Add new cpu variant related rules to SELinux

I added ro.bionic.(2nd_)?_(arch|cpu_variant) to vendor system
properties. And have init to write them to files under dev/.

This change set SELinux rules for these properties and files.

For the system properties: vendor/default.prop will set them. init will
read them.
For the files /dev/cpu_variant:.*: init will write them. bionic libc
will read them. (Basically world readable).

This is to allow libc select the right optimized routine at runtime.
Like memcpy / strcmp etc.

Test: getprop to make sure the properties are set.
Test: ls -laZ to make sure /dev/cpu_variant:.* are correctly labeled.

Change-Id: I41662493dce30eae6d41bf0985709045c44247d3

private/compat/28.0/28.0.ignore.cil

@@ -18,6 +18,8 @@
     apexd_tmpfs
     biometric_service
     biometric_vendor_data_file
+    cpu_variant_prop
+    dev_cpu_variant
     device_config_boot_count_prop
     device_config_reset_performed_prop
     device_config_flags_health_check_prop

private/file_contexts

@@ -83,6 +83,7 @@
 /dev/block/zram[0-9]*	u:object_r:ram_device:s0
 /dev/bus/usb(.*)?       u:object_r:usb_device:s0
 /dev/console		u:object_r:console_device:s0
+/dev/cpu_variant:.*     u:object_r:dev_cpu_variant:s0
 /dev/device-mapper	u:object_r:dm_device:s0
 /dev/eac		u:object_r:audio_device:s0
 /dev/event-log-tags     u:object_r:runtime_event_log_tags_file:s0

public/domain.te

@@ -236,6 +236,9 @@ allow domain proc:lnk_file { getattr read };
 # /proc/cpuinfo
 allow domain proc_cpuinfo:file r_file_perms;
 
+# /dev/cpu_variant:.*
+allow domain dev_cpu_variant:file r_file_perms;
+
 # jemalloc needs to read /proc/sys/vm/overcommit_memory
 allow domain proc_overcommit_memory:file r_file_perms;
 

public/file.te

@@ -183,6 +183,8 @@ type metadata_file, file_type;
 # Vold files within /metadata
 type vold_metadata_file, file_type;
 
+# Type for /dev/cpu_variant:.*.
+type dev_cpu_variant, file_type;
 # Speedup access for trusted applications to the runtime event tags
 type runtime_event_log_tags_file, file_type;
 # Type for /system/bin/logcat.

public/property.te

@@ -6,6 +6,7 @@ type bluetooth_prop, property_type;
 type bootloader_boot_reason_prop, property_type;
 type config_prop, property_type, core_property_type;
 type cppreopt_prop, property_type, core_property_type;
+type cpu_variant_prop, property_type;
 type ctl_adbd_prop, property_type;
 type ctl_bootanim_prop, property_type;
 type ctl_bugreport_prop, property_type;

public/property_contexts

@@ -255,6 +255,10 @@ gsm.sim.operator.numeric u:object_r:exported_radio_prop:s0 exact string
 media.mediadrmservice.enable u:object_r:exported_default_prop:s0 exact bool
 persist.rcs.supported u:object_r:exported_default_prop:s0 exact int
 rcs.publish.status u:object_r:exported_radio_prop:s0 exact string
+ro.bionic.2nd_arch u:object_r:cpu_variant_prop:s0 exact string
+ro.bionic.2nd_cpu_variant u:object_r:cpu_variant_prop:s0 exact string
+ro.bionic.arch u:object_r:cpu_variant_prop:s0 exact string
+ro.bionic.cpu_variant u:object_r:cpu_variant_prop:s0 exact string
 ro.board.platform u:object_r:exported_default_prop:s0 exact string
 ro.boot.fake_battery u:object_r:exported_default_prop:s0 exact int
 ro.boot.hardware.revision u:object_r:exported_default_prop:s0 exact string

public/vendor_init.te

@@ -192,6 +192,7 @@ not_compatible_property(`
 allow vendor_init file_contexts_file:file r_file_perms;
 
 set_prop(vendor_init, bluetooth_a2dp_offload_prop)
+set_prop(vendor_init, cpu_variant_prop)
 set_prop(vendor_init, debug_prop)
 set_prop(vendor_init, exported_audio_prop)
 set_prop(vendor_init, exported_bluetooth_prop)