Add sepolicy for /metadata/watchdog

See go/rescue-party-reboot for more context.

One integer will be stored in a file in this
directory, which will be read and then deleted at the
next boot. No userdata is stored.

Test: Write and read from file from PackageWatchdog
Bug: 171951174

Change-Id: I18f59bd9ad324a0513b1184b2f4fe78c592640db

private/compat/30.0/30.0.ignore.cil

@@ -53,4 +53,5 @@
     userspace_reboot_metadata_file
     vcn_management_service
     vibrator_manager_service
+    watchdog_metadata_file
     zygote_config_prop))

private/file_contexts

@@ -744,6 +744,7 @@
 /metadata/bootstat(/.*)?  u:object_r:metadata_bootstat_file:s0
 /metadata/staged-install(/.*)?    u:object_r:staged_install_file:s0
 /metadata/userspacereboot(/.*)?    u:object_r:userspace_reboot_metadata_file:s0
+/metadata/watchdog(/.*)?    u:object_r:watchdog_metadata_file:s0
 
 #############################
 # asec containers

private/system_server.te

@@ -1169,6 +1169,9 @@ allow system_server userspace_reboot_metadata_file:file create_file_perms;
 allow system_server staged_install_file:dir rw_dir_perms;
 allow system_server staged_install_file:file create_file_perms;
 
+allow system_server watchdog_metadata_file:dir rw_dir_perms;
+allow system_server watchdog_metadata_file:file create_file_perms;
+
 # Allow init to set sysprop used to compute stats about userspace reboot.
 set_prop(system_server, userspace_reboot_log_prop)
 

public/file.te

@@ -245,6 +245,8 @@ type metadata_bootstat_file, file_type;
 type userspace_reboot_metadata_file, file_type;
 # Staged install files within /metadata/staged-install
 type staged_install_file, file_type;
+# Metadata information within /metadata/watchdog
+type watchdog_metadata_file, file_type;
 
 # Type for /dev/cpu_variant:.*.
 type dev_cpu_variant, file_type;