am: bc1c5453

Change-Id: I7c59d28fb32d5785a88e3678ea85a0ae43003302

Bug: 65643247
Test: sailfish boots, can take pictures, use browser without denials
form kernel domain.
Change-Id: I4fc0555f0b65fc5537e0b2765142b384ed0560c8

am: dcee57b8

Change-Id: I99ec6c055c8f6f04be90a4710ae278ba676f741d

am: e22e99a6

Change-Id: I7e345f52865c834bada137d773cbcd869825946c

am: 3e60e38a

Change-Id: I08ed6727590cac42f6440f2462041368fc4544e2

Bullhead and dragon are broken. Revert until I can fix
those builds.

Dragon:

libsepol.report_failure: neverallow on line 113 of system/sepolicy/private/isolated_app.te (or line 26264 of policy.conf) violated by allow isolated_app sysfs_socinfo:file { ioctl read lock open }; 

Bullhead:

libsepol.report_failure: neverallow on line 113 of system/sepolicy/private/isolated_app.te (or line 26283 of policy.conf) violated by allow isolated_app sysfs_power_management:file { ioctl read lock open }; 
libsepol.report_failure: neverallow on line 113 of system/sepolicy/private/isolated_app.te (or line 26283 of policy.conf) violated by allow isolated_app sysfs_socinfo:file { ioctl read lock open }; 
libsepol.report_failure: neverallow on line 113 of system/sepolicy/private/isolated_app.te (or line 26283 of policy.conf) violated by allow isolated_app sysfs_thermal:file { ioctl read lock open }; 
libsepol.check_assertions: 3 neverallow failures occurred 


This reverts commit 579366a0.

Change-Id: I1ea4824e226c06628769898299f2e322060d0d06
Test: policy compiles.

am: eb1ae188

Change-Id: I9f8a35d86fefecc0485cf57bc2e2cf876d770fc9

Mediaextractor should only be operating on data passed directly to it.
It shouldn't be attempting to open /data files on it's own.

Add a neverallow statement (compile time assertion + CTS test) to ensure
this is the case.

Bug: 67454004
Test: policy compiles. No runtime impact.
Change-Id: Ie94d4cb9aece7e72fbd13321f339dcf9d44d5d77

am: 73b11f87

Change-Id: Ica074d96cc7372195b807b9b715ffcad09bcf040

am: c0e58ac9

Change-Id: I9658a3d485c494f038672b5dc92f36fdc5823eb6

Allows partners to add a new attribute definition to their public
policy without causing a compatibility failure with the AOSP system
image.

Bug: 67092827
Bug: 37915794
Test: build and boot aosp_sailfish with new type declared in public
    policy

Change-Id: I015c26fa7c399423e8a6e7079b5689007d031479

These denials are expected and the code has fallbacks to handle this
case.

Test: policy compiles.
Bug: 67454004
Change-Id: I787625494d0a7c9945318428b6fd3f668a8a2564

am: a045c854

Change-Id: Idf0261623c23211776381dc97a888b3aff4c534b

Renamed this type:
proc_asound_cards -> proc_asound

Labeled /proc/asound/devices as proc_asound.

We now use proc_asound type to label files under /proc/asound which we
want to expose to system components.

Bug: 66988327
Test: Pixel 2 boots, can play sound with or without headphones, and
selinux denials to proc_asound are not seen.

Change-Id: I453d9bfdd70eb80931ec9e80f17c8fd0629db3d0

am: dbe5086f

Change-Id: Iad00113a976d11f0dc61233949cae21ca01b5e96

isolated_apps are intended to be strictly limited in the /sys files
which can be read. Add a neverallow assertion to guarantee this on all
Android compatible devices.

Test: policy compiles.
Change-Id: I47aceefa3f43a7ea9e526f6f0ef377d0b4efbe3a

am: 7a83d44f

Change-Id: Ic218bed2e163955ed52e86ba2767eb0237d39b90

am: 5f85a480

Change-Id: I2b7a0972f28466bc7bf215ddb1e38be1ebc0f9b0

FAILED:
out/target/product/sailfish/obj/ETC/treble_sepolicy_tests_intermediates/treble_sepolicy_tests
Error: library-path out/host/darwin-x86/lib64/libsepolwrap.so
does not exist

Note, fixing here instead of reverting to avoid reverting
changes in CTS.

Test: ctate testing on Mac
Change-Id: I95f483b152d9bece1a16267cbc49eedb1f902990

so they can use MediaExtractor too.

Bug: 67406992
Test: yes
Change-Id: Iaacadc13b1fc032fe31eea1f3ecbbbabb741470a

am: dfb7b7e3

Change-Id: I2656779fe90dc7d863067fce6be56b6b3bb4f5f6

On Marlin/Sailfish, StorageManager tests in CTS are exposing a bug
where the /proc/<pid>/ns/mnt files for system_server are briefly
mislabeled as "proc" instead of "system_server". Resulting in the
tests failing. Temporarily re-granting access to the default label
until the labeling issue can be tracked down.

Repro steps:
cts-tradefed run commandAndExit cts-dev -m CtsOsTestCases \
-t android.os.storage.cts.StorageManagerTest

Failures:

android.os.storage.cts.StorageManagerTest#testOpenProxyFileDescriptor
fail: java.lang.IllegalStateException: command '58 appfuse mount 10065
959 0' failed with '400 58 Command failed'

android.os.storage.cts.StorageManagerTest#testOpenProxyFileDescriptor_async
fail: java.lang.IllegalStateException: command '59 appfuse mount 10065
959 1' failed with '400 59 Command failed'

android.os.storage.cts.StorageManagerTest#testOpenProxyFileDescriptor_error
fail: java.lang.IllegalStateException: command '60 appfuse mount 10065
959 2' failed with '400 60 Command failed'

From the log:

10-04 20:41:22.972   595   604 E vold    : Failed to open namespace for
/proc/959/ns/mnt: Permission denied
10-04 20:41:22.967   604   604 W vold    : type=1400 audit(0.0:90): avc:
denied { read } for dev="proc" ino=4026534249 scontext=u:r:vold:s0
tcontext=u:object_r:proc:s0 tclass=file permissive=0
10-04 20:41:23.051   604   604 W vold    : type=1400 audit(0.0:91): avc:
denied { read } for dev="proc" ino=4026534249 scontext=u:r:vold:s0
tcontext=u:object_r:proc:s0 tclass=file permissive=0
10-04 20:41:23.054   595   604 E vold    : Failed to open namespace for
/proc/959/ns/mnt: Permission denied
10-04 20:41:23.081   604   604 W vold    : type=1400 audit(0.0:92): avc:
denied { read } for dev="proc" ino=4026534249 scontext=u:r:vold:s0
tcontext=u:object_r:proc:s0 tclass=file permissive=0
10-04 20:41:23.086   595   604 E vold    : Failed to open namespace for
/proc/959/ns/mnt: Permission denied

sailfish:/ # ps -AZ | grep 959
u:r:system_server:s0           system         959   628 \
4557136 251500 SyS_epoll_wait 70e6df822c S system_server

The file labels appear to be correct when checked manually.

sailfish:/ # ls -lZ /proc/959/ns/
lrwxrwxrwx 1 system system u:r:system_server:s0 0 2017-10-04 17:19 mnt -> mnt:[4026534249]
lrwxrwxrwx 1 system system u:r:system_server:s0 0 2017-10-04 20:55 net -> net:[4026531906]

Bug: 67049235
Test: cts-tradefed run commandAndExit cts-dev -m CtsOsTestCases \
    -t android.os.storage.cts.StorageManagerTes

Change-Id: Id4d200856c02c023c6f516e3f3bfa060e100086c

am: dbe09253

Change-Id: I5e58678a62624276f84c4b006c21d3ad75165e78

am: c9599b34

Change-Id: I403a945bcd0c8cb4892b11d1a817511f77e459e0

This functionality is being used, apparently.

Addresses the following auditallow spam:

  type=1400 audit(0.0:1039): avc: granted { write } for
  comm="Chrome_ProcessL"
  path="/storage/emulated/0/Android/data/com.bleacherreport.android.teamstream/cache/.com.google.Chrome.sk5n91"
  dev="sdcardfs" ino=1877565 scontext=u:r:isolated_app:s0:c512,c768
  tcontext=u:object_r:sdcardfs:s0 tclass=file

Test: policy compiles.
Bug: 32896414
Change-Id: I627e20c38115f1d579e78ca12abfa717d32a155a

"append" has almost the same behavior as "write".

Test: policy compiles.
Change-Id: I3f85108e7918766f07e03f74c3f1d8e8084042b3

avc:  denied  { read } for  pid=446 comm="recovery" name="cmdline"
dev="proc" scontext=u:r:recovery:s0
tcontext=u:object_r:proc_cmdline:s0 tclass=file

Test: build
Bug: 66497047
Change-Id: I9f48db88bed0d6ac76fa2808a4913857230a5d4b