Define sepolicy for redirect-socket-calls feature

Define two property_context.

1. vendor_socket_hook_prop - for ro.vendor.redirect_socket_calls. The
property set once in vendor_init context. It's evaluated at process
start time and is cannot change at runtime on a given device. The set
permission is restricted to vendor_init. The read permission is
unrestricted.

2. socket_hook_prop - for net.redirect_socket_calls.hooked. The
property can be changed by System Server at runtime. It's evaluated when
shimmed socket functions is called. The set permission is restricted to
System Server. The read permission is unrestricted.

Bug: Bug: 141611769
Test: System Server can set net.redirect_socket_calls.hooked
      libnetd_client can read both properties
      libnetd_client can't set both properties

Change-Id: Ic42269539923e6930cc0ee3df8ba032797212395

private/compat/26.0/26.0.ignore.cil

@@ -146,6 +146,7 @@
     simpleperf_app_runner
     simpleperf_app_runner_exec
     slice_service
+    socket_hook_prop
     staging_data_file
     stats
     stats_data_file
@@ -199,6 +200,7 @@
     vendor_apex_file
     vendor_init
     vendor_shell
+    vendor_socket_hook_prop
     vndk_prop
     vold_metadata_file
     vold_prepare_subdirs

private/compat/27.0/27.0.ignore.cil

@@ -133,6 +133,7 @@
     simpleperf_app_runner
     simpleperf_app_runner_exec
     slice_service
+    socket_hook_prop
     stats
     stats_data_file
     stats_exec
@@ -177,6 +178,7 @@
     vendor_init
     vendor_security_patch_level_prop
     vendor_shell
+    vendor_socket_hook_prop
     vndk_prop
     vold_metadata_file
     vold_prepare_subdirs

private/compat/28.0/28.0.ignore.cil

@@ -123,6 +123,7 @@
     server_configurable_flags_data_file
     simpleperf_app_runner
     simpleperf_app_runner_exec
+    socket_hook_prop
     su_tmpfs
     super_block_device
     sysfs_fs_f2fs
@@ -150,6 +151,7 @@
     vendor_keylayout_file
     vendor_misc_writer
     vendor_misc_writer_exec
+    vendor_socket_hook_prop
     vendor_task_profiles_file
     vndk_prop
     vrflinger_vsync_service

private/compat/29.0/29.0.ignore.cil

@@ -70,6 +70,7 @@
     service_manager_service
     simpleperf
     snapshotctl_log_data_file
+    socket_hook_prop
     soundtrigger_middleware_service
     sysfs_dm_verity
     system_config_service
@@ -92,4 +93,5 @@
     vendor_incremental_module
     vendor_install_recovery
     vendor_install_recovery_exec
+    vendor_socket_hook_prop
     virtual_ab_prop))

private/system_server.te

@@ -604,6 +604,7 @@ set_prop(system_server, overlay_prop)
 set_prop(system_server, exported_overlay_prop)
 set_prop(system_server, pm_prop)
 set_prop(system_server, exported_pm_prop)
+set_prop(system_server, socket_hook_prop)
 userdebug_or_eng(`set_prop(system_server, wifi_log_prop)')
 
 # ctl interface
@@ -1135,3 +1136,6 @@ neverallow { domain -system_server -init }
 # system_server cannot use this access to read perf event data like process stacks.
 allow system_server self:perf_event { open write cpu kernel };
 neverallow system_server self:perf_event ~{ open write cpu kernel };
+
+# Do not allow any domain other than init or system server to set the property
+neverallow { domain -init -system_server } socket_hook_prop:property_service set;

public/domain.te

@@ -105,6 +105,8 @@ get_prop(domain, exported_system_prop)
 get_prop(domain, exported_vold_prop)
 get_prop(domain, exported2_default_prop)
 get_prop(domain, logd_prop)
+get_prop(domain, socket_hook_prop)
+get_prop(domain, vendor_socket_hook_prop)
 get_prop(domain, vndk_prop)
 
 # Binder cache properties are world-readable

public/property.te

@@ -68,6 +68,7 @@ system_restricted_prop(linker_prop)
 system_restricted_prop(module_sdkextensions_prop)
 system_restricted_prop(nnapi_ext_deny_product_prop)
 system_restricted_prop(restorecon_prop)
+system_restricted_prop(socket_hook_prop)
 system_restricted_prop(system_boot_reason_prop)
 system_restricted_prop(system_jvmti_agent_prop)
 system_restricted_prop(userspace_reboot_exported_prop)
@@ -113,6 +114,7 @@ system_vendor_config_prop(exported3_default_prop)
 system_vendor_config_prop(userspace_reboot_config_prop)
 system_vendor_config_prop(vehicle_hal_prop)
 system_vendor_config_prop(vendor_security_patch_level_prop)
+system_vendor_config_prop(vendor_socket_hook_prop)
 system_vendor_config_prop(vndk_prop)
 system_vendor_config_prop(virtual_ab_prop)
 

public/property_contexts

@@ -218,6 +218,7 @@ init.svc.zygote u:object_r:exported2_default_prop:s0 exact string
 libc.debug.malloc.options u:object_r:exported2_default_prop:s0 exact string
 libc.debug.malloc.program u:object_r:exported2_default_prop:s0 exact string
 libc.debug.hooks.enable u:object_r:exported2_default_prop:s0 exact string
+net.redirect_socket_calls.hooked u:object_r:socket_hook_prop:s0 exact bool
 persist.sys.locale u:object_r:exported_system_prop:s0 exact string
 persist.sys.timezone u:object_r:exported_system_prop:s0 exact string
 persist.sys.test_harness u:object_r:test_harness_prop:s0 exact bool
@@ -274,6 +275,7 @@ ro.product.name u:object_r:exported2_default_prop:s0 exact string
 ro.property_service.version u:object_r:exported2_default_prop:s0 exact int
 ro.revision u:object_r:exported2_default_prop:s0 exact string
 ro.secure u:object_r:exported_secure_prop:s0 exact int
+ro.vendor.redirect_socket_calls u:object_r:vendor_socket_hook_prop:s0 exact bool
 service.bootanim.exit u:object_r:exported_system_prop:s0 exact int
 sys.boot_from_charger_mode u:object_r:exported_system_prop:s0 exact int
 sys.init.userspace_reboot.in_progress u:object_r:userspace_reboot_exported_prop:s0 exact bool