untrusted_app_visible_hwservice was an attribute that was meant to
give partners time to add their HALs to AOSP.  It was removed from mr1
and so needs to be accounted for in the compatibility mapping.

Bug: 64321916
Test: Builds with treble policy tests.
Change-Id: I359a842083016f0cf6c9d7ffed2116feb9e159c6

Only seeing this denial in permissive:
allow shell screencap_exec:file getattr;

Bug: 37565047
Test: adb shell screencap w/o root
Test: cts-tradefed run cts-dev --module CtsAadbHostTestCases
Change-Id: I9f31d2067e002e7042646ee38dbfc06687481ac7

On Full Treble devices, servicemanager should only service
services from the platform service_contexts file.

Created new type to separate plat_ and nonplat_service_contexts,
and added new type to mapping (although I don't think this type
should have been used by vendors).

Bug: 36866029
Test: Marlin/Taimen boot
Change-Id: Ied112c64f22f8486a7415197660faa029add82d9

Allow vendors to extend e2fs rules to format other partitions.

Bug: 64430395
Change-Id: I51566f72dea814af97b1fedbd4618cd4095d64c3

Add support to the treble_sepolicy_tests suite that explicitly look at
the old and current policy versions, as well as the compatibility file,
to determine if any new types have been added without a compatibility
entry.  This first test catches the most common and likely changes that
could change the type label of an object for which vendor policy may have
needed access.  It also should prove the basis for additional compatibility
checks between old and new policies.

Bug: 36899958
Test: Policy builds and tests pass.
Change-Id: I609c913e6354eb10a04cc1a029ddd9fa0e592a4c

Commit: 2490f1ad meant to add
thermalserviced_tmpfs to the new_object list in the mapping file,
but copy-paste error resulted in thermalserviced_exec_tmpfs being
recorded instead.  Fix this.

(cherry-pick of commit: fbacc656)

Bug: 62573845
Test: None. prebuilt change.
Change-Id: Iab4eaef04742187d6397a539aae854651caa9935

A new API [getNamesForUids] was recently added to the PackageManager
and this API needs to be accessible to native code. However, there
were two constraints:
1) Instead of hand-rolling the binder, we wanted to auto generate
the bindings directly from the AIDL compiler.
2) We didn't want to expose/annotate all 180+ PackageManager APIs
when only a single API is needed.
So, we chose to create a parallel API that can be used explicitly
for native bindings without exposing the entirety of the
PackageManager.

Bug: 62805090
Test: Manual
Test: Create a native application that calls into the new service
Test: See the call works and data and returned
Change-Id: I0d469854eeddfa1a4fd04b5c53b7a71ba3ab1f41

Commit: ec3b6b7e added a new daemon
and corresponding types to sepolicy.  The explicitly declared types
were added to 26.0.ignore.cil to reflect the labeling of new objects,
but another type, thermalserviced_tmpfs was created by macro and was
missed in code review.  Add it as well.

Bug: 62573845
Test: None. prebuilt change.
Change-Id: Ia8968448eea0be889911f46fe255f581659eb548
(cherry picked from commit 2490f1ad)

Add sepolicy for thermalserviced daemon, IThermalService binder
service, IThermalCallback hwservice, and Thermal HAL revision 1.1.

Test: manual: marlin with modified thermal-engine.conf
Bug: 30982366
Change-Id: I207fa0f922a4e658338af91dea28c497781e8fe9
(cherry picked from commit ec3b6b7e)

* changes:
  Fix CoredomainViolators typo and clean up test option parsing.
  Record hal_wifi_offload_hwservice type for compatibility.

am: 0393dafd

Change-Id: Ida00cdf24a809888233ede97a83d42ed5c1a8574

type=1400 audit(1501520483.066:14): avc: denied { write } for pid=3330
comm=4173796E635461736B202331 name="property_service" dev="tmpfs"
ino=10749 scontext=u:r:nfc:s0 tcontext=u:object_r:property_socket:s0
tclass=sock_file permissive=0

Test: No sepolicy denials
Bug: 64010793
Change-Id: I8d73e8e19cd4d0a8c61f1f184820c53e5cc2b6d6
(cherry picked from commit df964950)

Test: Run test suite with no tests, CoredomainViolators, CoredomainViolations,
and multiple tests arguments specified.
Change-Id: Ibad30515b32eb4e1e83c8ab157c21ce4ab01365b

Commit: 5aef6a94 added a new type,
system_net_netd_hwservice, for a new hwservice.  Record this in the
compatibility infrastructure as labeling a new object, rather than
relabeling one from O.

Bug: 62573845
Test: None. Prebuilt change only.
Change-Id: If360eb9e05684d9b47316d53e494aa773485e93f

Commit: 3eed3eac added the compatibility
statement for the new mediaprovider app domain, but it missed another
new, private type, mediaprovider_tmpfs, that is automatically created for
all appdomains.  It replaces priv_app_tmpfs, but since both types are
private, they do not need to be added to the actual mapping (vendor policy
cannot use it).

Bug: 62573845
Test: None.  Prebuilt-only change.
Change-Id: I62229a5be74cd928fe0ca82a45b73cb61d6f5223

Commit: 632bc494 added hwservice labeling
and was cherry-picked to oc-dev, but the hal_wifi_offload_hwservice type
was not part of the cherry-pick because the service was not in oc-dev.
Record the type for compatibility purposes.

Bug: 62573845
Test: None. Prebuilt change only.
Change-Id: Ib2c0fe862eddb566fbe6b0287238fa93dddae7b8

am: 23b986ce

Change-Id: I1bc8e3375fce75763efb8ba369715146a33f106b

Bug: 37281396
Test: cts-tradefed run cts-dev -m CtsContentTestCases --test=android.content.pm.cts.InstallSessionTransferTest
Change-Id: If2094057d1acfbbf007ae108225decd9ad70e459

This hidl service provides functionality for oem networking
configuration to vendor services which is required by
at least some vendor radio modules.

Test: VtsHalNetNetdV1_0TargetTest, netd_integration_test, netd_unit_test
Test: no denials
Bug: 36682246
Change-Id: I86ac9082166b406b2fc814972375ba737460ad7b

avc: denied { read } for pid=1704 comm="top" name="stat" dev="proc" ino=4026532297 scontext=u:r:dumpstate:s0 tcontext=u:object_r:proc_stat:s0 tclass=file permissive=0
avc: denied { read } for pid=1636 comm="dumpstate" name="lcd-backlight" dev="sysfs" ino=16592 scontext=u:r:dumpstate:s0 tcontext=u:object_r:sysfs_leds:s0 tclass=lnk_file permissive=0
avc: denied { call } for pid=2230 comm="dumpsys" scontext=u:r:dumpstate:s0 tcontext=u:r:installd:s0 tclass=binder permissive=0
avc: denied { create } for pid=1700 comm="ip" scontext=u:r:dumpstate:s0 tcontext=u:r:dumpstate:s0 tclass=netlink_xfrm_socket permissive=0

Bug: 62410287
Bug: 35350306
Change-Id: I65be3678c64214ebeb544e0e155bce88b21adf02
Signed-off-by: Tim Kryger <tkryger@google.com>
(cherry picked from commit b7e1f2dd)

am: 427a0c7b  -s ours

Change-Id: I2716725d186d6660b5a1390224fe5c06669d6485

am: faaf86bc

Change-Id: I546b7be93591d638ad82978aca5f4823e7b6ab93

Relax neverallow rule restricting binder access to/from netd so that
netd can export hwbinder services to vendor components.

Continue to disallow app access to netd via binder.

Bug: 36682246
Test: build
Merged-In: I8e558ea1add6c36b966ec1da204062ea82df3f3f
Change-Id: I063df6dded94d8b0f5214b2c94c4f46bdafb03d7

Relax neverallow rule restricting binder access to/from netd so that
netd can export hwbinder services to vendor components.

Continue to disallow app access to netd via binder.

Bug: 36682246
Test: build
Change-Id: I8e558ea1add6c36b966ec1da204062ea82df3f3f
(cherry picked from commit 07c650eb)

Addresses:
avc:  denied  { find } for
interface=android.hardware.configstore::ISurfaceFlingerConfigs pid=603
scontext=u:r:bootanim:s0
tcontext=u:object_r:hal_configstore_ISurfaceFlingerConfigs:s0
tclass=hwservice_manager permissive=0

Bug: 64067152
Test: build
Change-Id: I0605ab8ba07a46a3dc6909307e6f0b2fde68a7ba

Bug: 63905942
Test: mm -j40
Change-Id: I354ee863475aedd2dc9d2b436a00bcd82931456f
(cherry picked from commit 4fc5fb5e521347d65dc921f8c1fb751c66f9a92c)

Allow mediacodec/mediaextractor to write to system_server pipes during
ANR dumps.

Addresses the following denials:
avc: denied { write } for comm="mediaextractor" path="pipe:[1177610]" dev="pipefs" ino=1177610 scontext=u:r:mediaextractor:s0 tcontext=u:r:system_server:s0 tclass=fifo_file permissive=0
avc: denied { write } for comm="omx@1.0-service" path="pipe:[1175808]" dev="pipefs" ino=1175808 scontext=u:r:mediacodec:s0 tcontext=u:r:system_server:s0 tclass=fifo_file permissive=0

Bug: http://b/63801592
Test: treehugger
Change-Id: I944b1fa76c70402607ccd903be17dbddeaa73201
(cherry picked from commit 3c9b9197)

runas: grant access to seapp_contexts files am: dcec3ee9  -s ours am: 0da855ab  -s ours am: 18e75e3a  -s ours
am: faf0504a  -s ours

Change-Id: I8da56e4bda1a86b9631b5936378ad44f4036fec2

am: 18e75e3a  -s ours

Change-Id: I22ef22f0146170e03a02b72f668e62067ad448af

am: 0da855ab  -s ours

Change-Id: Ib03ffbf671ea4e48eb3e1f6fb0045c2bc33570dc