am: 04a9c429

Change-Id: I9c44efe98a994ac302436325809657762ca6d26a

am: f69d535c

Change-Id: I19a518a9f84d17fdd7d3f7b8613d85785948187f

am: 80cab7de

Change-Id: Iba1cf44b3e7c965b8ea7033b80a25393730512e9

The new binder_call() lines had to be added
because this change removes mediacodec from
binderservicedomain (on full-treble), hence
domains that could previously reach mediacodec
with binder_call(domain, binderservicedomain)
now need explicit calls instead.

Test: Youtube, Netflix, Maps, Chrome, Music
Change-Id: I3325ce20d9304bc07659fd435554cbcbacbc9829

am: e506cda3

Change-Id: I9df35ecb00db0ed5d3a1430e64056e09579ab0a5

am: acb66317

Change-Id: Ib10b8c031066507b72361e302204646d3c9f9814

Test: WIP
Change-Id: I678b0d0e9750b25628b86060574fd516d3749cdf

am: 748cae86

Change-Id: Ia9c8f25a66ba8cf8528e80b3ce4c151f10574a6d

Temporary attribute (checked against in CTS) to point out vendor
processes that run /system executables. These are currently only down to
2-3 of them that are related to telephony on sailfish

Bug: 36463595
Test: Build succeeds for sailfish
Test: ./cts-tradefed run cts -m CtsSecurityHostTestCases -t \
          android.security.cts.SELinuxHostTest#testNoExemptionsForVendorExecutingCore \
          --skip-device-info --skip-preconditions --skip-connectivity-check \
          --abi arm64-v8a

Change-Id: I9eb40ad259aefba73869d6a1b40186d33fa475dd
Signed-off-by: Sandeep Patil <sspatil@google.com>

Bug: 36463595
Test: Boot sailfish, make wifi call, internet over data and wifi

Change-Id: I81259b6412d7197725afe2fe4976aa0a03b8df6e
Signed-off-by: Sandeep Patil <sspatil@google.com>

Attributes added to the policy by the policy compiler are causing
performance issues. Telling the compiler to expand these
auto-generated attributes to their underlying types prevents
preemtion during policy lookup.

Bug: 3650825
Test: Build and boot Bullhead
Change-Id: I9a33f5efb1e7c25d83dda1ea5dfe663b22846a2f

am: de2e79c5

Change-Id: Icc632129142cba968ca05206690adfef445f62c7

am: 16118451

Change-Id: I55938593a2dd5f284dd2332a3685a737acbe1aec

am: afa8120a

Change-Id: Ie7c760c3952650b5b7b60f956a0a5934a64e399f

am: 5ab5cfba

Change-Id: I1fd254e6991d4d7f9afa6e36b26cc879c73fa6da

Since hal_graphics_composer_default is now no longer
a member of binderservicedomain, these domains would
no longer be able to use filedescriptors from it.

Bug: 36569525
Bug: 35706331
Test: marlin boots, YouTube, Maps, Camera, video
Change-Id: I4c110cf7530983470ae079e4fbc8cf11aa0fab7f

Encountered more denials on sailfish:

avc:  denied  { read } for  pid=439 comm="recovery" name="thermal"
dev="sysfs" ino=28516 scontext=u:r:recovery:s0
tcontext=u:object_r:sysfs_thermal:s0 tclass=dir permissive=0

avc:  denied  { read } for  pid=441 comm="recovery"
name="thermal_zone9" dev="sysfs" ino=40364 scontext=u:r:recovery:s0
tcontext=u:object_r:sysfs_thermal:s0 tclass=lnk_file permissive=0

Bug: 36920500
Test: sideload a package in sailfish
(cherry picked from commit b4e4565d)

Change-Id: I46b14babd47168e87c0d30ec06281aaa237563bf

Encountered more denials on sailfish:

avc:  denied  { read } for  pid=439 comm="recovery" name="thermal"
dev="sysfs" ino=28516 scontext=u:r:recovery:s0
tcontext=u:object_r:sysfs_thermal:s0 tclass=dir permissive=0

avc:  denied  { read } for  pid=441 comm="recovery"
name="thermal_zone9" dev="sysfs" ino=40364 scontext=u:r:recovery:s0
tcontext=u:object_r:sysfs_thermal:s0 tclass=lnk_file permissive=0

Bug: 36920500
Test: sideload a package in sailfish
Change-Id: Ib4e89ba48cdc383318e5f3b7b15f542434e43564

am: e9e11a79

Change-Id: I4afe3e0fbd9fd17d19f2e498162c9f68234a8fb5

am: a8c0b2d9

Change-Id: If0bae6172f3f7e5c05b4745dc7a00b890b4905e5

* changes:
  suppress audit logs from rild's access to core domain through system()
  sepolicy: auditallow vendor components to execute files from /system
  vendor_shell: add sepolicy for vendor shell
  toolbox: add sepolicy for vendor toybox
  Do not allow priv_apps to scan all exec files

am: 20c2d4e9

Change-Id: I0a6aeb383854eb7df3b701ff2a080cb5a12398db

This change disables /dev/binder access to and by mediacodec on
full-Treble devices.

b/36604251 OMX HAL (aka mediacodec) uses Binder and even exposes a
	   Binder service

Test: marlin
Change-Id: I1e30a6c56950728f36351c41b2859221753fd91a
Signed-off-by: Iliyan Malchev <malchev@google.com>

Test: mmm system/sepolicy
Bug: 34980020

(cherry picked from commit 3cc6a959)

Change-Id: I64c7275551e8e27d68072e8ec38c07b539989da0

Change-Id: Ic9a9026df6f36d65fa02cc7b264bc901a14546f9
Signed-off-by: Sandeep Patil <sspatil@google.com>

Adds a rule to audit vendor domains from executing programs from /system
with the exception of domains whitelisted in the rule.

Bug: 36463595
Test: Boot sailfish
Test: Run SELinuxHostTests with the tests that checks for new violators
      (without the API check) to ensure it fails for sailfish. The API
      check will allow the test to skip the check.

Change-Id: Id19f32141bceba4db4bd939394ff3ee0b3c4b437
Signed-off-by: Sandeep Patil <sspatil@google.com>

Bug: 36463595
Test: Boot sailfish and make sure all vendor services that are shell scripts
      work. (Checke exited status)

Change-Id: I3d1d564114a914dec8179fb93a9e94493c2808da
Signed-off-by: Sandeep Patil <sspatil@google.com>

am: 31c55240

Change-Id: I69d9ff422aaa8ae2b8b725a85cdb6374ba617014

am: 5d81208e

Change-Id: If6446ab310961d37a302e0482aaee4ec70c39c9a

am: d06d8c81

Change-Id: Iec93bd97c267143606c62957e404493a1aa3c7c9

am: f169d6a3

Change-Id: Icbd24b2e2222746a6efb957e609912b30d3d8e5e

am: e453801d

Change-Id: I1568b0c66ebd5932dbc5da353c40dbff02ceab26