Support for more binder caches

Bug: 140788621

This adds keys for several planned binder caches in the system server
and in the bluetooth server.  The actual cache code is not in this
tree.

Test: created a test build that contains the actual cache code and ran
some system tests.  Verified that no protection issues were seen.

Change-Id: Ibaccb0c0ff8b127d14cf769ea4156f7d8b024bc1

private/bluetooth.te

@@ -40,6 +40,9 @@ allow bluetooth uhid_device:chr_file rw_file_perms;
 allow bluetooth proc_bluetooth_writable:file rw_file_perms;
 
 # Allow write access to bluetooth specific properties
+set_prop(bluetooth, binder_cache_bluetooth_server_prop);
+neverallow { domain -bluetooth -init }
+    binder_cache_bluetooth_server_prop:property_service set;
 set_prop(bluetooth, bluetooth_a2dp_offload_prop)
 set_prop(bluetooth, bluetooth_audio_hal_prop)
 set_prop(bluetooth, bluetooth_prop)

private/compat/29.0/29.0.ignore.cil

@@ -15,6 +15,7 @@
     auth_service
     ashmem_libcutils_device
     blob_store_service
+    binder_cache_bluetooth_server_prop
     binder_cache_system_server_prop
     binderfs
     binderfs_logs

public/domain.te

@@ -107,7 +107,8 @@ get_prop(domain, exported2_default_prop)
 get_prop(domain, logd_prop)
 get_prop(domain, vndk_prop)
 
-# Allow every to read binder cache properties
+# Binder cache properties are world-readable
+get_prop(domain, binder_cache_bluetooth_server_prop)
 get_prop(domain, binder_cache_system_server_prop)
 
 # Let everyone read log properties, so that liblog can avoid sending unloggable

public/property.te

@@ -150,6 +150,7 @@ system_public_prop(wifi_log_prop)
 system_public_prop(wifi_prop)
 
 # Properties used by binder caches
+system_public_prop(binder_cache_bluetooth_server_prop)
 system_public_prop(binder_cache_system_server_prop)
 
 # Properties which are public for devices launching with Android O or earlier
@@ -555,10 +556,11 @@ compatible_property_only(`
     property_type
     -apexd_prop
     -audio_prop
+    -binder_cache_bluetooth_server_prop
+    -binder_cache_system_server_prop
     -bluetooth_a2dp_offload_prop
     -bluetooth_audio_hal_prop
     -bluetooth_prop
-    -binder_cache_system_server_prop
     -bootloader_boot_reason_prop
     -boottime_prop
     -bpf_progs_loaded_prop

public/property_contexts

@@ -441,6 +441,13 @@ ro.surface_flinger.color_space_agnostic_dataspace u:object_r:exported_default_pr
 ro.surface_flinger.refresh_rate_switching u:object_r:exported_default_prop:s0 exact bool
 
 # Binder cache properties.  These are world-readable
+cache_key.bluetooth.get_bond_state       u:object_r:binder_cache_bluetooth_server_prop:s0
+cache_key.bluetooth.get_profile_connection_state     u:object_r:binder_cache_bluetooth_server_prop:s0
+cache_key.bluetooth.get_state            u:object_r:binder_cache_bluetooth_server_prop:s0
+cache_key.bluetooth.is_offloaded_filtering_supported u:object_r:binder_cache_bluetooth_server_prop:s0
+cache_key.get_packages_for_uid           u:object_r:binder_cache_system_server_prop:s0
 cache_key.has_system_feature             u:object_r:binder_cache_system_server_prop:s0
 cache_key.is_interactive                 u:object_r:binder_cache_system_server_prop:s0
 cache_key.is_power_save_mode             u:object_r:binder_cache_system_server_prop:s0
+cache_key.is_user_unlocked               u:object_r:binder_cache_system_server_prop:s0
+

public/vendor_init.te

@@ -198,6 +198,7 @@ recovery_only(`
 not_compatible_property(`
     set_prop(vendor_init, {
       property_type
+      -binder_cache_bluetooth_server_prop
       -binder_cache_system_server_prop
       -device_config_activity_manager_native_boot_prop
       -device_config_boot_count_prop