untrusted_app_visible_hwservice was an attribute that was meant to
give partners time to add their HALs to AOSP.  It was removed from mr1
and so needs to be accounted for in the compatibility mapping.

Bug: 64321916
Test: Builds with treble policy tests.
Change-Id: I359a842083016f0cf6c9d7ffed2116feb9e159c6

Prevent files in /proc from incorrectly having sysfs_type attribute.

Rework neverallows so that ueventd has write access to all of
/sys which it needs to handle uevents.

Bug: 63147833
Test: Build. Flash angler, verify files are correctly labeled and no
    new denials are in the logs.

Change-Id: Ib94d44e78cee0e83e2ac924f1c72e611e8e73558

Commit: 78e595de added a new hwservice,
which replaced a previous system service.  This effectively means we are
deleting one object and creating a new one, so no compatibility mapping
should be necessary since previous vendor processes trying to access the
service will not be able to find it now independent of policy.

Bug: 62573845
Test: None. Prebuilt change only.
Change-Id: I6882d968dccb55561379e940f6ecb62902bb1659

Commit: b8f7a408 removed three
attributes from public policy.  These attributes could be assigned
to vendor types, and so need to be kept in policy when combined with
vendor policy of that version.

Bug: 62573845
Test: None. Prebuilt change only.
Change-Id: I7d71ef7795f8b82c214c2ef72478c3ca84d1869c

Commit: 4dc88795 changed the label of
uid_time_in_state from proc to proc_uid_time_in_state.  This file
could have been used by vendor services.  Add a compat mapping.

Bug: 62573845
Test: None. Prebuilt change only.
Change-Id: I2e5222c4d4fe12cb0bbc4e85ba53c1f59b714d61

Commits 7fa51593 and
92fdd895 removed the
tracing_shell_writable and tracing_shell_writable_debug types, and
relabeled the files with debugfs_tracing and debugfs_tracing_debug,
respectively.  Record this in the compatibility file so that vendor
policy using these types will still work.

Bug: 62573845
Test: None. Prebuilt change only.
Change-Id: Ic6573518035514a86abe2081483431427612699e

Commit: bde5c801 added a new type,
mediaprovider, which is being applied to an object (process) formerly
labeled as priv_app. Add the new type to the versioned attribute for
priv_app so that any vendor policy written for interaction with
mediaprovider continues to work.

Bug: 62573845
Test: None.  Prebuilt-only change.
Change-Id: Id98293369401a2af23c2328a1cb4a5bb2258aac8

rc-style powerctl has beem removed. Accordingly, asan_extract now
needs access to sys.powerctl directly.

(orginally commit: 82672089)

Bug: 36458146
Bug: 38241921
Test: Builds and boots.
Change-Id: I7d6e583f5e98b671986a2071abf157c86e288a10

domain_deprecated is a private attribute, which means that none of
its rules will be copied to vendor policy.  Unfortunately, this
means that any public type that used the attribute now loses policy
rules on which a vendor may have been relying unknowingly.  Add the
domain back in the compatiblity file so that O vendor policy remains
sufficient.

Bug: 62573845
Test: None, prebuilt change and prebuilt tests not in yet.
Change-Id: I2c4ce00ecb102f087472e183fa52d072fe6eb398

This was marked deprecated in 2014 and removed in 2015, let's remove
the sepolicy now too.

(Originally submitted in commit: 8c60f74d)

Bug: 38242876
Test: Builds and boots.

Change-Id: I4caa0dbf77956fcbc61a07897242b951c275b502

commit: 5c6a227e added the oc-dev
sepolicy prebuilts (api 26.0), but did not include the corresponding
base mapping file, which is to be maintained along with current
platform development in order to ensure backwards compatibility.

Bug: 37896931
Test: none, this just copies the old mapping file to prebuilts.
Change-Id: Ia5c36ddab036352845878178fa9c6a9d649d238f