SELinux changes for the hasSystemFeature() binder cache property.

The binder_cache_system_server_prop context allows any user to read the
property but only the system_server to write it.  The only property with
this context is currently binder.cache_key.has_system_feature but users
will be added.

Bug: 140788621

Test: this was tested on an image with a binder cache implementation.  No
permission issues were found.  The implementation is not part of the current
commit.

Change-Id: I4c7c3ddf809ed947944408ffbbfc469d761a6043

private/compat/29.0/29.0.ignore.cil

@@ -15,6 +15,7 @@
     auth_service
     ashmem_libcutils_device
     blob_store_service
+    binder_cache_system_server_prop
     binderfs
     binderfs_logs
     binderfs_logs_proc

private/system_server.te

@@ -1090,3 +1090,8 @@ neverallow {
   -system_server
 } password_slot_metadata_file:notdevfile_class_set ~{ relabelto getattr };
 neverallow { domain -init -system_server } password_slot_metadata_file:notdevfile_class_set *;
+
+# Allow systemserver to read/write the invalidation property
+set_prop(system_server, binder_cache_system_server_prop)
+neverallow { domain -system_server -init }
+    binder_cache_system_server_prop:property_service set;

public/domain.te

@@ -107,6 +107,9 @@ get_prop(domain, exported2_default_prop)
 get_prop(domain, logd_prop)
 get_prop(domain, vndk_prop)
 
+# Allow every to read binder cache properties
+get_prop(domain, binder_cache_system_server_prop)
+
 # Let everyone read log properties, so that liblog can avoid sending unloggable
 # messages to logd.
 get_prop(domain, log_property_type)

public/property.te

@@ -149,6 +149,9 @@ system_public_prop(vendor_security_patch_level_prop)
 system_public_prop(wifi_log_prop)
 system_public_prop(wifi_prop)
 
+# Properties used by binder caches
+system_public_prop(binder_cache_system_server_prop)
+
 # Properties which are public for devices launching with Android O or earlier
 # This should not be used for any new properties.
 not_compatible_property(`
@@ -555,6 +558,7 @@ compatible_property_only(`
     -bluetooth_a2dp_offload_prop
     -bluetooth_audio_hal_prop
     -bluetooth_prop
+    -binder_cache_system_server_prop
     -bootloader_boot_reason_prop
     -boottime_prop
     -bpf_progs_loaded_prop

public/property_contexts

@@ -439,3 +439,6 @@ ro.surface_flinger.support_kernel_idle_timer u:object_r:exported_default_prop:s0
 ro.surface_flinger.use_smart_90_for_video u:object_r:exported_default_prop:s0 exact bool
 ro.surface_flinger.color_space_agnostic_dataspace u:object_r:exported_default_prop:s0 exact int
 ro.surface_flinger.refresh_rate_switching u:object_r:exported_default_prop:s0 exact bool
+
+# Binder cache properties.  These are world-readable
+binder.cache_key.has_system_feature      u:object_r:binder_cache_system_server_prop:s0

public/vendor_init.te

@@ -198,6 +198,7 @@ recovery_only(`
 not_compatible_property(`
     set_prop(vendor_init, {
       property_type
+      -binder_cache_system_server_prop
       -device_config_activity_manager_native_boot_prop
       -device_config_boot_count_prop
       -device_config_reset_performed_prop