Add missing properties to microdroid am: deaa8b9f4a

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/2106044

Change-Id: I847ae3fac14c423243f9e113c1ba1a44bd294aa5
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>

microdroid/system/private/domain.te

@@ -252,6 +252,10 @@ allow domain crash_dump:process sigchld;
 # Properties that microdroid doesn't have but some still want to read.
 dontaudit domain { heapprofd_prop timezone_prop }:file r_file_perms;
 
+# Allow all processes to "read" non_existing_prop to suppress libc's access denial logs.
+# dontaudit is not enough; it's still fine because they can't be written, by neverallow rules
+get_prop(domain, non_existing_prop)
+
 ###
 ### neverallow rules
 ###

microdroid/system/private/property.te

@@ -5,6 +5,7 @@ system_public_prop(dalvik_config_prop)
 system_public_prop(dalvik_dynamic_config_prop)
 system_restricted_prop(device_config_runtime_native_prop)
 system_restricted_prop(device_config_runtime_native_boot_prop)
+system_restricted_prop(non_existing_prop)
 
 typeattribute dalvik_config_prop         dalvik_config_prop_type;
 typeattribute dalvik_dynamic_config_prop dalvik_config_prop_type;
@@ -61,3 +62,8 @@ neverallow {
     -microdroid_manager
     -crash_dump
 } {microdroid_config_prop}:file no_rw_file_perms;
+
+neverallow {
+    domain
+    -init
+} non_existing_prop:property_service set;

microdroid/system/private/property_contexts

@@ -145,6 +145,7 @@ libc.debug.malloc.program u:object_r:libc_debug_prop:s0 exact string
 libc.debug.hooks.enable   u:object_r:libc_debug_prop:s0 exact string
 
 arm64.memtag. u:object_r:arm64_memtag_prop:s0 prefix string
+persist.arm64.memtag.             u:object_r:non_existing_prop:s0 prefix string
 
 persist.sys.timezone u:object_r:timezone_prop:s0 exact string
 
@@ -171,3 +172,21 @@ dalvik.vm.restore-dex2oat-cpu-set             u:object_r:dalvik_dynamic_config_p
 dalvik.vm.restore-dex2oat-threads             u:object_r:dalvik_dynamic_config_prop:s0 exact int
 
 apexd.payload_metadata.path u:object_r:apexd_payload_metadata_prop:s0 exact string
+
+# These non_existing_prop properties are unused in microdroid, but added here to suppress libc's
+# access denial logs.
+libc.debug.gwp_asan.              u:object_r:non_existing_prop:s0 prefix string
+persist.libc.debug.gwp_asan.      u:object_r:non_existing_prop:s0 prefix string
+persist.adb.tls_server.enable     u:object_r:non_existing_prop:s0 exact bool
+persist.adb.watchdog.timeout_secs u:object_r:non_existing_prop:s0 exact int
+persist.adb.watchdog              u:object_r:non_existing_prop:s0 exact bool
+persist.device_config.            u:object_r:non_existing_prop:s0 prefix string
+persist.sys.test_harness          u:object_r:non_existing_prop:s0 exact bool
+ro.arch                           u:object_r:non_existing_prop:s0 exact string
+ro.boot.vsock_tombstone_port      u:object_r:non_existing_prop:s0 exact int
+ro.product.device                 u:object_r:non_existing_prop:s0 exact string
+ro.product.model                  u:object_r:non_existing_prop:s0 exact string
+ro.product.name                   u:object_r:non_existing_prop:s0 exact string
+ro.product.vndk.version           u:object_r:non_existing_prop:s0 exact string
+ro.secure                         u:object_r:non_existing_prop:s0 exact bool
+ro.serialno                       u:object_r:non_existing_prop:s0 exact string