Add new snapuserd socket and property rules.

This adds a new property prefix owned by snapuserd, for communicating
when the service is ready to accept connections (snapuserd.ready and
snapuserd.proxy_ready).

This also adds a new socket context. This is a seqpacket socket used to
communicate with a special instance of snapuserd that bridges to the
first-stage daemon.

Bug: 193833730
Test: no denials after OTA applies and boots
Change-Id: Ibad03659eba5c25e205ba00f27d0b4f98585a84b

private/compat/31.0/31.0.ignore.cil

@@ -10,6 +10,8 @@
     hal_system_suspend_service
     hal_tv_tuner_service
     power_stats_service
+    snapuserd_prop
+    snapuserd_proxy_socket
     tare_service
     transformer_service
     proc_watermark_boost_factor

private/file_contexts

@@ -162,6 +162,7 @@
 /dev/socket/rild	u:object_r:rild_socket:s0
 /dev/socket/rild-debug	u:object_r:rild_debug_socket:s0
 /dev/socket/snapuserd u:object_r:snapuserd_socket:s0
+/dev/socket/snapuserd_proxy u:object_r:snapuserd_proxy_socket:s0
 /dev/socket/tombstoned_crash u:object_r:tombstoned_crash_socket:s0
 /dev/socket/tombstoned_java_trace u:object_r:tombstoned_java_trace_socket:s0
 /dev/socket/tombstoned_intercept u:object_r:tombstoned_intercept_socket:s0

private/property.te

@@ -30,6 +30,7 @@ system_internal_prop(pm_prop)
 system_internal_prop(profcollectd_node_id_prop)
 system_internal_prop(rollback_test_prop)
 system_internal_prop(setupwizard_prop)
+system_internal_prop(snapuserd_prop)
 system_internal_prop(system_adbd_prop)
 system_internal_prop(traced_perf_enabled_prop)
 system_internal_prop(userspace_reboot_log_prop)

private/property_contexts

@@ -278,10 +278,12 @@ ro.charger.                 u:object_r:charger_prop:s0
 sys.boot_from_charger_mode  u:object_r:charger_status_prop:s0 exact int
 ro.enable_boot_charger_mode u:object_r:charger_config_prop:s0 exact bool
 
-# Virtual A/B properties
+# Virtual A/B and snapuserd properties
 ro.virtual_ab.enabled   u:object_r:virtual_ab_prop:s0 exact bool
 ro.virtual_ab.retrofit  u:object_r:virtual_ab_prop:s0 exact bool
 ro.virtual_ab.compression.enabled  u:object_r:virtual_ab_prop:s0 exact bool
+snapuserd.ready         u:object_r:snapuserd_prop:s0 exact bool
+snapuserd.proxy_ready   u:object_r:snapuserd_prop:s0 exact bool
 
 ro.product.ab_ota_partitions u:object_r:ota_prop:s0 exact string
 # Property to set/clear the warm reset flag after an OTA update.

private/snapuserd.te

@@ -17,10 +17,24 @@ allow snapuserd dm_device:blk_file rw_file_perms;
 allow snapuserd dm_user_device:dir r_dir_perms;
 allow snapuserd dm_user_device:chr_file rw_file_perms;
 
-# Reading and writing to /dev/socket/snapuserd.
+# Reading and writing to /dev/socket/snapuserd and snapuserd_proxy.
 allow snapuserd snapuserd_socket:unix_stream_socket { accept listen getattr read write };
+allow snapuserd snapuserd_proxy_socket:sock_file write;
 
 # This arises due to first-stage init opening /dev/null without F_CLOEXEC
 # (see SetStdioToDevNull in init). When we fork() and execveat() snapuserd
 # again, the descriptor leaks into the new process.
 allow snapuserd kernel:fd use;
+
+# snapuserd.* properties
+set_prop(snapuserd, snapuserd_prop)
+
+# For inotify watching for /dev/socket/snapuserd_proxy to appear.
+allow snapuserd tmpfs:dir read;
+
+# Forbid anything other than snapuserd and init setting snapuserd properties.
+neverallow {
+  domain
+  -snapuserd
+  -init
+} snapuserd_prop:property_service set;

public/file.te

@@ -499,6 +499,7 @@ type recovery_socket, file_type, coredomain_socket;
 type rild_socket, file_type;
 type rild_debug_socket, file_type;
 type snapuserd_socket, file_type, coredomain_socket;
+type snapuserd_proxy_socket, file_type, coredomain_socket;
 type statsdw_socket, file_type, coredomain_socket, mlstrustedobject;
 type system_wpa_socket, file_type, data_file_type, core_data_file_type, coredomain_socket;
 type system_ndebug_socket, file_type, data_file_type, core_data_file_type, coredomain_socket, mlstrustedobject;