Add policies for ro.kernel.watermark_scale_factor property

New ro.kernel.watermark_scale_factor property is used to store the
original value read from /proc/sys/vm/watermark_scale_factor before
extra_free_kbytes.sh changes it. The original value is necessary to
use the same reference point in case the script is invoked multiple
times. The property is set by init the first time script is invoked
and should never be changed afterwards.

Bug: 242837506
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Change-Id: I7760484854a41394a2efda9445cff8cb61587514

private/extra_free_kbytes.te

@@ -1,3 +1,6 @@
 typeattribute extra_free_kbytes coredomain;
 
 init_daemon_domain(extra_free_kbytes)
+
+# Only extra_free_kbytes script is allowed to store these properties
+set_prop(extra_free_kbytes, init_storage_prop)

private/property.te

@@ -18,6 +18,7 @@ system_internal_prop(fastbootd_protocol_prop)
 system_internal_prop(gsid_prop)
 system_internal_prop(init_perf_lsm_hooks_prop)
 system_internal_prop(init_service_status_private_prop)
+system_internal_prop(init_storage_prop)
 system_internal_prop(init_svc_debug_prop)
 system_internal_prop(keystore_crash_prop)
 system_internal_prop(keystore_listen_prop)
@@ -147,6 +148,12 @@ dontaudit domain {
   ctl_rildaemon_prop
 }:property_service set;
 
+neverallow {
+  domain
+  -init
+  -extra_free_kbytes
+} init_storage_prop:property_service set;
+
 neverallow {
   domain
   -init

private/property_contexts

@@ -1147,6 +1147,9 @@ ro.kernel.qemu             u:object_r:exported_default_prop:s0 exact bool
 ro.kernel.qemu.            u:object_r:exported_default_prop:s0
 ro.kernel.android.bootanim u:object_r:exported_default_prop:s0 exact int
 
+# This property is used by init to store the original value or /proc/sys/vm/watermark_scale_factor
+ro.kernel.watermark_scale_factor          u:object_r:init_storage_prop:s0 exact int
+
 ro.oem.key1 u:object_r:exported_default_prop:s0 exact string
 
 ro.product.vndk.version u:object_r:vndk_prop:s0 exact string