Bug: 65570851
Test: boot sailfish
Change-Id: I008bf5386595c614236de44131afcda7d3fd6d98
Merged-In: I008bf5386595c614236de44131afcda7d3fd6d98
(cherry picked from commit 82ca9c2e)

(This reverts internal commit: 82ca9c2e)
Test: None.

Change-Id: I48bbbe197c8e793bd9888b6ef4dadb2b3466423b
(cherry picked from commit 852aca05)

Bug: 37916906
Test: Builds 'n' boots.
Change-Id: Ia1d86264446ebecc1ca79f32f11354921bc77668
Merged-In: I208ec6a864127a059fb389417a9c6b259d7474cb

(This reverts internal commit: 82ca9c2e)
Test: None.

Merged-in: I97ffdd48b64ef5c35267387079204512a093a356
Change-Id: I97ffdd48b64ef5c35267387079204512a093a356

(This reverts internal commit: 82ca9c2e)
Test: None.

Change-Id: I97ffdd48b64ef5c35267387079204512a093a356

Bug: 37916906
Test: Builds 'n' boots.
Change-Id: Ia1d86264446ebecc1ca79f32f11354921bc77668
Merged-In: I208ec6a864127a059fb389417a9c6b259d7474cb

Test: let fs_mgr format a damaged /data partition
Bug: 35219933
Change-Id: I379567772c73e52f532a24acf640c21f2bab5c5b
(cherry picked from commit 6d1ecdcb)

Test: let fs_mgr format a damaged /data partition
Bug: 35219933
Change-Id: If92352ea7a70780e9d81ab10963d63e16b793792
(cherry picked from commit 5f573ab2)

This reverts commit 9216a6ad.

Bug: 65206688

Merged-In: I8e61b77a1abe9543e4fba77defb8062407676fcf
Change-Id: I8e61b77a1abe9543e4fba77defb8062407676fcf

This reverts commit f27bba93.

Bug: 65206688

Change-Id: I8e61b77a1abe9543e4fba77defb8062407676fcf

Bug: 63910933
Test: boot sailfish in normal mode, checks adbd is started
Test: boot sailfish in recovery mode, checks adbd is started
Test: boot bullhead in normal mode, checks adbd is started
Test: boot bullhead in recovery mode, checks adbd is started

Change-Id: I35ed78a15a34626fbd3c21d030e2bf51033f7b79
Merged-In: I35ed78a15a34626fbd3c21d030e2bf51033f7b79
(cherry picked from commit e2423d14)

Switch from /data/misc/reboot/last_reboot_reason to persistent
Android property persist.sys.boot.reason for indicating why the
device is rebooted or shutdown.

Introduce protection for all boot reason properties

Protect the following properties with these labels

ro.boot.bootreason      u:object_r:bootloader_boot_reason_prop:s0
sys.boot.reason         u:object_r:sys_boot_reason_prop:s0
persist.sys.boot.reason u:object_r:last_boot_reason_prop:s0

Setup the current as-need access rules for each.

ToDo: Remove u:object_r:reboot_data_file after internal fixes.

Test: system/core/bootstat/boot_reason_test.sh
Bug: 64687998
Change-Id: I3771c73933e8ae2d94aee936c7a38b6282611b80

Commit 780a71e7 changed ueventd's selinux label lookup from /dev/input/
to /dev/input which no longer matches the regex in core policy
file_contexts. Fix the regex to match /dev/input and /dev/input/.

avc: denied { read } for name="input" dev="tmpfs" ino=14092
scontext=u:r:hal_camera_default:s0 tcontext=u:object_r:device:s0
tclass=dir
avc: denied { open } for path="/dev/input" dev="tmpfs"
ino=14092 scontext=u:r:hal_camera_default:s0
tcontext=u:object_r:device:s0 tclass=dir

Change-Id: I8f42f5cd96fc8353bf21d3ee6c3de9e2872f229f
Fixes: 64997761
Fixes: 64954704
Test: no camera HAL denials

Bug: 63910933
Test: boot sailfish in normal mode, checks adbd is started
Test: boot sailfish in recovery mode, checks adbd is started
Test: boot bullhead in normal mode, checks adbd is started
Test: boot bullhead in recovery mode, checks adbd is started

Change-Id: I35ed78a15a34626fbd3c21d030e2bf51033f7b79

Only seeing this denial in permissive:
allow shell screencap_exec:file getattr;

Bug: 37565047
Test: adb shell screencap w/o root
Test: cts-tradefed run cts-dev --module CtsAadbHostTestCases
Merged-In: I9f31d2067e002e7042646ee38dbfc06687481ac7
Change-Id: I9f31d2067e002e7042646ee38dbfc06687481ac7

Only seeing this denial in permissive:
allow shell screencap_exec:file getattr;

Bug: 37565047
Test: adb shell screencap w/o root
Test: cts-tradefed run cts-dev --module CtsAadbHostTestCases
Merged-In: I9f31d2067e002e7042646ee38dbfc06687481ac7
Change-Id: I9f31d2067e002e7042646ee38dbfc06687481ac7

Add /dev/kmsg_debug on userdebug devices, to allow crash_dump to log
crashes to dmesg when logd isn't up yet (or is the one crashing).

Bug: http://b/36574794
Test: stop tombstoned; crasher; dmesg
Change-Id: I6ffe11bc613e88198893e82712719522b74fe1be

Only seeing this denial in permissive:
allow shell screencap_exec:file getattr;

Bug: 37565047
Test: adb shell screencap w/o root
Test: cts-tradefed run cts-dev --module CtsAadbHostTestCases
Change-Id: I9f31d2067e002e7042646ee38dbfc06687481ac7

On Full Treble devices, servicemanager should only service
services from the platform service_contexts file.

Created new type to separate plat_ and nonplat_service_contexts,
and added new type to mapping (although I don't think this type
should have been used by vendors).

Bug: 36866029
Test: Marlin/Taimen boot
Change-Id: Ied112c64f22f8486a7415197660faa029add82d9

Add sepolicy for thermalserviced daemon, IThermalService binder
service, IThermalCallback hwservice, and Thermal HAL revision 1.1.

Test: manual: marlin with modified thermal-engine.conf
Bug: 30982366
Change-Id: I207fa0f922a4e658338af91dea28c497781e8fe9
(cherry picked from commit ec3b6b7e)

Test: Built.
Change-Id: Ia5f5b52e10e9411cd87901053675d9e77a622529

This should improve performance, as file_contexts is slower than
genfs_contexts.

Bug: 62413700
Test: Built, flashed, and booted Sailfish.  Verified that the
files have the correct context and that wifi, web, and atrace work.

Merged-In: Ia28707ec565a0792bc882fbffe9e8ab9968535f5
Change-Id: I9546f3af3c95e3443684ae4764881b69987611ef

To support libartd test runs.

Bug: 15735795
Bug: 62087184
Test: m
Test: manual tests with libartd
Change-Id: I33a12198566f5d979207e1edd4460b839a0f55f1

Reverting this commit to fix CTS tests in oc-dr.
This reverts commit 718e0852.

Test: Tested lowmemorykiller tracing removed via traceur.
Bug: 62908858
Merged-In: Ifc1c6ac634b94e060ed1f311049bd37f6fcc8313

Change-Id: Ie462decf32578bbe74a9ec9bdb8bb4ae1b87da29

Allow lmkd to access /dev/memcg once again.

Test: lmkd can access memcg
bug: 36588803
Change-Id: I1f46b438050d95cebd2fcc495938192305fc9fc9

This should slightly improve performance, as file_contexts is slower
than genfs_contexts.

Now that the kernel patch enabling genfs labeling of tracefs has
landed, we can re-enable this.

Bug: 62413700
Test: Built, flashed, and booted two devices.  Verified that all of
the files have the correct context and that wifi, camera, and traceur
work.

Change-Id: Ifc1c6ac634b94e060ed1f311049bd37f6fcc8313

move them to device-specific files.

Bug: 62908056
Change-Id: I299819785d5a64e6ecdde1cd7da472477fe1e295
Merged-In: If92352ea7a70780e9d81ab10963d63e16b793792

Test: let fs_mgr format a damaged /data partition
Bug: 35219933
Change-Id: I379567772c73e52f532a24acf640c21f2bab5c5b
Merged-In: I379567772c73e52f532a24acf640c21f2bab5c5b

This was marked deprecated in 2014 and removed in 2015, let's remove
the sepolicy now too.

(Originally submitted in commit: 8c60f74d)

Bug: 38242876
Test: Builds and boots.

Change-Id: I4caa0dbf77956fcbc61a07897242b951c275b502

Add /dev/kmsg_debug on userdebug devices, to allow crash_dump to log
crashes to dmesg when logd isn't up yet (or is the one crashing).

(Originally commited in a015186f)
Bug: 36574794
Bug: 62101480
Test: Builds and boots.
Change-Id: I249e11291c58fee77098dec3fd3271ea23363ac9

NOTE: This change is marked dnma because we don't want it on
oc-dr1-dev-plus-aosp or any other downstream branch. Moreover,
oc-dr1-dev-plus-aosp is the only outgoing merger from oc-dr1-dev for
this project.

This reverts commit 11bfcc1e.

Bug: 62908344
Test: make
Change-Id: Ide61829cf99f15777c46f657a0e140d594f88243

Change-Id: I951162a6a118757d7a466f2c19a23d0ad2e406e3
Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>

An earlier commit moved tracefs file labels from file_contexts to
tracefs.  But this requires a kernel patch that is not present on all
devices, so let's revert it until that is merged.

Bug: 62485981
Test: Built, flashed, and booted two devices.  Verified that the files
have the correct context.  Verified that traceur works.

Change-Id: I8ee3ea9864f73a92943cdbc550131d4a71b842ba

Now that we're expected to use this when taking traces, we need to add
this permission so that Traceur can also access this file.

Test: Used Traceur and saw the traces appear in the bugreports
directory, as expected.
Bug: 62493544

Change-Id: Ib4304176abbb51e2e3b45c566ff14574e1cfaa82
Merged-In: I464b0df30fabfc5f1c7cd7430e53e8d04bfacb53
(this merged-in is not the same change; it's a conflicting change in
master)

Allow lmkd to access /dev/memcg once again.

Test: lmkd can access memcg
bug 36588803

Change-Id: I47b4e79260bcd2967d85d8151c83e624d432f409

This reverts commit 527f64e6.

Change-Id: Ibc48af53431a8f7c7211999dcb571f492fb5ddb4

Allow lmkd to access /dev/memcg once again.

Test: lmkd can access memcg
bug 36588803

Change-Id: Ia57dbbc3987d8858c932103c4e546cbb88893207

A previous commit (a83e0cc) already labels these with genfs_context,
which has better performance.

Bug: 62413700
Test: Built, flashed, and booted.  Verified that the files have
the correct context.

Change-Id: I464b0df30fabfc5f1c7cd7430e53e8d04bfacb53

This change is primarily to fix CTS which checks file ordering of
file_contexts. Having two separate means of loading file_contexts
has resulted in ordering variations.

Previously the binary file_contexts was preferred since it
loaded faster. However with the move to libpcre2, there is no
difference in loading time between text and binary file_contexts.
This leaves us with build system complexity with no benefit.
Thus removing this unnecessary difference between devices.

Bug: 38502071
Test: build and boot non-Treble Bullhead, run CTS tests below
Test: build and boot Treble Marlin, run CTS tests below
Test: cts-tradefed run singleCommand cts --skip-device-info \
    --skip-preconditions --skip-connectivity-check --abi arm64-v8a \
    --module CtsSecurityHostTestCases \
    -t android.security.cts.SELinuxHostTest#testAospFileContexts
Test: cts-tradefed run singleCommand cts --skip-device-info \
    --skip-preconditions --skip-connectivity-check --abi arm64-v8a \
    --module CtsSecurityHostTestCases \
    -t android.security.cts.SELinuxHostTest#testValidFileContexts
Change-Id: I088b3aeafaaab320f6658feb058a1fb89cbb65e1

This change is primarily to fix CTS which checks file ordering of
file_contexts. Having two separate means of loading file_contexts
has resulted in ordering variations.

Previously the binary file_contexts was preferred since it
loaded faster. However with the move to libpcre2, there is no
difference in loading time between text and binary file_contexts.
This leaves us with build system complexity with no benefit.
Thus removing this unnecessary difference between devices.

Bug: 38502071
Test: build and boot non-Treble Bullhead, run CTS tests below
Test: build and boot Treble Marlin, run CTS tests below
Test: cts-tradefed run singleCommand cts --skip-device-info \
    --skip-preconditions --skip-connectivity-check --abi arm64-v8a \
    --module CtsSecurityHostTestCases \
    -t android.security.cts.SELinuxHostTest#testAospFileContexts
Test: cts-tradefed run singleCommand cts --skip-device-info \
    --skip-preconditions --skip-connectivity-check --abi arm64-v8a \
    --module CtsSecurityHostTestCases \
    -t android.security.cts.SELinuxHostTest#testValidFileContexts
Change-Id: I088b3aeafaaab320f6658feb058a1fb89cbb65e1