Merge "Add policies for ro.kernel.watermark_scale_factor property"

private/extra_free_kbytes.te

@@ -1,3 +1,6 @@
 typeattribute extra_free_kbytes coredomain;
 
 init_daemon_domain(extra_free_kbytes)
+
+# Only extra_free_kbytes script is allowed to store these properties
+set_prop(extra_free_kbytes, init_storage_prop)

private/property.te

@@ -18,6 +18,7 @@ system_internal_prop(fastbootd_protocol_prop)
 system_internal_prop(gsid_prop)
 system_internal_prop(init_perf_lsm_hooks_prop)
 system_internal_prop(init_service_status_private_prop)
+system_internal_prop(init_storage_prop)
 system_internal_prop(init_svc_debug_prop)
 system_internal_prop(keystore_crash_prop)
 system_internal_prop(keystore_listen_prop)
@@ -147,6 +148,12 @@ dontaudit domain {
   ctl_rildaemon_prop
 }:property_service set;
 
+neverallow {
+  domain
+  -init
+  -extra_free_kbytes
+} init_storage_prop:property_service set;
+
 neverallow {
   domain
   -init

private/property_contexts

@@ -1147,6 +1147,9 @@ ro.kernel.qemu             u:object_r:exported_default_prop:s0 exact bool
 ro.kernel.qemu.            u:object_r:exported_default_prop:s0
 ro.kernel.android.bootanim u:object_r:exported_default_prop:s0 exact int
 
+# This property is used by init to store the original value or /proc/sys/vm/watermark_scale_factor
+ro.kernel.watermark_scale_factor          u:object_r:init_storage_prop:s0 exact int
+
 ro.oem.key1 u:object_r:exported_default_prop:s0 exact string
 
 ro.product.vndk.version u:object_r:vndk_prop:s0 exact string