Remove exported2_default_prop

This cleans up remaining exported2_default_prop. Three properties are
changed.

- ro.arch
It becomes build_prop.

- hal.instrumentation.enable
It becomes hal_instrumentation_prop.

- ro.property_service.version
It becomes property_service_version_prop.

Bug: 155844385
Test: selinux denial test on Pixel devices
Change-Id: I7ee0bd8c522cc09ee82ef89e6a13bbbf65291291

private/compat/27.0/27.0.ignore.cil

@@ -97,6 +97,7 @@
     hal_confirmationui_hwservice
     hal_evs_hwservice
     hal_health_storage_hwservice
+    hal_instrumentation_prop
     hal_lowpan_hwservice
     hal_secure_element_hwservice
     hal_usb_gadget_hwservice
@@ -149,6 +150,7 @@
     perfetto_tmpfs
     perfetto_traces_data_file
     property_info
+    property_service_version_prop
     provisioned_prop
     recovery_config_prop
     recovery_socket

private/compat/30.0/30.0.cil

@@ -8,6 +8,7 @@
 (type exported_vold_prop)
 (type exported_wifi_prop)
 (type exported2_config_prop)
+(type exported2_default_prop)
 (type exported2_radio_prop)
 (type exported2_vold_prop)
 (type exported3_default_prop)
@@ -1350,8 +1351,10 @@
     aac_drc_prop
     bootloader_prop
     build_prop
+    hal_instrumentation_prop
     init_service_status_prop
-    libc_debug_prop))
+    libc_debug_prop
+    property_service_version_prop))
 (typeattributeset exported2_radio_prop_30_0 (exported2_radio_prop))
 (typeattributeset exported2_system_prop_30_0
   ( exported2_system_prop

private/init.te

@@ -66,3 +66,9 @@ neverallow { -init } vts_status_prop:property_service set;
 
 # Only init can write normal ro.boot. properties
 neverallow { -init } bootloader_prop:property_service set;
+
+# Only init can write hal.instrumentation.enable
+neverallow { -init } hal_instrumentation_prop:property_service set;
+
+# Only init can write ro.property_service.version
+neverallow { -init } property_service_version_prop:property_service set;

private/property.te

@@ -140,7 +140,6 @@ compatible_property_only(`
     exported_default_prop
     exported_dumpstate_prop
     exported_system_prop
-    exported2_default_prop
     exported2_system_prop
     exported3_system_prop
     usb_control_prop

private/property_contexts

@@ -514,7 +514,7 @@ drm.service.enabled u:object_r:drm_service_config_prop:s0 exact bool
 dumpstate.dry_run u:object_r:exported_dumpstate_prop:s0 exact bool
 dumpstate.unroot  u:object_r:exported_dumpstate_prop:s0 exact bool
 
-hal.instrumentation.enable u:object_r:exported2_default_prop:s0 exact bool
+hal.instrumentation.enable u:object_r:hal_instrumentation_prop:s0 exact bool
 
 # default contexts only accessible by coredomain
 init.svc. u:object_r:init_service_status_private_prop:s0 prefix string
@@ -539,7 +539,7 @@ persist.sys.locale       u:object_r:exported_system_prop:s0 exact string
 persist.sys.timezone     u:object_r:exported_system_prop:s0 exact string
 persist.sys.test_harness u:object_r:test_harness_prop:s0 exact bool
 
-ro.arch u:object_r:exported2_default_prop:s0 exact string
+ro.arch u:object_r:build_prop:s0 exact string
 
 # ro.boot. properties are set based on kernel commandline arguments, which are vendor owned.
 ro.boot.                   u:object_r:bootloader_prop:s0
@@ -647,7 +647,7 @@ ro.product.vendor.name         u:object_r:build_vendor_prop:s0 exact string
 ro.crypto.state u:object_r:vold_status_prop:s0 exact enum encrypted unencrypted unsupported
 ro.crypto.type  u:object_r:vold_status_prop:s0 exact enum block file none
 
-ro.property_service.version u:object_r:exported2_default_prop:s0 exact int
+ro.property_service.version u:object_r:property_service_version_prop:s0 exact int
 
 ro.vendor.redirect_socket_calls u:object_r:vendor_socket_hook_prop:s0 exact bool
 

public/domain.te

@@ -105,12 +105,13 @@ get_prop(domain, exported_default_prop)
 get_prop(domain, exported_dumpstate_prop)
 get_prop(domain, exported_secure_prop)
 get_prop(domain, exported_system_prop)
-get_prop(domain, exported2_default_prop)
 get_prop(domain, fingerprint_prop)
+get_prop(domain, hal_instrumentation_prop)
 get_prop(domain, init_service_status_prop)
 get_prop(domain, libc_debug_prop)
 get_prop(domain, logd_prop)
 get_prop(domain, mediadrm_config_prop)
+get_prop(domain, property_service_version_prop)
 get_prop(domain, socket_hook_prop)
 get_prop(domain, surfaceflinger_prop)
 get_prop(domain, telephony_status_prop)
@@ -540,7 +541,6 @@ compatible_property_only(`
     neverallow { domain -init } mmc_prop:property_service set;
     neverallow { domain -init -vendor_init } exported_default_prop:property_service set;
     neverallow { domain -init } exported_secure_prop:property_service set;
-    neverallow { domain -init } exported2_default_prop:property_service set;
     neverallow { domain -init -vendor_init } vendor_default_prop:property_service set;
     neverallow { domain -init -vendor_init } storage_config_prop:property_service set;
 ')

public/property.te

@@ -64,10 +64,12 @@ system_restricted_prop(bq_config_prop)
 system_restricted_prop(build_prop)
 system_restricted_prop(charger_status_prop)
 system_restricted_prop(fingerprint_prop)
+system_restricted_prop(hal_instrumentation_prop)
 system_restricted_prop(init_service_status_prop)
 system_restricted_prop(libc_debug_prop)
 system_restricted_prop(module_sdkextensions_prop)
 system_restricted_prop(nnapi_ext_deny_product_prop)
+system_restricted_prop(property_service_version_prop)
 system_restricted_prop(provisioned_prop)
 system_restricted_prop(restorecon_prop)
 system_restricted_prop(retaildemo_prop)
@@ -89,7 +91,6 @@ compatible_property_only(`
     system_restricted_prop(device_logging_prop)
     system_restricted_prop(dhcp_prop)
     system_restricted_prop(dumpstate_prop)
-    system_restricted_prop(exported2_default_prop)
     system_restricted_prop(exported3_system_prop)
     system_restricted_prop(exported_dumpstate_prop)
     system_restricted_prop(exported_secure_prop)
@@ -241,7 +242,6 @@ not_compatible_property(`
     system_public_prop(device_logging_prop)
     system_public_prop(dhcp_prop)
     system_public_prop(dumpstate_prop)
-    system_public_prop(exported2_default_prop)
     system_public_prop(exported3_system_prop)
     system_public_prop(exported_dumpstate_prop)
     system_public_prop(exported_secure_prop)