This CL was accidentally reverted a second time by commit:
cb5129f9.  Submit it for the third,
and final, time.

Bug: 62102757
Test: Builds and boots.

Commit: e58a8de5 added a new type
which has no analogue in 26.0.  Record it as such.

Bug: 62573845
Test: None. Prebuilt change only.
Change-Id: I6b6d2aa64e0ac2c39c8d0427d333e6c7fc2b0bb1

Commit: 86cb5215 gave /dev/memcg a
new label, but also explicitly prohibited access to vendor domains.
Add the type to the 'new types' and don't map it to any other type
for backwards compatibility.

Bug: 62573845
Test: None. Prebuilt change only.
Change-Id: I8902716830b162ead69834544ace9e02a94c65b4

Commit: 38f0928f added a type for a
new system service.  This service did not exist previously, so mark
the type as not needing any compat entry.

Bug: 62573845
Test: None. Prebuilt change only.
Change-Id: I52d8e144c614b27f5c52fa99be6cfac87159bbcd

Commit: 78e595de added a new hwservice,
which replaced a previous system service.  This effectively means we are
deleting one object and creating a new one, so no compatibility mapping
should be necessary since previous vendor processes trying to access the
service will not be able to find it now independent of policy.

Bug: 62573845
Test: None. Prebuilt change only.
Change-Id: I6882d968dccb55561379e940f6ecb62902bb1659

When moving SELinux rules from file_contexts to genfs_contexts, we
added some genfs rules to label specific files.  It turns out that one
of those files was the prefix of some other files, and since genfs
does prefix-labeling, those other files had their labels changed.

To fix this, we are changing the whole tracefs /instances/wifi from
debugfs_tracing_instances to debugfs_wifi_tracing (a few of the files
already had this label).  This simplifies the rules.

Bug: 62413700
Test: Built, flashed, and booted two devices.  Verified that the files
have the correct context and that wifi, camera, and traceur work.

Change-Id: Id62db079f439ae8c531b44d1184eea26d5b760c3

Merge "domain_deprecated: remove tmpfs dir access am: ca5bb337 am: 453f4a51 am: 407e9457 am: 8b0f89e4"

am: 8b0f89e4

Change-Id: I6a75dc96a8e5994f22a8776a413d8a6a01da4fdd

Merge "domain_deprecated: remove tmpfs dir access am: ca5bb337 am: 453f4a51 am: 407e9457 am: 8b0f89e4"

Merge "Merge "Preserve attributes needed for CTS" into oc-dr1-dev am: 1eff6417 am: d006aea0  -s ours"

am: 8b0f89e4

Change-Id: I02aefb28ad044dc7d85956156fde638c101bdbe5

Merge "Merge "Preserve attributes needed for CTS" into oc-dr1-dev am: 1eff6417 am: d006aea0  -s ours"

am: d006aea0  -s ours

Change-Id: Ie76a6c836163a8755507232b5b493a24a7b84da8

am: d006aea0  -s ours

Change-Id: Ifce7d19ce6469f5526a2e4d2b40db07c6524e368

Merge "Merge changes from topic 'am-52eed220ada34c3aba959fcbb20dfeab' into oc-dr1-dev-plus-aosp am: c436013b  -s ours"

am: c436013b  -s ours

Change-Id: I8af59aba167dfd27cd4773eb573978d539dec1ff

am: c436013b  -s ours

Change-Id: I89a0c3cfab8e44218b7978c32c577717df522069

Commit: b8f7a408 removed three
attributes from public policy.  These attributes could be assigned
to vendor types, and so need to be kept in policy when combined with
vendor policy of that version.

Bug: 62573845
Test: None. Prebuilt change only.
Change-Id: I7d71ef7795f8b82c214c2ef72478c3ca84d1869c

am: 407e9457

Change-Id: If277928809ec2bcaf7f72ef9cba5dd5d45d333ca

am: 453f4a51

Change-Id: Iff9292a4a92fdd78eebdf2ec5fab8d571fc755f6

am: ca5bb337

Change-Id: I185d127216ee72821c64daf31601fdcbe1a9c069

am: 1eff6417

Change-Id: I095df5cbd680d495fac54186ab16e2287d454c3a

Commit: 4dc88795 changed the label of
uid_time_in_state from proc to proc_uid_time_in_state.  This file
could have been used by vendor services.  Add a compat mapping.

Bug: 62573845
Test: None. Prebuilt change only.
Change-Id: I2e5222c4d4fe12cb0bbc4e85ba53c1f59b714d61

Merge "remove mke2fs rules from global file_contexts am: 0d32323c  -s ours am: 7acd39d2  -s ours"

* changes:
  remove mke2fs rules from global file_contexts am: 0d32323c  -s ours am: 91748747  -s ours
  move e2fs tools from /sbin to /system/bin am: ae047956 am: a8beb22e  -s ours

am: 7acd39d2  -s ours

Change-Id: I16bc3700ae6e363512b647a4f4f8c9d6646e5066

am: 91748747  -s ours

Change-Id: Ic1c432a08d80a03f574676b50b1805e2e0f7bc09

am: a8beb22e  -s ours

Change-Id: Icb5f4e4dec18f62df41d0e89ffa4909a74a5fa63

am: 91748747  -s ours

Change-Id: If702e73a84560aa6dd98b95113f5c2798636c5f7

am: a8beb22e  -s ours

Change-Id: Id5fdb2f361a0ef1757c0db18dfacb18914b826b3

* changes:
  remove mke2fs rules from global file_contexts am: 0d32323c  -s ours
  move e2fs tools from /sbin to /system/bin am: ae047956

am: 0d32323c  -s ours

Change-Id: I2283da4878b60860400d31eaff019faef2b2c888

am: ae047956

Change-Id: I6b61f896f97bfe7ed9d2dfeb876d76e0101e093a

am: 0d32323c  -s ours

Change-Id: I9cb9b52f452394a32c51ec2aefd502e21896c61d

am: ae047956

Change-Id: Id8c7b9ab97ad80332b65fd02ba9ca61e67dac218

Address "granted" audit messages for dumpstate use of df.

avc: granted { getattr } for comm="df" path="/mnt" dev="tmpfs"
scontext=u:r:dumpstate:s0 tcontext=u:object_r:tmpfs:s0
tclass=dir
avc: granted { search } for comm="df" name="/" dev="tmpfs"
scontext=u:r:dumpstate:s0 tcontext=u:object_r:tmpfs:s0
tclass=dir

Bug: 28760354
Test: Build, check logs.
Change-Id: I920948a5f0bce1b4bd2f15779730df8b3b1fea5a