Label soft_offline_page with memory_offline_page_t

Label /sys/devices/system/memory/soft_offline_page with
memory_offline_page_t.

Resolves: RHEL-86926

Author: zpytela

policy/modules/kernel/devices.fc

@@ -297,6 +297,7 @@ ifdef(`distro_redhat',`
 #
 /sys(/.*)?			gen_context(system_u:object_r:sysfs_t,s0)
 /sys/devices/system/cpu/online	gen_context(system_u:object_r:cpu_online_t,s0)
+/sys/devices/system/memory/soft_offline_page	gen_context(system_u:object_r:memory_offline_page_t,s0)
 
 /usr/lib/udev/devices(/.*)?		gen_context(system_u:object_r:device_t,s0)
 /usr/lib/udev/devices/lp.*	-c	gen_context(system_u:object_r:printer_device_t,s0)

policy/modules/kernel/devices.if

@@ -5180,6 +5180,29 @@ interface(`dev_relabel_cpu_online',`
 	allow $1 cpu_online_t:file relabel_file_perms;
 ')
 
+########################################
+## <summary>
+##	Write memory offline page.
+## </summary>
+## <desc>
+##	<p>
+##	Allow the specified domain write to /sys/devices/system/memory/soft_offline_page
+##	</p>
+## </desc>
+## <param name="domain">
+##	<summary>
+##	Domain allowed access.
+##	</summary>
+## </param>
+#
+interface(`dev_write_memory_offline_page',`
+	gen_require(`
+		type memory_offline_page_t;
+	')
+
+	dev_search_sysfs($1)
+	allow $1 memory_offline_page_t:file read_file_perms;
+')
 
 ########################################
 ## <summary>

policy/modules/kernel/devices.te

@@ -9,6 +9,7 @@ attribute device_node;
 attribute memory_raw_read;
 attribute memory_raw_write;
 attribute devices_unconfined_type;
+attribute sysfs_type;
 
 #
 # device_t is the type of /dev.
@@ -383,10 +384,14 @@ files_mountpoint(sysfs_t)
 fs_type(sysfs_t)
 genfscon sysfs / gen_context(system_u:object_r:sysfs_t,s0)
 
-type cpu_online_t;
+type cpu_online_t, sysfs_type;
 files_type(cpu_online_t)
 dev_associate_sysfs(cpu_online_t)
 
+type memory_offline_page_t, sysfs_type;
+files_type(memory_offline_page_t)
+dev_associate_sysfs(memory_offline_page_t)
+
 #
 # Type for /dev/tmc_etb[0-9]+ /dev/tmc_etf[0-9]+ /dev/tmc_etr[0-9]+
 #