am: 7469d816

Change-Id: Ie36c6266cc3387bba02974fb65614c75c8bd1425

am: fcfda81b

Change-Id: Iefe805a99749c29865b7f871cd4fc3fe11e1e536

This reverts commit 8c60f74d.

Bug: 38242876
Change-Id: Iba5a94d16901dc0c52f1941972c26877baa4805c

am: c1e8f825

Change-Id: I2db7693bb8bb77e396602caa37286090791a4689

am: 216b377d

Change-Id: I2ff6397f145424266cd1091e338323cff283397c

Node for /dev/uhid driver needs to be accessible
by shell for the 'hid' command in frameworks/base/cmds.
This CL is in support of another CL c/2048848, topic
'Refactor hid command in /frameworks/base/cmds'
in internal master.

Bug: 34052337
Test: CTS test for GamepadTestCase#testButtonA; Checked that
cat /dev/uhid does not raise permission error.

Change-Id: I861c1226b4a67272af7c2a93d7811bf87a083478

am: 52711066

Change-Id: Ic937b16aebdfe046e425c98c0de0d0dfa4b5fc62

am: ce5ca4d0

Change-Id: I7f9cfa0a144ddfd796897446990f2b61108755c1

This is needed for devices using configfs, where init listens for
sys.usb.ffs.ready=1 to config usb_gadget. When recovery starts
sideloading, minadbd (forked from recovery) sets the property to trigger
that action.

avc:  denied  { set } for property=sys.usb.ffs.ready pid=541 uid=0 gid=0
scontext=u:r:recovery:s0 tcontext=u:object_r:ffs_prop:s0
tclass=property_service

Bug: 35803743
Test: Device shows up in sideload mode.
Change-Id: Ie7f1224d3a8650160ac29811f73b8286fbced4f4

am: 8741d4fe

Change-Id: Iae383ed802d0e8a78d30ded05dbe3e0817b439e5

am: c895f278

Change-Id: I49f55fba41b5242c7c4f36652afe9fee4808a349

Added rule:

/(vendor|system/vendor)/bin/hw/android\.hardware\.configstore@1\.[0-9]-service
u:object_r:hal_configstore_default_exec:s0

Bug: 37727469
Test: Built and tested on Sailfish
Change-Id: Icf167fad1c7e601c3662f527d1e3e844ff517b58

am: 702605c6

Change-Id: I23b987ecccce6e9622b0e7844d00c14f6ef4d21b

am: 611202ef

Change-Id: If107d1d43e9247be68065d711f471e538830ee18

am: c8fd16c7

Change-Id: I49e7c18e18a400147e1662304d39e25eeae51c55

am: ca0a352a

Change-Id: If463e73dce4db829206a4907a5fa12bfbe347fb9

am: b49bc821

Change-Id: I4e13baad4cc463142b5899855e0613c5ea829c8d

am: 07667733

Change-Id: I0263926bbc950f0186bdd9a7fa3eb8b8f9072ee0

am: 4aac6fdb

Change-Id: I1614f394e0f0c071705e3696d3dd8124e72c24c2

am: 9686cbcd

Change-Id: Id0bacbd2022c24615b9e99108af1a8510be248fb

Remove SELinux access from domain_deprecated. Access to SELinux APIs can
be granted on a per-domain basis.

Remove appdomain access to SELinux APIs. SELinux APIs are not public and
are not intended for application use. In particular, some exploits poll
on /sys/fs/selinux/enforce to determine if the attack was successful,
and we want to ensure that the behavior isn't allowed. This access was
only granted in the past for CTS purposes, but all the relevant CTS
tests have been moved to the shell domain.

Bug: 27756382
Bug: 28760354
Test: Device boots and no obvious problems. No collected denials.
Change-Id: Ide68311bd0542671c8ebf9df0326e512a1cf325b

In the init scripts for socket, the type can have a suffix of
"+cred" to request that the socket be bound to report SO_PASSCRED
credentials on socket transactions.  Here we add socket setopt
to selinux rules.

Test: gTest logd-unit-tests --gtest_filter=logd.statistics right after boot
      (fails without logd.rc change)
Bug: 37985222
Change-Id: I37cdf7eea93c3e8fa52964e765eaf3007e431b1f

The following HAL methods use file descriptors to write dump
info comprising audioflinger debug dump:

IDevice.debugDump
IEffectsFactory.debugDump
IStream.debugDump

Bug: 37993476
Test: check contents of media.audio_flinger section in
      a bugreport captured on Pixel device

Change-Id: I77d347c019ac93c3ba0d54ce50f0fdc243b04685

am: eb80c0db

Change-Id: I1b5cbd08d80ba43979da2ab46b40d28ff14a93e8

am: bf030965

Change-Id: I3a10c619ce6e65ce531276ef4f97489605897062

This is needed by linker to be able to load libraries from memfd
which currently generated following denial:
avc: denied { getattr } for path=2F6D656D66643A666F6F626172202864656C6574656429 dev="tmpfs" ino=902079 scontext=u:r:shell:s0 tcontext=u:object_r:shell_tmpfs:s0 tclass=file permissive=0

Bug: http://b/37245203
Bug: http://b/37916741
Test: builds
Change-Id: I5b57b6cada50a62657c8daaaaaa56f1ee9cdb376
(cherry picked from commit a0d3ff8e)

The service "storaged" implememnts a dump() interface for
dumpsys, and thus it needs to write its state to the fd
provided by dumpstate.

To correct this, and fix dumpstate, allow the permission.

Fixes:
avc: denied { use } for pid=3298 comm="dumpsys" path="pipe:[33470]" dev="pipefs" ino=33470 scontext=u:r:storaged:s0 tcontext=u:r:dumpstate:s0 tclass=fd permissive=0

Test:
With a device that has storaged, issue the command:
$ adb shell dumpstate

Change-Id: I515e20f0328b6edc01ea2a7c53b1d3c4ca0e72ac
Signed-off-by: William Roberts <william.c.roberts@intel.com>

am: acbf2ad3

Change-Id: Ic59386f9a2a02438299ee11f3b36fdd7b9b34c99

am: 7f4b2ad5

Change-Id: I3c10871ddc11f43f685ef4a7064d416a1ca450f1

am: 2d7ec8d4

Change-Id: I4fc205afca8f64a710d0ceaab356a8dd76a7923a

am: 9e0d6aeb

Change-Id: I6e08846e7f580851f9cd0d7050097dcba0f5dbb8

Temporary workaround.

Bug: 37755687
Test: ASAN_OPTIONS= SANITIZE_HOST=address m
Merged-In: I001a42ea6463a1e137e1f5328755596f986323de
Change-Id: I001a42ea6463a1e137e1f5328755596f986323de

am: 97e2c65c

Change-Id: Iab07ec973bddeb2e431fadd4c839f6b882c433cf