Allow update_verifier to load the boot_control_hal in passthrough mode.

Test: update_verifier works, no denials
Bug: 34656553
Change-Id: I5c20ce67c8f1fd195f2429dae497221514ed95a8

system_server needs the permissions to open the lights hal in the same
process.

Bug: 34634317
Test: can change brightness on marlin (tested on internal master)
Change-Id: I11fe59b4ab32e13d6dad246f4e6c56951e051181

Addresses the following denial:

  avc: denied { read } for name="cache" dev="dm-0" ino=2755
  scontext=u:r:priv_app:s0:c512,c768 tcontext=u:object_r:cache_file:s0
  tclass=lnk_file permissive=0

which occurs when a priv-app attempts to follow the /cache symlink. This
symlink occurs on devices which don't have a /cache partition, but
rather symlink /cache to /data/cache.

Bug: 34644911
Test: Policy compiles.
Change-Id: I9e052aeb0c98bac74fa9225b9253b1537ffa5adc

auditallow this until we track down where the file is opened without
O_APPEND.

01-23 08:02:12.272   555   555 W tombstoned: type=1400 audit(0.0:11480): avc: denied { write } for path="/data/anr/traces.txt" dev="sda35" ino=4669445 scontext=u:r:tombstoned:s0 tcontext=u:object_r:anr_data_file:s0 tclass=file permissive=0

Bug: http://b/34193533
Test: mma
Change-Id: I77b854dce06231232004432839ebd5aa963ef035

Merged-In: Id2b849d7fa22989225066ebe487fc98d319743ea
Bug: 34190490
Test: CTS in internal master
Change-Id: I27ab62469f3a405c59eda1a2a249899e845bed56

Delete rule for permission_service since we use packages.list instead.

Test: adb shell storaged -u
Bug: 34198239
Change-Id: Ic69d0fe185e627a932bbf8e85fc13163077bbe6b

Test: pass
Change-Id: Ie1a6513f8fa9cb4b007fccefe63ccb78fcd45578

In order to dump hardware services using dumpsys, dumpsys needs to be
able to talk to the hwservicemanager.

Bug: 33382892
Test: dumpsys --hw works from unrooted shell
Change-Id: I31f0982193991428da465507f93d50646cb38726

Test:   Device boots
        Can take photos
        Run "adb shell atrace -c -b 16000 -t 5 gfx" without root and check produces
        output
        Run "python systrace.py view gfx freq sched am wm dalvik
        binder_driver" from external/chromium-trace after adb root and
        check populated
Bug: 31856701
Change-Id: Ic319f8a0a3e395efa7ee8ba33a868ac55cb44fe4

In my commit f41d89eb I forgot to
switch rild and gatekeeperd rules from explicitly associating these
domains with the hal_telephony and hal_gatekeeper to using the
hal_impl_domain macro. As a result, the recent commit
a2519226 inadvertently revoked
HwBinder access from rild and gatekeeperd.

This commit fixes the issue by switching rild and gatekeeperd to the
hal_impl_domain macro.

Test: "sepolicy-analyze out/target/product/bullhead/root/sepolicy attribute haldomain"
      now lists rild and gatekeeperd
Test: "sepolicy-analyze out/target/product/bullhead/root/sepolicy attribute hal_telephony"
      still lists rild
Test: "sepolicy-analyze out/target/product/bullhead/root/sepolicy attribute hal_gatekeeper"
      still lists gatekeeperd
Bug: 34180936
Bug: 34470443
Change-Id: I7949556f58c36811205d5ea3ee78ea5708e95b45

Fix the following denial:

tombstoned: type=1400 audit(0.0:563): avc: denied { append } for path="/data/anr/traces.txt" dev="sda35" ino=679941 scontext=u:r:tombstoned:s0 tcontext=u:object_r:anr_data_file:s0 tclass=file permissive=0

Bug: http://b/34472671
Test: mma
Change-Id: Iab5fbaf50888aa0f195841cb7e718ff393e526dd

Test: No change to SELinux policy
Change-Id: I45d6d6ab0538b9d4768b922cfdc2c972272d0b18

wificond_service is not a system_server service, so drop the
typeattribute.

Provide find permission for system_server so it can still call
wificond.

Test: compile and run on emulator. Also check built policy to verify
the permissions changes are as expected. system_server should have lost
the add permissions on wificond_service. Most importantly this needs
to be tested on a device with wificond.

Change-Id: I6dd655a5ac1dbfef809b8759a86429557a7c1207
Signed-off-by: William Roberts <william.c.roberts@intel.com>

As of https://android-review.googlesource.com/324092, ephemeral_app is
now an appdomain, so places where both appdomain and ephemeral_app are
granted the same set of rules can be deleted.

Test: policy compiles.
Change-Id: Ideee710ea47af7303e5eb3af1331653afa698415

This fixes the following issues introduced in commit
d225b697:
* plat_file_contexts was empty because the target was referencing
  system/sepolicy/private/file_contexts via a misspelled variable
  name.
* plat_file_contexts wasn't marked as dirty and thus wasn't rebuilt
  when system/sepolicy/private/file_contexts changed. This is because
  the file_contexts dependency was referenced via a misspelled
  variable name.
* plat_file_contexts wasn't sorted (as opposed to other similar
  targets, such as nonplat_file_contexts and file_contexts.bin). This
  may lead to unnecessary non-determinism.
* nonplat_file_contexts wasn't marked dirty and thus wasn't rebuilt
  when device-specific file_contexts file(s) changed. This is because
  the file_contexts files were referenced via a misspelled variable
  name.

Test: "make plat_file_contexts" produces a non-empty file containing
      mappings from system/sepolicy/private/file_contexts
Test: "make plat_file_contexts" updates output when
      system/sepolicy/private/file_contexts changes
Test: "make plat_file_contexts" produces output which is sorted
      accroding to rules in fc_sort
Test: "make nonplat_file_contexts" updates output when
      device/lge/bullhead/sepolicy/file_contexts changes (tested on
      aosp_bullhead-eng)
Bug: 31363362
Change-Id: I540555651103f02c96cf958bb93618f600e47a75

wificond is a system_server service used by wifi, wifi doesnt start now

This reverts commit b68a0149.

Change-Id: If958c852e5d8adf8e8d82346554d2d6b3e8306c9

/sys/class/leds is the standard location for linux files dealing with
leds, however the exact contents of this directory is non-standard
(hence the need for a hal).

Bug: 32022100
Test: compiles and works for the subset of common files
Change-Id: I7571d7267d5ed531c4cf95599d5f2acc22287ef4

wificond_service is not a system_server service, so drop the
typeattribute.

Test: compile
Change-Id: Ic212dd2c8bc897fbdc13ca33a9864ac8d4e68732
Signed-off-by: William Roberts <william.c.roberts@intel.com>

This fixes a bug introduced in the HIDL port where fingerprint no
longer notifies keystore of authentications.

Test: keyguard, FingerprintDialog

Fixes bug 34200870

Change-Id: I8b1aef9469ff4f4218573a6cde4c3a151512c226

Ephemeral apps cannot open files from external storage, but can be given
access to files via the file picker.

Test: ACTION_OPEN_DOCUMENTS from an ephemeral app returns a readable fd.
Change-Id: Ie21b64a9633eff258be254b9cd86f282db1509e8

Ephemeral apps are still apps with very similar capabilities, it makes
more sense to have them under appdomain and benefit from the shared
state (and all the neverallow rules) than to try and dupplicate them and
keep them in sync.

This is an initial move, there are parts of ephemeral_app that still
need to be locked down further and some parts of appdomain that should
be pushed down into the various app domains.

Test: Builds, ephemeral apps work without denials.
Change-Id: I1526b2c2aa783a91fbf6543ac7f6d0d9906d70af

Bug: http://b/30705528
Bug: http://b/34450704
Test: mma
Change-Id: I315a52411232b6ff38d014a2e0fadb0bcfbc1f3f