Do not allow new additions to core_property_type

core_property_type is an attribute which was given to all existing
properties known to core SELinux policy. Any property with this label is
readable to all SELinux domains, which is overly broad. The long term
goal is to remove the core_property_type attribute entirely.

Add a neverallow rule prohibiting the introduction of new properties
with the core_property_type attribute. Device specific properties, or
new properties in core SELinux policy, should not have this attribute.

Test: policy compiles
Change-Id: Ie89a9f0d81c8561616001ff8451496ce2278dbb2

public/property.te

@@ -43,3 +43,42 @@ type wifi_log_prop, property_type, log_property_type;
 type wifi_prop, property_type;
 
 allow property_type tmpfs:filesystem associate;
+
+###
+### Neverallow rules
+###
+
+# core_property_type should not be used for new properties or
+# device specific properties. Properties with this attribute
+# are readable to everyone, which is overly broad and should
+# be avoided.
+# New properties should have appropriate read / write access
+# control rules written.
+
+neverallow * {
+  core_property_type
+  -audio_prop
+  -bluetooth_prop
+  -config_prop
+  -cppreopt_prop
+  -dalvik_prop
+  -debuggerd_prop
+  -debug_prop
+  -default_prop
+  -dhcp_prop
+  -dumpstate_prop
+  -ffs_prop
+  -fingerprint_prop
+  -logd_prop
+  -net_radio_prop
+  -nfc_prop
+  -pan_result_prop
+  -persist_debug_prop
+  -powerctl_prop
+  -radio_prop
+  -restorecon_prop
+  -shell_prop
+  -system_prop
+  -system_radio_prop
+  -vold_prop
+}:file no_rw_file_perms;