Prevent defining any process types without the domain attribute
so that all allow and neverallow rules written on domain are
applied to all processes.

Prevent defining any app process types without the appdomain
attribute so that all allow and neverallow rules written on
appdomain are applied to all app processes.

Change-Id: I4cb565314fd40e1e82c4360efb671b175a1ee389
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

deviceidle service should be accessible to all non third-party apps.

Cherry-pick of commit: 7c1dced7

Change-Id: Ia410fe0027f212009cc2abeaabc64c7c87841daa

This enables access to gatekeeperd for anybody who invokes Android
framework APIs. This is necessary because the AndroidKeyStore
abstraction offered by the framework API occasionally communicates
with gatekeeperd from the calling process.

(cherry picked from commit effcac7d)

Bug: 20526234
Change-Id: I450242cd085259b3f82f36f359ee65ff27bebd13

* commit 'aeb110ce':
  init.te: Don't allow mounting on top of /proc

* commit 'e05487ac':
  init.te: Don't allow mounting on top of /proc

Don't allow init to mount on top of /proc. See
https://android-review.googlesource.com/148295 for details.

Change-Id: I65f66b39f3a5bfb72facb9f716f4537ac2237af1

* commit '20f38b98':
  Allow vold to move FUSE backing files directly.

* commit '90c64542':
  Allow vold to move FUSE backing files directly.

* commit 'd2aa96c5':
  Create context for ctl.console

This enables an optimization of bypassing the FUSE overhead when
migrating emulated storage between volumes.

avc: denied { write } for path="/mnt/expand/6cba9b95-4fc8-4096-b51f-bdb2c007d059/media/obb/.nomedia" dev="dm-0" ino=387843 scontext=u:r:vold:s0 tcontext=u:object_r:media_rw_data_file:s0 tclass=file permissive=1

Bug: 19993667
Change-Id: I2bb9aaca50ed988ded6afec6d7fbe190903707e0

* commit 'c2e31a77':
  Create context for ctl.console

(cherry picked from commit c2e31a77)

Change-Id: I92218709fa8cdb71c0369aca8fdd7922df45f7d0

* commit 'bf162a2a':
  Revert "Create context for ctl.console"

Change-Id: I1c9fa4da442aa47ae4b7341eab6f788f0329d2d2

* commit '1bd407a0':
  Create context for ctl.console

* commit 'eb953648':
  Revert "Create context for ctl.console"

* commit 'a331c593':
  Revert "Revert "SELinux policy changes for re-execing init.""

This reverts commit 525e3747.

Change-Id: I64f72073592f7f7553e763402a40c467c639cfce

This reverts commit bbd56b71.

Change-Id: I3e295f785aa62de3a04b2f201be97dd7ef0c207f

* commit 'bbd56b71':
  Create context for ctl.console

(cherry picked from commit bbd56b71)

Change-Id: I0db435b80678a58cd9a6fbd5d67ba08f8e8d3cd4

Change-Id: I9ba4952230ec1b811b8ec6cd19c0286ee791bf08

* commit '5aac86dc':
  Revert "Revert "SELinux policy changes for re-execing init.""

This reverts commit c450759e.

There was nothing wrong with this change originally --- the companion
change in init was broken.

Bug: http://b/19702273
Change-Id: I9d806f6ac251734a61aa90c0741bec7118ea0387

* commit '6b82aaeb':
  Revert "SELinux policy changes for re-execing init."

* commit '6d97d9b8':
  Revert "SELinux policy changes for re-execing init."

shamu isn't booting.

This reverts commit 46e832f5.

Change-Id: Ib697745a9a1618061bc72f8fddd7ee88c1ac5eca

* commit 'f17bbab7':
  SELinux policy changes for re-execing init.

* commit 'b1b5e662':
  allow adbd to set sys.usb.ffs.ready

* commit 'ecd57731':
  SELinux policy changes for re-execing init.

* commit 'caefbd71':
  allow adbd to set sys.usb.ffs.ready

Needed for https://android-review.googlesource.com/147730

Change-Id: Iceb87f210e4c5d0f39426cc6c96a216a4644eaa9

Change-Id: I5eca4f1f0f691be7c25e463563e0a4d2ac737448

* commit '268425b7':
  gatekeeperd: use more specific label for /data file

* commit '934cf6ea':
  gatekeeperd: use more specific label for /data file

* commit '479a536a':
  Grant apps write access to returned vfat FDs.