Test: trust me
Bug: 64687998
Change-Id: I901565222d658917ce5ad7bc280dc4acc0f9e9b7

Merge "Switch /data/misc/reboot/last_reboot_reason to persistent property" am: d27aee33 am: e028be05 am: e5f67cb5
am: 5249c427

Change-Id: I819187dd5923969047e48297b2446a1c5988bb92

Merge "Switch /data/misc/reboot/last_reboot_reason to persistent property" am: d27aee33 am: e028be05
am: e5f67cb5

Change-Id: Ie63a32a1b78c63db64a9a3e041c23e0b5953734e

am: e028be05

Change-Id: I835ca57fa962cd382646604139fc56c742b2de97

am: d27aee33

Change-Id: Ia64de6f9da61ce31ae10d8258a3692ce5a0e5815

Add sepolicy definitions.mk and create policy.conf function. am: 36ee91d4 am: b1b36bf2 am: 00194636  -s ours
am: 620ca4ca  -s ours

Change-Id: I8ac1038887570c5b89bc1f5ffc99048f5f2736f4

am: 00194636  -s ours

Change-Id: Iec9b1991818dca6838e738fd346533b5354a1951

am: b1b36bf2

Change-Id: I7cf6a6cf435022cb56a1b4899158fb5f390390fe

am: 36ee91d4

Change-Id: I9af35533587e962c63b6dd2543b047bf9899fb5e

Bug: 36899958
Test: Builds 'n' boots.
Change-Id: I5836a18f9d0a9a976dda7304045e3b9e1e84565e
Merged-In: I5836a18f9d0a9a976dda7304045e3b9e1e84565e
(cherry picked from commit c0713e86)

am: c5b0b08d

Change-Id: Iab7df2831817c68e4b0dec5b7a75866a5d0ed1ba

am: 16145a0c

Change-Id: Ic912f14595c85a9dc296b4267278910da49eb86e

searchpolicy.py provides a subset of the functionality of sesearch.

The primary benefit being that it's entirely built in-tree and thus
can be packaged for use in automated tests included compatibility
test suites.

Example
searchpolicy.py --libpath out/host/linux-x86/lib64/ --allow --source domain

Bug: 63397379
Test: Identical output with sesearch for the following commands
    --allow --source domain
    --allow --target domain
    --allow --target appdomain -p ioctl,open
    --allow --source lmkd -c file -p ioctl,open
    --allow --source lmkd -c file,dir -p ioctl,open
Change-Id: I89a6c333f1f519d9171fbc1aafe27eaf5ad247f0

Switch from /data/misc/reboot/last_reboot_reason to persistent
Android property persist.sys.boot.reason for indicating why the
device is rebooted or shutdown.

Introduce protection for all boot reason properties

Protect the following properties with these labels

ro.boot.bootreason      u:object_r:bootloader_boot_reason_prop:s0
sys.boot.reason         u:object_r:sys_boot_reason_prop:s0
persist.sys.boot.reason u:object_r:last_boot_reason_prop:s0

Setup the current as-need access rules for each.

ToDo: Remove u:object_r:reboot_data_file after internal fixes.

Test: system/core/bootstat/boot_reason_test.sh
Bug: 64687998
Change-Id: I3771c73933e8ae2d94aee936c7a38b6282611b80

Commit 780a71e7 changed ueventd's selinux label lookup from /dev/input/
to /dev/input which no longer matches the regex in core policy
file_contexts. Fix the regex to match /dev/input and /dev/input/.

avc: denied { read } for name="input" dev="tmpfs" ino=14092
scontext=u:r:hal_camera_default:s0 tcontext=u:object_r:device:s0
tclass=dir
avc: denied { open } for path="/dev/input" dev="tmpfs"
ino=14092 scontext=u:r:hal_camera_default:s0
tcontext=u:object_r:device:s0 tclass=dir

Change-Id: I8f42f5cd96fc8353bf21d3ee6c3de9e2872f229f
Fixes: 64997761
Fixes: 64954704
Test: no camera HAL denials

am: f27d160c

Change-Id: I83afe599ffc4afb3f52b00c32f41d2eb8461540e

am: 9c66416f

Change-Id: I38258b1220dc9eccc58f65503fd92eace124c514

am: 320fefdc

Change-Id: I7a0b81da577da8d23497a4a5a06652172baa12a9

am: cdf186e4

Change-Id: I65cc3a3ae293ab53b208a71f599b112c7250598a

This patch tries to provide similar functionality as the previous
change made here:
https://android-review.googlesource.com/#/c/platform/system/sepolicy/+/432339/



Only, making sure we add the same map permissions for the vendor
directory.

Signed-off-by: John Stultz <john.stultz@linaro.org>

(cherry picked from commit 24537b2e)

Bug: 65011018
Test: policy compiles.
Change-Id: I4d0319011ef4ef043134bf299dc4823a6c418717

Configstore HAL uses a seccomp filter which blocks the standard
path of execing crash_dump to collect crash data. Add permission
to use crash_dump's fallback mechanism.

Allowing configstore to write to the socket provided by tombstoned
required either exempting configstore from a neverallow rule, or
removing the neverallow rule entirely. Since the neverallow rule
could potentially prevent partners for doing security hardening,
it has been removed.

Bug: 64768925
Bug: 36453956

Test: killall -ABRT android.hardware.configstore@1.1-service
    Results in a call stack in logcat, and tombstone in
    /data/tombstones
Test: configstore runs without crashing
Test: SANITIZE_TARGET="address coverage" make vts -j64
    vts-tradefedrun commandAndExit vts --skip-all-system-status-check \
    -primary-abi-only --skip-preconditions -l VERBOSE --module \
    VtsHalConfigstoreV1_0IfaceFuzzer

Change-Id: I1ed5265f173c760288d856adb9292c4026da43d6
(cherry picked from commit 9924d782)

am: 822631ba  -s ours

Change-Id: If3752061a2abd8646adc5c0407b1ee3ed1d9a92f

am: b519a9ad

Change-Id: I30b5b25d3667fd2e0bc3e8efc2b4dc7ff403c171

am: 5d478edd

Change-Id: If2fc3e9b14cd672d9989f4023b665d70e938b5af

am: 99cbe530

Change-Id: I008a9509e758cee7802030e1146bbf140b31ba78

am: adcee927

Change-Id: I25311a6a46b21fa09672f32c74cfa647a24fb743

am: f32e1b11

Change-Id: I7a3752444fb240cbb653cef23a75bfeee5007e59

am: d9918e12

Change-Id: Ifc423169476761cb9abd840b75088869c02a76bd

am: 9cd2abc2

Change-Id: Ia6c246e2c33453ffcdee628266553a9dbde7da22

If cppreopts.sh failed to copy files for some reason it would leave
the temporary files sitting around in the data directory. This changes
the selinux rules so that cppreopts is able to get rid of these
temporary files.

Test: phone boots.
Bug: 63995897
Change-Id: I2a7e654c3a3cee7c9f0be8ba64e40c365eee4cfe

sepolicy: Define and allow map permission for vendor dir am: 24537b2e am: e63f7f32 am: 01cd12a0 am: d15ac5ba
am: e2e16219

Change-Id: I8abc5d597d6ac567443996060eec005c982570ae

sepolicy: Define and allow map permission for vendor dir am: 24537b2e am: e63f7f32 am: 01cd12a0
am: d15ac5ba

Change-Id: I7d60849a030a73f0bd1e9fa25bb150e7a62046bc