am: acbda504

Change-Id: I9575610aeae0464661ad23d0eac696915cb0064e

This is needed in order to get the stat-size of the files.

Bug: 30934496
Test: gts-tradefed -m GtsAndroidRuntimeManagerHostTestCases
Change-Id: I1df0ba941e8f9ff13a23df4063acc3c4f1555c1b

am: 33ba9c54

Change-Id: I09d49857f0bffc37090c4429879fb5288cbc9b90

am: f838a3bc

Change-Id: Ia2c73bd7b5524da7df7aa96c14dd60e30feecce2

Tclass was omitted for two entries.

Bug: 69928154
Bug: 69366875
Test: build
Change-Id: Ie12c240b84e365110516bcd786b98dc37295fdb9

/proc/uid/ provides the same per-uid time_in_state data as
/proc/uid_time_in_state, so apply the same type and let system_server
read directories of this type.

Bug: 66953705
Test: system_server can read /proc/uid/*/time_in_state files without
denials on sailfish
Change-Id: Iab7fd018c5296e8c0140be81c14e5bae9e0acb0b
Signed-off-by: Connor O'Brien <connoro@google.com>

am: 4ebbe461  -s ours

Change-Id: I72f7b323551fc2151668203db725710231c836c5

am: 15da30b6

Change-Id: I6a06b84d6319680d73d38ec16ca6e142d79290d1

bug: 69430536
Test: make ats-tradefed && ats-tradefed run ats -m
GtsSecurityHostTestCases

Merged-In: I617a7d08b1bf480f970bc8b4339fa6bbdc347311
Change-Id: I1d4af47662de5db4e5f7bba244e42930b6de164b

Allow system_server to open profile snapshots for read.
System server never reads the actual content. It passes the descriptor to
to privileged apps which acquire the permissions to inspect the profiles.

Test: installd_dexopt_test
Bug: 30934496
Change-Id: I1d1f07a05261af25f6640040af1500c9a4d5b8d5

am: 4081fd39

Change-Id: Iffd1f51451929b92898fd65da600b6259f85a50e

And give shell domain read access to /proc/sys/kernel/pic_max.

Bug: 69569397
Test: adb shell /data/nativetest/bionic-unit-tests/bionic-unit-tests
--gtest_filter=pthread.pthread_mutex_owner_tid_limit
Change-Id: Ib56c18ed553ad2c2113e6913788a4c00965483cc

am: b8b4f5d6

Change-Id: I68d5ca0bf61c25e54f8d6a6aa77a326c3c0d67bf

Remove a number of SELinux rules which were required to support file
based OTA. After this, we can have a much stronger assertion that files
on /system are immutable. Tighten up the neverallow rules at the same
time.

Bug: 35853185
Bug: 15575013
Bug: 69664758
Test: adb reboot recovery && adb sideload [file]
Change-Id: I22aa208859b8478a2a90e1ed1c0f0d6b62a6664e

am: df642bef

Change-Id: I63f0f9b8cfb6e7161b8b89bda377a43d1e114e21

9b2e0cbe changed all uses of capability
to global_capability_class_set but accidentally omitted one entry.
Fix the one entry.

Test: policy compiles.
Change-Id: I1bb8c494a2660d9f02783c93b07d4238a2575106

am: b6a05a93

Change-Id: I827b6604f6eed56749e71c6e3451d8693f274bdc

Self sideload OTA installation is aborted in #PPR1.171122.001.
Likely cause is the removal of the file-based OTA rules. Revert
the change while I investigate.

This reverts commit 73885755.

Bug: 35853185
Bug: 69664758
Bug: 15575013

Change-Id: I65ca3bad7251f06df33eae8b2d4bcfada93ae9b8

am: 5086506a

Change-Id: Icf4ba89621620ac7c624dc1d680bf61f807e163e

am: 6a28b68d

Change-Id: I774787b48c0b5f6f20313ee6f9c8062db4072e84

Commit 7688161c "hal_*_(client|server) => hal(client|server)domain"
added neverallow rules on hal_*_client attributes while simultaneously
expanding these attribute which causes them to fail CTS neverallow
tests. Remove these neverallow rules as they do not impose specific
security properties that we want to enforce.

Modify Other neverallow failures which were imposed on hal_foo
attributes and should have been enforced on hal_foo_server attributes
instead.

Bug: 69566734
Test: cts-tradefed run cts -m CtsSecurityHostTestCases -t \
    android.cts.security.SELinuxNeverallowRulesTest

    CtsSecurityHostTestCases completed in 7s. 627 passed, 1 failed
    remaining failure appears to be caused by b/68133473
Test: build taimen-user/userdebug

Change-Id: I619e71529e078235ed30dc06c60e6e448310fdbc

In P, we will be supporting privileged apps in vendor partition, thus
need to label /vendor/priv-app as vendor_app_file so that apps can exist
under the dir.

Bug: 35301609
Test: N/A since there is no /vendor/priv-app yet. Framework change
which is currently in the internal is required.

Change-Id: I86a765ef9da5267113e64a7cbb38ba0abf5c2835

am: 4fbbd147

Change-Id: I304c54a480b150a8c910f268ccf84869dfb7e3f5

am: 0629dedc

Change-Id: I576b7b98ba147c97a992ea3c65239060c4cec51e

Remove a number of SELinux rules which were required to support file
based OTA. After this, we can have a much stronger assertion that files
on /system are immutable. Tighten up the neverallow rules at the same
time.

Bug: 35853185
Bug: 15575013
Test: adb reboot recovery && adb sideload [file]
Change-Id: I4238d17808bed6a81f47e14eb1797496c07642e2

am: 18cb4dae

Change-Id: Ibbaef489e45195aa105b6df09bb7378481ab2d06

am: cd69bebf

Change-Id: I6f3c20144c971d5040ee325e8bc0e9cff70085a0

This reverts commit ed876a5e.

Fixes user builds.
libsepol.report_failure: neverallow on line 513 of system/sepolicy/public/domain.te (or line 9149 of policy.conf) violated by allow update_verifier misc_block_device:blk_file { ioctl read write lock append open }; 
libsepol.check_assertions: 1 neverallow failures occurred 
Error while expanding policy
Bug: 69566734
Test: build taimen-user
Change-Id: I969b7539dce547f020918ddc3e17208fc98385c4

am: ed876a5e

Change-Id: Ic41e1b997968acfd68ade6e9b9901a4dd9b8d2d2

Commit 7688161c "hal_*_(client|server) => hal(client|server)domain"
added neverallow rules on hal_*_client attributes while simultaneously
expanding these attribute which causes them to fail CTS neverallow
tests. Remove these neverallow rules as they do not impose specific
security properties that we want to enforce.

Modify Other neverallow failures which were imposed on hal_foo
attributes and should have been enforced on hal_foo_server attributes
instead.

Bug: 69566734
Test: cts-tradefed run cts -m CtsSecurityHostTestCases -t \
    android.cts.security.SELinuxNeverallowRulesTest

    CtsSecurityHostTestCases completed in 7s. 627 passed, 1 failed
    remaining failure appears to be caused by b/68133473
Change-Id: I83dcb33c3a057f126428f88a90b95f3f129d9f0e

am: b9ea282c

Change-Id: I77676d7adb39747b9195489ef83d72e57cdb3b59

Test: build
Bug: 63710530
Change-Id: I85cddfaf3ec004165040935f8723e9eed0ef7900