Add userspace_panic_device and userpanic_use am: 7ed2456b45

Original change: https://android-review.googlesource.com/c/platform/system/sepolicy/+/1813959

Change-Id: Ic743e5abb62a5760a3c526f4536a1b0a83cc6be7

private/file.te

@@ -68,3 +68,6 @@ type environ_system_data_file, file_type, data_file_type, core_data_file_type;
 
 # /dev/kvm
 type kvm_device, dev_type;
+
+# /dev/userspace_panic
+type userspace_panic_device, dev_type;

private/file_contexts

@@ -191,6 +191,7 @@
 /dev/uio[0-9]*		u:object_r:uio_device:s0
 /dev/urandom		u:object_r:random_device:s0
 /dev/usb_accessory	u:object_r:usbaccessory_device:s0
+/dev/userspace_panic	u:object_r:userspace_panic_device:s0
 /dev/v4l-touch[0-9]*	u:object_r:input_device:s0
 /dev/vhost-vsock	u:object_r:kvm_device:s0
 /dev/video[0-9]*	u:object_r:video_device:s0

private/init.te

@@ -112,3 +112,6 @@ allow init {
   -kvm_device
   -port_device
 }:chr_file setattr;
+
+# Allow use userpanic to request panic.
+allow init userspace_panic_device:chr_file w_file_perms;

private/llkd.te

@@ -44,6 +44,9 @@ allow llkd proc_hung_task:file rw_file_perms;
 allow llkd proc_sysrq:file rw_file_perms;
 allow llkd kmsg_device:chr_file w_file_perms;
 
+# Allow use userpanic to request panic.
+allow llkd userspace_panic_device:chr_file w_file_perms;
+
 ### neverallow rules
 
 neverallow { domain -init } llkd:process { dyntransition transition };

private/system_server.te

@@ -1156,6 +1156,9 @@ get_prop(system_server, qemu_hw_prop)
 # Allow system server to read profcollectd reports for upload.
 userdebug_or_eng(`r_dir_file(system_server, profcollectd_data_file)')
 
+# Allow use userpanic to request panic.
+allow system_server userspace_panic_device:chr_file w_file_perms;
+
 ###
 ### Neverallow rules
 ###