New "selinux.restorecon" control property.

This new property is used as a control verb for running a recursive
restorecon at the path contained in the property value.

Defines a new label and grants access to vold, which invokes it when
mounting private adopted volumes.

Bug: 21121357
Change-Id: I8ff12a146e54a505aa5b43a542578891563d647a

property.te

@@ -21,6 +21,7 @@ type ctl_bugreport_prop, property_type;
 type ctl_console_prop, property_type;
 type audio_prop, property_type;
 type logd_prop, property_type;
+type restorecon_prop, property_type;
 type security_prop, property_type;
 type bluetooth_prop, property_type;
 type pan_result_prop, property_type;

property_contexts

@@ -41,7 +41,8 @@ persist.service.bdroid. u:object_r:bluetooth_prop:s0
 persist.security.       u:object_r:system_prop:s0
 
 # selinux non-persistent properties
-selinux.                u:object_r:security_prop:s0
+selinux.restorecon_recursive   u:object_r:restorecon_prop:s0
+selinux.                       u:object_r:security_prop:s0
 
 # default property context
 *                       u:object_r:default_prop:s0

vold.te

@@ -111,6 +111,7 @@ allow vold kernel:process setsched;
 set_prop(vold, vold_prop)
 set_prop(vold, powerctl_prop)
 set_prop(vold, ctl_fuse_prop)
+set_prop(vold, restorecon_prop)
 
 # ASEC
 allow vold asec_image_file:file create_file_perms;
@@ -159,3 +160,4 @@ neverallow { domain -vold } vold_data_file:dir ~{ open create read getattr setat
 neverallow { domain -vold } vold_data_file:notdevfile_class_set ~{ relabelto getattr };
 neverallow { domain -vold -init } vold_data_file:dir *;
 neverallow { domain -vold -init } vold_data_file:notdevfile_class_set *;
+neverallow { domain -vold -init } restorecon_prop:property_service set;