kcmdlinectrl: define system property for kcmdlinectrl
This defines the kcmdline_prop context for properties controlled by
kcmdlinectrl, and defines a property called kcmdline.binder for
switching between the Rust and C implementations of the Binder driver.
It is intended that additional kcmdline properties introduced in the
future would share the same kcmdline_prop context.
Test: Verified that setprop/getprop work and that the value is loaded properly at boot
Bug: 326222756
Change-Id: Iea362df98d729ee110b6058c6e5fa6b6ace03d8e
diff --git a/private/kcmdlinectrl.te b/private/kcmdlinectrl.te
new file mode 100644
index 0000000..d569dc0
--- /dev/null
+++ b/private/kcmdlinectrl.te
@@ -0,0 +1,22 @@
+# kcmdlinectrl is a tool to have the bootloader send kernel commandline flags
+# for enabling dogfood features in the kernel
+type kcmdlinectrl, domain, coredomain;
+type kcmdlinectrl_exec, system_file_type, exec_type, file_type;
+
+init_daemon_domain(kcmdlinectrl)
+
+# for setting kcmdline properties to match the bootloader state.
+set_prop(kcmdlinectrl, kcmdline_prop)
+
+# kcmdlinectrl communicates the request to the bootloader via the misc partition.
+# needs to write to update the request in misc partition, and read to sync
+# back to the property.
+allow kcmdlinectrl misc_block_device:blk_file rw_file_perms;
+allow kcmdlinectrl block_device:dir r_dir_perms;
+read_fstab(kcmdlinectrl)
+
+# bootloader_message tries to find the fstab in the device config path first,
+# but because we've already booted up we can use the ro.boot properties instead,
+# so we can just ignore the SELinux denial.
+dontaudit kcmdlinectrl sysfs_dt_firmware_android:dir search;
+dontaudit kcmdlinectrl vendor_property_type:file read;