type=1400 audit(1501520483.066:14): avc: denied { write } for pid=3330
comm=4173796E635461736B202331 name="property_service" dev="tmpfs"
ino=10749 scontext=u:r:nfc:s0 tcontext=u:object_r:property_socket:s0
tclass=sock_file permissive=0

Test: No sepolicy denials
Bug: 64010793
Change-Id: I8d73e8e19cd4d0a8c61f1f184820c53e5cc2b6d6
(cherry picked from commit df964950)

This hidl service provides functionality for oem networking
configuration to vendor services which is required by
at least some vendor radio modules.

Test: VtsHalNetNetdV1_0TargetTest, netd_integration_test, netd_unit_test
Test: no denials
Bug: 36682246
Change-Id: I86ac9082166b406b2fc814972375ba737460ad7b

am: faaf86bc

Change-Id: I546b7be93591d638ad82978aca5f4823e7b6ab93

Relax neverallow rule restricting binder access to/from netd so that
netd can export hwbinder services to vendor components.

Continue to disallow app access to netd via binder.

Bug: 36682246
Test: build
Merged-In: I8e558ea1add6c36b966ec1da204062ea82df3f3f
Change-Id: I063df6dded94d8b0f5214b2c94c4f46bdafb03d7

Fixes:
neverallow hal_audio domain:{ tcp_socket udp_socket rawip_socket } *;
Warning!  Type or attribute hal_audio used in neverallow undefined in
policy being checked.

hal_audio_client is not used in neverallows and was mistakenly marked
as expandattribute false instead of hal_audio. Fix this.

Bug: 63809360
Test: build policy
Test: cts-tradefed run cts -m CtsSecurityHostTestCases -t \
    android.cts.security.SELinuxNeverallowRulesTest

    No more:
    Warning!  Type or attribute hal_audio used in neverallow
    undefined in policy being checked.

Change-Id: Iedf1b80f669f95537ed201cbdbb0626e7e32be81

Reverting this commit to fix CTS tests in oc-dr.
This reverts commit 718e0852.

Test: Tested lowmemorykiller tracing removed via traceur.
Bug: 62908858
Merged-In: Ifc1c6ac634b94e060ed1f311049bd37f6fcc8313

Change-Id: Ie462decf32578bbe74a9ec9bdb8bb4ae1b87da29

Allow wrapped app to send pid back to zygote.

(cherry picked from commit ee694980)

Bug: 63566721
Bug: 63635227
Test: lunch angler-userdebug && m
Test: lunch angler-user && m
Test: lunch angler-user && m && fastboot flashall && m cts && cts-tradefed run commandAndExit cts-dev -m CtsWrapWrapDebugTestCases
Change-Id: Ie1b41c3eb124aa5ee321c124d0121a0e965f0f0e

Remove RILD accessing system data file as its not allowed
Move RILD accessing radio data file to vendor policy

Test: Verified radio works fine and no denials

Bug: 36740743
Change-Id: I66a7cf98738fbfe9512925d3dec0c1eb09a44185

avc: denied { search } for name="tmp" dev="sda13" ino=1867778
scontext=u:r:isolated_app:s0:c512,c768
tcontext=u:object_r:shell_data_file:s0 tclass=dir

avc: denied { getattr } for path="/mnt/expand" dev="tmpfs" ino=9850
scontext=u:r:webview_zygote:s0 tcontext=u:object_r:mnt_expand_file:s0
tclass=dir

Bug: 63631799
Test: build. Denial no longer appears in the logs
Change-Id: Ie8a297c73b0f0e9008a7bf24438ef5354bf893df

Test: tested taking bugreport, sensor HAL traces show up in
      "VM TRACES JUST NOW"
Test: tested trigger ANR by `adb shell am hang --allow-restart`,
      sensor HAL traces shows up in /data/anr/traces.txt
Bug: 63096400
Change-Id: I1d012b9d9810f987be7aaf9d68abfd9c3184ac5c

Ueventd needs write access to all files in /sys to generate uevents.

Bug: 63147833
Test: build. Verify no ueventd denials in the logs.
Change-Id: I89d33aab158dd192e761f14eff8afa1c71594bca

Change fb889f23 "Force expand all hal_* attributes" annotated all
hal_* attributes to be expanded to their associated types. However
some of these attributes are used in CTS for neverallow checking.
Mark these attributes to be preserved.

In addition, remove the hacky workaround introduced in oc-dev
for b/62658302 where extraneous neverallow rules were introduced
to prevent unused or negated attributes from being auto-expanded
from policy.

Bug: 62658302
Bug: 63135903
Test: cts-tradefed run cts -m CtsSecurityHostTestCases -t \
    android.cts.security.SELinuxNeverallowRulesTest

    armeabi-v7a CtsSecurityHostTestCases completed in 4s.
    501 passed, 0 failed, 0 not executed
Merged-In: I989def70a16f66e7a18bef1191510793fbe9cb8c
Change-Id: I989def70a16f66e7a18bef1191510793fbe9cb8c

move them to device-specific files.

Bug: 62908056
Change-Id: I299819785d5a64e6ecdde1cd7da472477fe1e295
Merged-In: If92352ea7a70780e9d81ab10963d63e16b793792

Test: let fs_mgr format a damaged /data partition
Bug: 35219933
Change-Id: I379567772c73e52f532a24acf640c21f2bab5c5b
Merged-In: I379567772c73e52f532a24acf640c21f2bab5c5b

Merge "DO NOT MERGE ANYWHERE Revert "SEPolicy: Changes for new stack dumping scheme."" into oc-dr1-dev

avc: denied { read write } scontext=u:r:ipacm:s0
tcontext=u:r:system_server:s0 tclass=netlink_netfilter_socket
avc: denied { setopt } scontext=u:r:ipacm:s0
tcontext=u:r:system_server:s0 tclass=netlink_netfilter_socket
avc: denied { getattr } scontext=u:r:ipacm:s0
tcontext=u:r:system_server:s0 tclass=netlink_netfilter_socket
avc: denied { create } for scontext=u:r:system_server:s0
tcontext=u:r:system_server:s0 tclass=netlink_netfilter_socket

Bug: 29337859
Bug: 32163131
Test: adb shell getenforce
Enforcing
adb shell dumpsys connectivity tethering
Tethering:
  ...
  Log:
    ...
    06-28 11:46:58.841 - SET master tether settings: ON
    06-28 11:46:58.857 - [OffloadController] tethering offload started
And logs show some signs of happiness:
    06-28 11:46:58.853   816   947 I IPAHALService: IPACM was provided two FDs (18, 19)
    06-28 11:46:58.853  1200  1571 I zygote64: Looking for service android.hardware.tetheroffload.control@1.0::IOffloadControl/default
Change-Id: I0c63bd2de334b4ca40e54efb9df4ed4904667e21

Su runs in permissive mode and denials should be suppressed.

avc: denied { getattr } for scontext=u:r:su:s0
tcontext=u:object_r:pdx_display_client_endpoint_socket:s0
tclass=unix_stream_socket permissive=1
avc: denied { getattr } for scontext=u:r:su:s0
tcontext=u:object_r:pdx_display_manager_endpoint_socket:s0
tclass=unix_stream_socket permissive=1
avc: denied { getattr } for scontext=u:r:su:s0
tcontext=u:object_r:pdx_display_vsync_endpoint_socket:s0
tclass=unix_stream_socket permissive=1
avc: denied { getattr } for scontext=u:r:su:s0
tcontext=u:object_r:pdx_bufferhub_client_endpoint_socket:s0
tclass=unix_stream_socket permissive=1
avc: denied { getattr } for scontext=u:r:su:s0
tcontext=u:object_r:pdx_performance_client_endpoint_socket:s0
tclass=unix_stream_socket permissive=1

Bug: 35197529
Test: policy builds
Change-Id: Ia643c6e776e5e5bd473d857d523c3be91d32c40a

A legitimate call to access(2) is generating a denial. Use the
audit_access permission to suppress the denial on just the access()
call.

avc: denied { write } for name="verified_jars"
scontext=u:r:dexoptanalyzer:s0
tcontext=u:object_r:app_data_file:s0:c512,c768 tclass=dir

Bug: 62597207
Test: build policy
Test: The following cmd succeeds but no longer generates a denial
    adb shell cmd package compile -r bg-dexopt --secondary-dex \
    com.google.android.googlequicksearchbox

Change-Id: I7d03df2754c24c039bce11426bf8f317232f5e5f

am: c75aa50d

Change-Id: I39eecd67a97de193d53ab298a1ef3e8443bb9391

Due to the massively increased number of attributes in SELinux policy
as part of the treble changes, we have had to remove attributes from
policy for performance reasons.  Unfortunately, some attributes are
required to be in policy to ensure that our neverallow rules are being
properly enforced.  Usually this is not a problem, since neverallow rules
indicate that an attribute should be kept, but this is not currently the
case when the attribute is part of a negation in a group.

This is particularly problematic with treble since some attributes may
exist for HALs that have no implementation, and thus no types.  In
particular, this has caused an issue with the neverallows added in our
macros.  Add an extraneous neverallow rule to each of those auto-generated
neverallow rules to make sure that they are not removed from policy, until
the policy compiler is fixed to avoid this.  Also add corresponding rules
for other types which have been removed due to no corresponding rules.

Bug: 62658302
Bug: 62999603
Test: Build Marlin policy.
Test: verify attribute exists in policy using sepolicy-analyze.
    sepolicy-analyze $OUT/vendor/etc/selinux/precompiled_sepolicy \
    attribute hal_tetheroffload_server
Test: CTS neverallow tests pass.
    cts-tradefed run cts -m CtsSecurityHostTestCases -t \
    android.cts.security.SELinuxNeverallowRulesTest
Change-Id: I62596ba8198ffdcbb4315df639a834e4becaf249

avc:  denied  { find } for
interface=android.hardware.configstore::ISurfaceFlingerConfigs
scontext=u:r:system_server:s0
tcontext=u:object_r:hal_configstore_ISurfaceFlingerConfigs:s0
tclass=hwservice_manager permissive=0

Bug: 35197529
Test: Device boots without this denial
Change-Id: Ia43bc5879e03a1f2056e373b17cc6533636f98b1

NOTE: This change is marked dnma because we don't want it on
oc-dr1-dev-plus-aosp or any other downstream branch. Moreover,
oc-dr1-dev-plus-aosp is the only outgoing merger from oc-dr1-dev for
this project.

This reverts commit 11bfcc1e.

Bug: 62908344
Test: make
Change-Id: Ide61829cf99f15777c46f657a0e140d594f88243

am: 0e0ed156

Change-Id: I8ec0c46355507e8c1a7d10c53805eb350ebbe6a5

am: 6351c374

Change-Id: I6e661aa37702c36e9003dcf41dbed4b754122c87

This reverts commit 57e9946f.

Bug: 62616897
Test: choosecombo 1 aosp_arm64_ab userdebug; m -j 80 The build should
    not break.

Signed-off-by: Sandeep Patil <sspatil@google.com>

am: 3e307a4d

Change-Id: Ic144d924948d7b8e73939806d761d27337dbebef