am: 062b7736

Change-Id: Ic191ef4fafc87529857b1fae90b8609dfa5944d2

am: b057d62e

Change-Id: Ibfcf81f40d7bf50ba8dfb6c9f49f3ae159e4bc20

am: 61d9aaf9

Change-Id: Id4a7b604e7525c5cf78e2bc6788284126fab8f3c

am: 7ceea484

Change-Id: I82200626ae6a84728ce202e8f2ba829b4f3dc889

am: 3e1a8911

Change-Id: I10391f7ee62a151bd09b83fe4522a057aa8ddbfb

am: 0393dafd

Change-Id: Ida00cdf24a809888233ede97a83d42ed5c1a8574

am: 0393dafd

Change-Id: Ib8773a6973da28cfa161fbe34f701c191cab6f80

am: df964950

Change-Id: I5e793a78ad471b27fdc0bb88596ab23f6ac43dc4

type=1400 audit(1501520483.066:14): avc: denied { write } for pid=3330
comm=4173796E635461736B202331 name="property_service" dev="tmpfs"
ino=10749 scontext=u:r:nfc:s0 tcontext=u:object_r:property_socket:s0
tclass=sock_file permissive=0

Test: No sepolicy denials
Bug: 64010793
Change-Id: I8d73e8e19cd4d0a8c61f1f184820c53e5cc2b6d6
(cherry picked from commit df964950)

am: 079a98b8

Change-Id: Iff8db1f3c51c83a86408634e43505f29b337d391

am: 0785a72c

Change-Id: I250ef72980dd7cb6b471abfe4bbe61ae9b199680

Commit: 3eed3eac added the compatibility
statement for the new mediaprovider app domain, but it missed another
new, private type, mediaprovider_tmpfs, that is automatically created for
all appdomains.  It replaces priv_app_tmpfs, but since both types are
private, they do not need to be added to the actual mapping (vendor policy
cannot use it).

Bug: 62573845
Test: None.  Prebuilt-only change.
Change-Id: I62229a5be74cd928fe0ca82a45b73cb61d6f5223

Commit: 632bc494 added hwservice labeling
and was cherry-picked to oc-dev, but the hal_wifi_offload_hwservice type
was not part of the cherry-pick because the service was not in oc-dev.
Record the type for compatibility purposes.

Bug: 62573845
Test: None. Prebuilt change only.
Change-Id: Ib2c0fe862eddb566fbe6b0287238fa93dddae7b8

Merge "Merge "Add system_net_netd_hwservice." into oc-dr1-dev am: 23b986ce am: a3a9d4c0" into oc-mr1-dev-plus-aosp

am: a3a9d4c0

Change-Id: I63ad7f7e6a2b19ca29d02624bf5dbf970b39dd32

am: 49460e93

Change-Id: Iaf04167b2d2ec3bd4d44df450f90367d103dd697

am: 23b986ce

Change-Id: I1bc8e3375fce75763efb8ba369715146a33f106b

am: 23b986ce

Change-Id: I15b6b70c8383316adcb3699de996a8a6b66db8b2

type=1400 audit(1501520483.066:14): avc: denied { write } for pid=3330
comm=4173796E635461736B202331 name="property_service" dev="tmpfs"
ino=10749 scontext=u:r:nfc:s0 tcontext=u:object_r:property_socket:s0
tclass=sock_file permissive=0

Test: No sepolicy denials
Bug: 64010793
Change-Id: I8d73e8e19cd4d0a8c61f1f184820c53e5cc2b6d6

am: c29fd93c

Change-Id: I0fb17936f69cf8b3c4080ba853c596786ff61d5f

am: f1876d58

Change-Id: I9b878eace2de33a483f648376f005277ef9283c6

am: 4e960188

Change-Id: I5dcc335c9bc9a1546709bef874c499b9d8eff03c

am: 5c41d40e

Change-Id: I6a60af407a6a95e3d48818de28619dc5ba44284f

Remove reference to non-existent attribute domain_deprecated.

Test: successfully build
Change-Id: I9b019147c033bf4019e37cb11736eb0a91284d9d

am: dd92ece4

Change-Id: I7dfccdd2709a95249d12f0898b9ca0dd35c37dd2

The only file in /proc/<pid>/ that is world writeable is
/proc/<pid>/timerslack_ns so granting selinux write permission to
a process's /proc/<pid>/ file only allows writing to timerslack_ns
(unless the process is running as system UID).

Addresses denials such as:
avc: denied { write } for comm="Binder:1117_2" name="timerslack_ns"
dev="proc" ino=27908 scontext=u:r:system_server:s0
tcontext=u:r:priv_app:s0 tclass=file permissive=1

Bug: 30675296
Test: build
Change-Id: I2cee8ce73a0dc05d771881c36da2fde5411859fb

am: 45074160

Change-Id: I0335754c8b2c93817d9447f4847cdedb111a6594

am: d22cbc8f

Change-Id: I9ce4b77de5cb1e19428732824ae5ab528ac64a04

am: f1b06df3

Change-Id: I0d98e192600c94f983d7b0347715e2ba6a8b8dab

long live domain.te!

Remove all references.

Bug: 28760354
Test: build
Merged-In: I99953ecc7d275fdbe8e56d8f47a27d1f9e1cc09a
Change-Id: I99953ecc7d275fdbe8e56d8f47a27d1f9e1cc09a

am: 17533144

Change-Id: I041ba5d8e2a2579f4d17655e201de0d1759d56c3

Merge "Add missing comment from my previous merge in 47966cec." into stage-aosp-master am: 55f0ecb7 am: 05928953
am: d015ea75

Change-Id: Icb3e3b8303f7edd9930cc66e44e2df09b3286efb

Merge "Add missing comment from my previous merge in 47966cec." into stage-aosp-master am: 55f0ecb7
am: 05928953

Change-Id: Ia89eaaa654e9421f895e20916ebdec0099f30042

am: 55f0ecb7

Change-Id: I8d46aa5e2b38de80ef0cd0d8028c8b2d13809b15

This hidl service provides functionality for oem networking
configuration to vendor services which is required by
at least some vendor radio modules.

Test: VtsHalNetNetdV1_0TargetTest, netd_integration_test, netd_unit_test
Test: no denials
Bug: 36682246
Change-Id: I86ac9082166b406b2fc814972375ba737460ad7b

avc: denied { read } for pid=1704 comm="top" name="stat" dev="proc" ino=4026532297 scontext=u:r:dumpstate:s0 tcontext=u:object_r:proc_stat:s0 tclass=file permissive=0
avc: denied { read } for pid=1636 comm="dumpstate" name="lcd-backlight" dev="sysfs" ino=16592 scontext=u:r:dumpstate:s0 tcontext=u:object_r:sysfs_leds:s0 tclass=lnk_file permissive=0
avc: denied { call } for pid=2230 comm="dumpsys" scontext=u:r:dumpstate:s0 tcontext=u:r:installd:s0 tclass=binder permissive=0
avc: denied { create } for pid=1700 comm="ip" scontext=u:r:dumpstate:s0 tcontext=u:r:dumpstate:s0 tclass=netlink_xfrm_socket permissive=0

Bug: 62410287
Bug: 35350306
Change-Id: I65be3678c64214ebeb544e0e155bce88b21adf02
Signed-off-by: Tim Kryger <tkryger@google.com>
(cherry picked from commit b7e1f2dd)