am: 280ba8b7

Change-Id: I40ea119e77002f6d71a1b0125c9420c24fc54d49

am: a8340521

Change-Id: I0dc7cdaacd65f027f8615e5201f9357001e5b40b

am: 49e35884

Change-Id: Ib96dbc7f6467e55d595426242c59b9551e9ae75f

Addresses the following denials and auditallows:

avc: denied { read } for pid=561 comm="hwservicemanage" name="hw"
dev="dm-0" ino=1883 scontext=u:r:hwservicemanager:s0
tcontext=u:object_r:system_file:s0 tclass=dir permissive=0

avc: denied { read } for pid=748 comm="gatekeeperd" name="hw" dev="dm-0"
ino=1883 scontext=u:r:gatekeeperd:s0 tcontext=u:object_r:system_file:s0
tclass=dir permissive=0

avc: granted { read open } for pid=735 comm="fingerprintd"
path="/system/lib64/hw" dev="dm-0" ino=1883 scontext=u:r:fingerprintd:s0
tcontext=u:object_r:system_file:s0 tclass=dir

Test: no denials on boot
Change-Id: Ic363497e3ae5078e564d7195f3739a654860a32f

am: 8fe7b8d2

Change-Id: I904920227113f9b8e43182a4b3ba22b191cceb64

am: 2affae65

Change-Id: I9f5c692674c60b526b0ed7ac2bc46610b9e3c5ab

am: fae2794e

Change-Id: Iba87329c6ae3de6ad95868a9237eec83fd76da05

commit 221938cb
introduces a fix that uses braces around a single item.
This is not within the normal style of no brace around
a single item. Drop the braces.

Change-Id: Ibeee1e682c0face97f18d5e5177be13834485676
Signed-off-by: William Roberts <william.c.roberts@intel.com>

am: 03e74a20

Change-Id: I168746eb6e2fded35d2da632731d4300522e0afd

am: 31e9f39f

Change-Id: I763244982b9e104f3a2ef68a81609db0b5ca9f39

Never used.

Test: policy compiles.
Change-Id: I0ce6c46bb05925a4b3eda83531b28f873b0c9b99

As of system/core commit a742d1027784a54c535cff69b375a9f560893155, this
functionality is no longer used.

Test: device boots and no obvious problems.
Change-Id: Ia3ad8add92f1cdaaff36f4935be8b03458fed7f2

No denials showing up in collected audit logs.

Bug: 28760354
Test: Device boots
Test: No unexpected denials in denial collection logs.
Change-Id: I5a0d4f3c51d296bfa04e71fc226a01dcf5b5b508

No unexpected usages.

Bug: 28760354
Test: Device boots
Test: No unexpected denials in denial collection logs.
Change-Id: I43226fd0b8103afb1b25b1eb21445c04bc79954e

am: d1228f2e

Change-Id: Ic825465ad7cf20ebe26cb1f0a4e6077bf3648ce9

auditallow has been in place since Apr 2016
(f84b7981) and no SELinux denials have
been generated / collected. Remove unused functionality.

Test: Device boots with no problems.
Test: no SELinux denials of this type collected.
Bug: 28035297
Change-Id: I52414832abb5780a1645a4df723c6f0c758eb5e6

In particular, get rid of TIOCSTI, which is only ever used for exploits.

http://www.openwall.com/lists/oss-security/2016/09/26/14

Bug: 33073072
Bug: 7530569
Test: "adb shell" works
Test: "adb install package" works
Test: jackpal terminal emulator from
      https://play.google.com/store/apps/details?id=jackpal.androidterm&hl=en
      works
Change-Id: I96b5e7059d106ce57ff55ca6e458edf5a4c393bf

am: e6a20295

Change-Id: Ib769255c5c35ffbc47cd81c9592046b0a6282379

am: 94d76c87

Change-Id: I3d4343c5c1bc210253e24de8aeec192e331ffebb

am: 0b7506ff

Change-Id: I8093d316ef2f0e5839073b88351bca4eace75b7b

recovery (update_binary) may need to set up cpufreq during an update.

avc:  denied  { write } for  pid=335 comm="update_binary" name="scaling_max_freq" dev="sysfs" ino=7410 scontext=u:r:recovery:s0 tcontext=u:object_r:sysfs_devices_system_cpu:s0 tclass=file permissive=0

Bug: 32463933
Test: Build a recovery image and apply an OTA package that writes to
      /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq.

Change-Id: Ia90af9dd15e162dd94bcd4722b66aa296e3058c5

Lock in the gains we've made so far in restricting access to generically
labeled /proc files. There's more we can do here, but let's avoid
inadvertent regressions.

Test: policy compiles. Only compile time assertions added.
Bug: 26813932
Change-Id: If354c2ddc1c59beed7f0eb4bcbd3f0d9971c3b8a

/data/bugreports is moving to /bugreports

Bug: 27262109
Bug: 27204904
Bug: 32799236
Test: new symlink is in /bugreports and is labeled correctly
Change-Id: Ib6a492fba8388bf43debad28cfc851679f8c6151

am: 11dc03e5

Change-Id: Ie2c7f871c47d378cc3b8399e174b229439511452

Description stolen from
https://github.com/torvalds/linux/commit/42a9699a9fa179c0054ea3cf5ad3cc67104a6162

Remove unused permission definitions from SELinux.
Many of these were only ever used in pre-mainline
versions of SELinux, prior to Linux 2.6.0.  Some of them
were used in the legacy network or compat_net=1 checks
that were disabled by default in Linux 2.6.18 and
fully removed in Linux 2.6.30.

Permissions never used in mainline Linux:
file swapon
filesystem transition
tcp_socket { connectto newconn acceptfrom }
node enforce_dest
unix_stream_socket { newconn acceptfrom }

Legacy network checks, removed in 2.6.30:
socket { recv_msg send_msg }
node { tcp_recv tcp_send udp_recv udp_send rawip_recv rawip_send dccp_recv dccp_send }
netif { tcp_recv tcp_send udp_recv udp_send rawip_recv rawip_send dccp_recv dccp_send }

Test: policy compiles and no boot errors (marlin)
Change-Id: Idaef2567666f80db39c3e3cee70e760e1dac73ec

am: f25e5550

Change-Id: I267d30094daf909158f720fa8e7c501e13a5ccc3

The service running the boot control HAL needs the permissions
provided by the boot_control_hal attribute. update_engine and
update_verifier still also need these permissions in order
to successfully call the new HAL in pass-through mode, but also
need permission to call the new service.

Bug: 31864052
Test: Built and confirmed no permission denials.
Change-Id: I2a6fdd5cf79b9e461d7cc14bd5b7abd6481ed911
Signed-off-by: Connor O'Brien <connoro@google.com>

|WITH_DEXPREOPT_PIC = false| will still cause code to be loaded from
/data.

Bug: 32970029
Test: On HiKey and Marlin:
Test: Add |WITH_DEXPREOPT_PIC = false|, see SELinux denial.
Test: Apply this CL, no SELinux denials.
Change-Id: I0a1d39eeb4d7f75d84c1908b879d9ea1ccffba74

am: 5eadcb8c

Change-Id: I79ed60bfb69e16c0e55ff84583e0930a7adf7cb8

am: f2de0752

Change-Id: I198f91d03eb87d3fc707b67d50a9a363d94e066a