am: f41d89eb

Change-Id: I8f32e2e80fc7bfc08ce9fe3655968a8d7dfc94e8

This marks all HAL domain implementations with the haldomain attribute
so that rules can be written which apply to all HAL implementations.

This follows the pattern used for appdomain, netdomain and
bluetoothdomain.

Test: No change to policy according to sesearch.
Bug: 34180936
Change-Id: I0cfe599b0d49feed36538503c226dfce41eb65f6

am: ddb52d82

Change-Id: I724ff53a9709d53c02091838166092b5264eb23e

This is to ensure that hal_audio can access memory shared by
audioserver.

Bug: 34261005
Change-Id: I84103b0d4692fd10afc56846fb116fec6a7b3dc7

am: 597a8a49

Change-Id: I1a055e9dea9317b719ba6bb467679f2e51818755

am: 14658c93

Change-Id: I8a5ac00a41c1b66c8339b9a79d48c87af00800eb

Move from fingerprintd to new fingerprint_hal and update SeLinux policy.

Test: Boot with no errors related to fingerprint sepolicy
Bug: 33199080
Change-Id: Idfde0cb0530e75e705033042f64f3040f6df22d6

am: 953c4396

Change-Id: Ia67c8271cfd6641a117415d439ce1c75b63e2580

The following are the avc denials that are addressed:

avc: denied { call } for pid=889 comm="system_server"
scontext=u:r:system_server:s0 tcontext=u:r:hal_gnss_default:s0
tclass=binder permissive=0

avc: denied { call } for scontext=u:r:hal_gnss_default:s0
tcontext=u:r:system_server:s0 tclass=binder permissive=0

avc: denied { read } for name="hw" dev="mmcblk0p43" ino=1837
scontext=u:r:hal_gnss_default:s0 tcontext=u:object_r:system_file:s0
tclass=dir permissive=0

avc: denied { open } for path="/system/lib64/hw" dev="mmcblk0p43"
ino=1837 scontext=u:r:hal_gnss_default:s0
tcontext=u:object_r:system_file:s0 tclass=dir permissive=0

Bug:31974439

Test: Checked that there no more related avc denial messages related to
the GNSS HAL in dmesg.

Change-Id: I5b43dc088017a5568dd8e442726d2bf52e95b1d5

am: 9e7a5b0a

Change-Id: Ice41f3c804a4dd0aad058e39a2a8a0bcff80eb5a

It seems likely that there is no reason to keep around a number of
devices that are configured to be included into the pixel kernels. Init
and ueventd should be the only processes with r/w access to these
devices, so auditallow rules have been added to ensure that they aren't
actually used.

/dev/keychord was given its own type since it's one of the few character
devices that's actually legitimately used and would cause log spam in
the auditallow otherwise.

Bug: 33347297
Test: The phone boots without any apparent log spam.

Change-Id: I3dd9557df8a9218b8c802e33ff549d15849216fb

am: 926dc331

Change-Id: I0ea98702d907e04d0fe1f3af242e0ec4a0712582

Test: run a gtest in /data/nativetest/ with no permission denial
Change-Id: Id644ed7dbea59becaf84b6073c9144711ad07c10

am: d5db9de5

Change-Id: I47d4498737a339c3cc05296db19a79a591dbe0eb

am: 1b7512a1

Change-Id: I713efb431275bfc4307b43f35dbb44965ccc0a84

Bug: 34231014
Test: Boot angler to ensure no additional denials are reported.

Change-Id: Ic2372d55f7072c65e7ea17036a8eb40dc531d60e
Signed-off-by: Sandeep Patil <sspatil@google.com>

Bug: http://b/34228376
Test: m
Change-Id: I1321ada1521bb3e3fd08105f1a41d519ee486683

am: 6730ee33

Change-Id: I02a0b5aa155e83eb200fbee0abfffe35bc8dedac

Test: builds
Bug: 32206268
Change-Id: I236105b029178f96da519c2295c66c686dcae7cb

am: fc0dc89d

Change-Id: Iabaad465fedc3b7d0cd2181bc379341a6e092b65

Bug: 31972505
Test: VTS test passes, Bluetooth starts/stops
Change-Id: Ic068c9fca7c50e63c5b6e3d86a2ee6cc53207e08

am: dd70dfbe

Change-Id: I9bfb72a61bdd1eba21a1c4fb739a051330e6906e

Bug: 30222631
Change-Id: I30ad019872881e21f61a53e4397112ea0e99688b

am: c42d134e

Change-Id: I7ba4c665095ae9ec69989cc9d064c439345ee365

This leaves only the existence of ephemeral_app domain as public API.
All other rules are implementation details of this domain's policy and
are thus now private. There are a few rules, defined by other domains'
files remaining in the public policy until the rules from these
domains also move to the private policy:

allow ephemeral_app_current appdomain:binder transfer;
allow ephemeral_app_current audioserver_current:binder transfer;
allow ephemeral_app_current drmserver_current:binder transfer;
allow ephemeral_app_current dumpstate_current:binder transfer;
allow ephemeral_app_current mediaserver_current:binder transfer;
allow ephemeral_app_current surfaceflinger_current:binder transfer;
allow ephemeral_app_current system_server_current:binder transfer;

Test: No change to policy according to sesearch, except for
      disappearance of all allow rules from platform_app_current
      attribute (as expected).
Bug: 31364497

Change-Id: I98687181434a98a141469ef676c461fcd1db2d4e

This leaves only the existence of platform_app domain as public API.
All other rules are implementation details of this domain's policy and
are thus now private.

Test: No change to policy according to sesearch, except for
      disappearance of all allow rules from platform_app_current
      attribute (as expected).
Bug: 31364497

Change-Id: I47bb59fdfc07878c91fd5e207735cd0c07a128da

am: 665b75e6

Change-Id: Ib6616a27b58802ab2d93a707473ddfadc565c937

am: 9c038072

Change-Id: I96b5ba650d6c04c1892b6fd560a27c9e9b86ce14

am: b5f68f52

Change-Id: I4e6ac653b9251daa7fb3e451e98ad2528cd8e434

am: 0c8101b2

Change-Id: I27214fb34060a7eef4b2e6e4ef4a8f30bed76783

Bug: 33746381
Test: Device boots with no extra denials.
Change-Id: I2f0da92367851142e0d7df4afec8861ceaed9d3e

No relevant collected denials.

Test: device boots and no obvious problems.
Test: no collected denials.
Bug: 28760354
Change-Id: Idcf939b3cbdb1dec835d59150181047d062e6c48

This is already provided in app.te via create_file_perms for
notdevfile_class_set.

Change-Id: I89ed3537fd1e167571fe259bd4804f8fcc937b95