host-specific means are used to supply other boot
properties to the target Android instance. Access could be later
opened to other vendor processes to set if needed for specific
setups where init is not a sufficiently-early stage for
host/guest communication. Such setups are not known at this time.

For a native Android incantation, the property defaults to
being missing

Other properties could later be added to this same namespace
and context if they turn out to be useful in specific scenarios.

Bug: 178749018
Test: build cuttlefish
Change-Id: Id721c14ef1958b525c2866a660dcae8fd176a79d
diff --git a/private/compat/31.0/31.0.ignore.cil b/private/compat/31.0/31.0.ignore.cil
index 72efc39..0fdb697 100644
--- a/private/compat/31.0/31.0.ignore.cil
+++ b/private/compat/31.0/31.0.ignore.cil
@@ -15,6 +15,7 @@
     hal_uwb_service
     hal_uwb_vendor_service
     hal_wifi_hostapd_service
+    hypervisor_prop
     locale_service
     power_stats_service
     snapuserd_prop
diff --git a/private/dumpstate.te b/private/dumpstate.te
index 37a9a0c..4fad585 100644
--- a/private/dumpstate.te
+++ b/private/dumpstate.te
@@ -91,6 +91,9 @@
 set_prop(dumpstate, lpdumpd_prop)
 binder_call(dumpstate, lpdumpd)
 
+# For dumping hypervisor information.
+get_prop(dumpstate, hypervisor_prop)
+
 # For dumping device-mapper and snapshot information.
 allow dumpstate gsid_exec:file rx_file_perms;
 set_prop(dumpstate, ctl_gsid_prop)
diff --git a/private/init.te b/private/init.te
index f569e0c..200780d 100644
--- a/private/init.te
+++ b/private/init.te
@@ -92,6 +92,9 @@
 # Only init can write normal ro.boot. properties
 neverallow { domain -init } bootloader_prop:property_service set;
 
+# Only init can write ro.boot.hypervisor properties
+neverallow { domain -init } hypervisor_prop:property_service set;
+
 # Only init can write hal.instrumentation.enable
 neverallow { domain -init } hal_instrumentation_prop:property_service set;
 
diff --git a/private/property_contexts b/private/property_contexts
index 879b7f9..0ee889c 100644
--- a/private/property_contexts
+++ b/private/property_contexts
@@ -676,6 +676,8 @@
 ro.boot.vbmeta.avb_version u:object_r:bootloader_prop:s0 exact string
 ro.boot.verifiedbootstate  u:object_r:bootloader_prop:s0 exact string
 ro.boot.veritymode         u:object_r:bootloader_prop:s0 exact string
+# Properties specific to virtualized deployments of Android
+ro.boot.hypervisor.version                  u:object_r:hypervisor_prop:s0 exact string
 
 # These ro.X properties are set to values of ro.boot.X by property_service.
 ro.baseband   u:object_r:bootloader_prop:s0 exact string