Allow only public-readable to ro.secure and ro.adb.secure

Bug: 74866333
Test: succeeded building and tested with taimen
Change-Id: Id19fec168ab266e386ea4c710a4c5cedfc4df33c
Merged-In: Id19fec168ab266e386ea4c710a4c5cedfc4df33c
(cherry picked from commit 62acbce4)

private/compat/26.0/26.0.ignore.cil

@@ -24,6 +24,7 @@
     exported_overlay_prop
     exported_pm_prop
     exported_radio_prop
+    exported_secure_prop
     exported_system_prop
     exported_system_radio_prop
     exported_vold_prop

private/compat/27.0/27.0.ignore.cil

@@ -27,6 +27,7 @@
     exported_overlay_prop
     exported_pm_prop
     exported_radio_prop
+    exported_secure_prop
     exported_system_prop
     exported_system_radio_prop
     exported_vold_prop

public/domain.te

@@ -131,6 +131,7 @@ get_prop(domain, exported_default_prop)
 get_prop(domain, exported_dumpstate_prop)
 get_prop(domain, exported_fingerprint_prop)
 get_prop(domain, exported_radio_prop)
+get_prop(domain, exported_secure_prop)
 get_prop(domain, exported_system_prop)
 get_prop(domain, exported_vold_prop)
 get_prop(domain, exported2_default_prop)
@@ -524,7 +525,8 @@ compatible_property_only(`
     neverallow { domain -init } default_prop:property_service set;
     neverallow { domain -init } mmc_prop:property_service set;
     neverallow { domain -init -vendor_init } exported_default_prop:property_service set;
-    neverallow { domain -init -vendor_init } exported2_default_prop:property_service set;
+    neverallow { domain -init } exported_secure_prop:property_service set;
+    neverallow { domain -init } exported2_default_prop:property_service set;
     neverallow { domain -init -vendor_init } exported3_default_prop:property_service set;
     neverallow { domain -init -vendor_init } vendor_default_prop:property_service set;
 ')

public/property.te

@@ -20,6 +20,7 @@ type device_logging_prop, property_type;
 type dhcp_prop, property_type, core_property_type;
 type dumpstate_options_prop, property_type;
 type dumpstate_prop, property_type, core_property_type;
+type exported_secure_prop, property_type;
 type ffs_prop, property_type, core_property_type;
 type fingerprint_prop, property_type, core_property_type;
 type firstboot_prop, property_type;

public/property_contexts

@@ -74,7 +74,6 @@ pm.dexopt.bg-dexopt u:object_r:exported_pm_prop:s0 exact string
 pm.dexopt.boot u:object_r:exported_pm_prop:s0 exact string
 pm.dexopt.first-boot u:object_r:exported_pm_prop:s0 exact string
 pm.dexopt.install u:object_r:exported_pm_prop:s0 exact string
-ro.adb.secure u:object_r:exported3_default_prop:s0 exact int
 ro.audio.monitorRotation u:object_r:exported3_default_prop:s0 exact bool
 ro.boot.vendor.overlay.theme u:object_r:exported_overlay_prop:s0 exact string
 ro.boot.wificountrycode u:object_r:exported3_default_prop:s0 exact string
@@ -136,6 +135,7 @@ libc.debug.malloc.options u:object_r:exported2_default_prop:s0 exact string
 libc.debug.malloc.program u:object_r:exported2_default_prop:s0 exact string
 libc.debug.hooks.enable u:object_r:exported2_default_prop:s0 exact string
 persist.sys.timezone u:object_r:exported_system_prop:s0 exact string
+ro.adb.secure u:object_r:exported_secure_prop:s0 exact int
 ro.arch u:object_r:exported2_default_prop:s0 exact string
 ro.audio.ignore_effects u:object_r:exported2_default_prop:s0 exact bool
 ro.baseband u:object_r:exported2_default_prop:s0 exact string
@@ -188,6 +188,7 @@ ro.product.model u:object_r:exported2_default_prop:s0 exact string
 ro.product.name u:object_r:exported2_default_prop:s0 exact string
 ro.property_service.version u:object_r:exported2_default_prop:s0 exact int
 ro.revision u:object_r:exported2_default_prop:s0 exact string
+ro.secure u:object_r:exported_secure_prop:s0 exact int
 service.bootanim.exit u:object_r:exported_system_prop:s0 exact int
 sys.boot_from_charger_mode u:object_r:exported_system_prop:s0 exact int
 vold.decrypt u:object_r:exported_vold_prop:s0 exact string