Make kmsg_device mlstrustedobject.

Few domains are granted access to this, but they should have access
from any user.

Also add some neverallows to prevent misuse.

Bug: 170622707
Test: presubmits
Change-Id: Iacbe7b0525604f2339f8bf31c105af738bc3cd75

private/app_neverallows.te

@@ -19,6 +19,9 @@ neverallow all_untrusted_apps domain:netlink_kobject_uevent_socket *;
 # Receive or send generic netlink messages
 neverallow all_untrusted_apps domain:netlink_socket *;
 
+# Read or write kernel printk buffer
+neverallow all_untrusted_apps kmsg_device:chr_file no_rw_file_perms;
+
 # Too much leaky information in debugfs. It's a security
 # best practice to ensure these files aren't readable.
 neverallow all_untrusted_apps { debugfs_type -debugfs_kcov }:file read;

private/priv_app.te

@@ -170,6 +170,9 @@ neverallow priv_app domain:netlink_kobject_uevent_socket *;
 # Receive or send generic netlink messages
 neverallow priv_app domain:netlink_socket *;
 
+# Read or write kernel printk buffer
+neverallow priv_app kmsg_device:chr_file no_rw_file_perms;
+
 # Too much leaky information in debugfs. It's a security
 # best practice to ensure these files aren't readable.
 neverallow priv_app debugfs:file read;

public/device.te

@@ -29,7 +29,7 @@ type lowpan_device, dev_type;
 type mtp_device, dev_type, mlstrustedobject;
 type nfc_device, dev_type;
 type ptmx_device, dev_type, mlstrustedobject;
-type kmsg_device, dev_type;
+type kmsg_device, dev_type, mlstrustedobject;
 type kmsg_debug_device, dev_type;
 type null_device, dev_type, mlstrustedobject;
 type random_device, dev_type, mlstrustedobject;