Addresses this denial during CtsBionicTestCases:
avc: denied { getattr } for path="/proc/version" dev="proc"
ino=4026532359 scontext=u:r:shell:s0 tcontext=u:object_r:proc_version:s0
tclass=file permissive=0

Bug: 68067856
Test: cts-tradefed run commandAndExit cts -m CtsBionicTestCases
--skip-all-system-status-check --primary-abi-only --skip-preconditions
No more denials to /proc/version
Change-Id: I7e927fbaf1a8ce3637e09452cbd50f475176838e

Bug: 25861755
Test: Boot device, create user, create files, remove user, observe logs
Change-Id: I195514eb45a99c1093998786ab385338463269c0
Merged-In: I195514eb45a99c1093998786ab385338463269c0
(cherry picked from commit eb7340d9)

Remove netd access to sysfs_type attribute.

These were moved from vendor to fwk policy:
1. sysfs_net type declaration
2. labeling of /sys/devices/virtual/net with sysfs_net
3. netd access to sysfs_net

Bug: 65643247
Test: can browse internet without netd denials
Test: netd_unit_test, netd_integration_test without netd denials
Merged-In: Ic1b95a098f438c4c6bc969bee801bf7dd1a13f6e
Change-Id: Ic1b95a098f438c4c6bc969bee801bf7dd1a13f6e
(cherry picked from commit e62a56b7)

* changes:
  Shell: grant permission to run lsmod
  Dumpstate: cleanup denial logspam

No sign of these denials getting cleaned up, so supress them in core
policy.

Test: build
Change-Id: I0320425cb72cbd15cef0762090899491338d4f7c

When we removed /data/dalvik-cache execute permission for system_server
(b/37214733, b/31780877), I forgot to fixup this neverallow rule.
Fix rule.

Test: policy compiles.
Change-Id: I38b821a662e0d8304b8390a69a6d9e923211c31e

lsmod needs access to /proc/modules

Test: build, run lsmod
Change-Id: Icb6ea6ce791cc6a22c89aa8e90c44749497c8468

Dumpstate lists all services and then enumerates over them. Suppress
"find" denials for services which dumpstate is neverallowed access
to.

Dumpstate includes the kernel command line in bug reports. Grant access
to /proc/cmdline.

Test: build. Run adb bugreport.
Change-Id: I89b546c728a034638f9257c6cf93366d99a10762

Don't allow apps to run with uid=shell or selinux domain=shell unless
the package is com.android.shell.

Add a neverallow assertion (compile time assertion + CTS test) to ensure
no regressions.

Bug: 68032516
Test: policy compiles, device boots, and no obvious problems.
Change-Id: Ic6600fa5608bfbdd41ff53840d904f97d17d6731

The use of SIOCATMARK is not recommended per rfc6093.

This ioctl is not currently allowed on Android. Add a neverallowxperm
statement (compile time assertion + CTS test) to ensure this never
regresses.

Bug: 68014825
Test: policy compiles.
Change-Id: I41272a0cb157ac9aa38c8e67aabb8385403815f9

This is to simplify access for hal_audio

Test: ls -Z in /proc/asound correctly shows everything with proc_asound
selinux label

Change-Id: I66ed8babf2363bee27a748147eb358d57a4594c4

Access to /sys/class/android_usb/ was lost when that dir received a new
label sysfs_android_usb.

Bug: 65643247
Test: can enter recovery mode and sideload through usb  without denials to /sys
Change-Id: I22821bab9833b832f13e0c45ff8da4dae115fa4d

Code review of:
  - https://android-review.googlesource.com/#/c/platform/system/sepolicy/+/512420/

had some comments. These were addressed and upstreamed here:
  - https://github.com/TresysTechnology/refpolicy/commit/65620e0f94541195fed45f34d4fc1218b4e0d6f3



Bring these changes back into the AOSP tree.

Test: verify that output sorted device files did not change hashes when built.

Change-Id: I7f07d3f74923cf731e853629034469784fc669f7
Signed-off-by: William Roberts <william.c.roberts@intel.com>

Bug: 66996870
Test: build with WITH_TIDY=1
Change-Id: I5df432c6d2f7ee19db89f44fbe3adec2bbcc0b41

This file is necessary for using an mr1 system image in conjunction
with an oc-dev vendor image.  This is currently needed by GSI testing,
for example.

(cherry-pick of commit: 03596f28)

Bug: 66358348
Test: File is included on system image.
Change-Id: Ie694061d08acf17453feb596480e42974f8c714c

Reason: breaks "Ok google". Soundtrigger module needs to access /proc/asound/pcm.

This reverts commit 5cccb249.

Bug: 67930353
Change-Id: I67e0912a6795b3715a3321d3fe5147f49cebc9b5

Now hwservicemanager can send ctl.interface_start messages
to init.

Note that 'set_prop(ctl.*, "foo")' maps to property context
for ctl.foo.

Bug: 64678982
Test: hwservicemanager can start interfaces
Change-Id: I9ab0bacd0c33edb0dcc4186fa0b7cc28fd8d2f30

Addresses the following test failure:
system/extras/tests/kernel.config/nfs_test.cpp:24: Failure
Value of: android::base::ReadFileToString("/proc/filesystems", &fs)
Actual: false
Expected: true

Denial:
avc: denied { read } for name="filesystems" dev="proc"
scontext=u:r:shell:s0 tcontext=u:object_r:proc_filesystems:s0
tclass=file

Bug: 67862327
Test: build
Change-Id: I9ada5404987cb474968afc8cb8d96137ee36c68d

As part of Treble, enforce that the communication between platform
and vendor components use the official hw binder APIs. Prevent sharing
of data by file path. Platform and vendor components may share
files, but only via FD passed over hw binder.

This change adds the violators attribute that will be used to mark
violating domains that need to be fixed.

Bug: 34980020
Test: build
Change-Id: Id9acfbbc86bfd6fd0633b8164a37ce94d25ffa2c

rw access to sysfs_power file is not enough; in some cases search access
is also needed

Bug: 67895406
Test: system_server can access memory power statistics
Change-Id: I471e8e60626e6eed35e74e25a0f4be470885a459

Bug: 25861755
Test: Boot device, observe logs
Change-Id: I6c13430d42e9794003eb48e6ca219b874112b900
Merged-In: I6c13430d42e9794003eb48e6ca219b874112b900
(cherry picked from commit 47f3ed09)

This change allows wpantund to call any binder callbacks that have
been registered with it. Generally, only privileged apps are allowed
to register callbacks with wpantund, so we are limiting the scope for
callbacks to only privileged apps. We also add shell to allow the
command-line utility `lowpanctl` to work properly from `adb shell`.

Bug: b/67393078
Test: manual
Change-Id: I64c52cc5e202725a81230dc67e1cd7c911cf8e1c
(cherry picked from commit 17319cb3)

Bug: b/64399219
Test: Manual
Change-Id: I4f6c7e4e3339ae95e43299bf364edff40d07c796
(cherry picked from commit c8bd93d7)

As a consequence, hal_audio_default (and any domain with hal_audio attribute)
loses access to proc label.

Bug: 65643247
Test: sailfish boots, can play sound through speakers and headset
(3.5mm, usb, and bluetooth) without denials from hal_audio to proc.
Test: VtsHalAudioEffectV2_0Target
Test: VtsHalAudioV2_0Target

Change-Id: I3eead5a26ef36b8840d31c5e078f006b0c2266a3