sepolicy: Add rules for /sys/kernel/mm/pgsize_migration/enabled

The dynamic linker needs to read this node to determine how it should
load ELF files.

Allow the node to be enabled/disabled by init.

Bug: 330117029
Bug: 327600007
Bug: 330767927
Bug: 328266487
Bug: 329803029
Test: Free Fire Chaos App launches
Test: no avc deined in logcat
Change-Id: I2b35d6aebe39bf3e1e7489b47f23a817e477ef72

private/domain.te

@@ -338,6 +338,10 @@ with_asan(`allow domain system_asan_options_file:file r_file_perms;')
 allow domain apex_mnt_dir:dir { getattr search };
 allow domain apex_mnt_dir:lnk_file r_file_perms;
 
+# Allow reading /sys/kernel/mm/pgsize_migration/enabled
+allow domain sysfs_pgsize_migration:dir search;
+allow domain sysfs_pgsize_migration:file r_file_perms;
+
 # Allow everyone to read media server-configurable flags, so that libstagefright can be
 # configured using server-configurable flags
 get_prop(domain, device_config_media_native_prop)
@@ -2136,3 +2140,7 @@ neverallow { domain -init -aconfigd -system_server } aconfig_storage_metadata_fi
 
 neverallow { domain -dexopt_chroot_setup -init } proc:{ file dir } mounton;
 neverallow { domain -dexopt_chroot_setup -init -zygote } proc_type:{ file dir } mounton;
+
+# Only init/vendor are allowed to write sysfs_pgsize_migration;
+# ueventd needs write access to all sysfs files.
+neverallow { domain -init -vendor_init -ueventd } sysfs_pgsize_migration:file no_w_file_perms;

private/file.te

@@ -171,6 +171,9 @@ type pre_reboot_dexopt_artd_file, file_type;
 # /data/app-metadata - extracted app metadata bundles from APKs
 type apk_metadata_file, file_type, data_file_type, core_data_file_type;
 
+# Type for /sys/kernel/mm/pgsize_migration/enabled
+type sysfs_pgsize_migration, fs_type, sysfs_type;
+
 # Allow files to be created in their appropriate filesystems.
 allow fs_type self:filesystem associate;
 allow cgroup tmpfs:filesystem associate;

private/genfs_contexts

@@ -169,6 +169,7 @@ genfscon sysfs /kernel/ion u:object_r:sysfs_ion:s0
 genfscon sysfs /kernel/ipv4 u:object_r:sysfs_ipv4:s0
 genfscon sysfs /kernel/mm/transparent_hugepage u:object_r:sysfs_transparent_hugepage:s0
 genfscon sysfs /kernel/mm/lru_gen/enabled u:object_r:sysfs_lru_gen_enabled:s0
+genfscon sysfs /kernel/mm/pgsize_migration/enabled u:object_r:sysfs_pgsize_migration:s0
 genfscon sysfs /kernel/notes u:object_r:sysfs_kernel_notes:s0
 genfscon sysfs /kernel/uevent_helper u:object_r:sysfs_usermodehelper:s0
 genfscon sysfs /kernel/wakeup_reasons u:object_r:sysfs_wakeup_reasons:s0

private/init.te

@@ -543,6 +543,7 @@ allow init {
   sysfs_fs_f2fs
   sysfs_dm
   sysfs_lru_gen_enabled
+  sysfs_pgsize_migration
 }:file w_file_perms;
 
 allow init {

private/isolated_app_all.te

@@ -100,6 +100,7 @@ neverallow { isolated_app_all -isolated_compute_app } {
   -sysfs_usb # TODO: check with audio team if needed for isolated_apps (b/28417852)
   -sysfs_fs_fuse_features
   -sysfs_fs_incfs_features
+  -sysfs_pgsize_migration
 }:file no_rw_file_perms;
 
 # No creation of sockets families other than AF_UNIX sockets.