* commit '669f6792':
  mediaserver.te refactor

* commit 'eeafabde':
  Label persist audio properties

* commit 'e468016b':
  zygote requires setpcap in order to drop from its bounding set.

I8560fa5ad125bf31f0d13be513431697bc7d22bb changed the zygote
to limit the bounding capability set to CAP_NET_RAW.  This triggers
a CAP_SETPCAP check by the kernel, which requires SELinux setpcap permission.

Change-Id: Ib910d97dcf708273e2806e2824f4abe9fc239d6d
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

* commit '58b0fb6d':
  Fix invalid specification for adb_keys.

A prior change added an entry for adb_keys without any security context,
yielding warnings like the following during build:
out/target/product/manta/root/file_contexts:  line 7 is missing fields, skipping

This adds the missing security context field.

Change-Id: If48731c8aa7d22a3f547d0854f288ff68f9006da
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

* commit '92b9aa0e':
  add file_contexts entries for root filesystem

It may be useful to generate an ext4 image of the root filesystem
instead of using a ramdisk.  Whitelist entries in file_contexts to
support selinux labeling a root filesystem image.

Change-Id: I91a38d0aee4408c46cbfe5dc5e6eda198572e90f

Change-Id: Ieaff9f3362c71e25e5c8e7204397a85ff14fff97

label all persist.audio.* properties
and allow mediaserver access to them.

Change-Id: If5755d9783dce298e66a25bcb7f17ff17bd83ea7

* commit 'e8848726':
  Add policy for run-as program.

* commit 'fdaa7869':
  README for configuration of selinux policy

* commit 'c34a2527':
  Allow shell to connect to property service

Add policy for run-as program and label it in file_contexts.
Drop MLS constraints on local socket checks other than create/relabel
as this interferes with connections with services, in particular for
adb forward.

Change-Id: Ib0c4abeb7cbef559e150a620c45a7c31e0531114
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

Change-Id: I06ea2b400cc826c684b6ad25e12b021c2667b48a

This README intends to document the various configuration options
that exist for specifiying device specific additions to the policy.

Change-Id: I7db708429a67deeb89b0c155a116606dcbbbc975

* commit '61c80d5e':
  Update policy for Android 4.2 / latest master.

Update policy for Android 4.2 / latest master.
Primarily this consists of changes around the bluetooth subsystem.
The zygote also needs further permissions to set up /storage/emulated.
adbd service now gets a socket under /dev/socket.
keystore uses the binder.

Change-Id: I8c5aeb8d100313c75169734a0fa614aa974b3bfc
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

am eab23895: Merge "Revert "Include su.te only for userdebug/eng builds."" into jb-mr1-dev-plus-aosp

* commit 'eab23895':
  Revert "Include su.te only for userdebug/eng builds."

* commit '8c87a18d':
  Add SELinux policy for asec containers.

* commit 'eefaa83d':
  Moved Android policy tools to tools directory

* commit 'df822f41':
  Add SELinux policy for asec containers.

* commit 'cdfb06f5':
  Moved Android policy tools to tools directory

This reverts commit af56ac19.

Change-Id: Id658a90b58ea31365051c0878c58393fd055fc69

Change-Id: I57b0dd9f8071eae492020f410c87f465ba820711

* commit '83dde220':
  Change 0 to NULL Byte

* commit 'f6647eb9':
  Change 0 to NULL Byte

Change-Id: I16b47f8dbf64e8dffb550b5a89321f920604ef7a

* commit 'a2517b20':
  Add better per-device sepolicy support.

Change-Id: I3112f4cf0fafb6e7e3c9c60084a097f5e6190c22

This is a rewrite of the existing implementation.
Three new variables are now needed to add/modify
the exisitng base policy. They are, BOARD_SEPOLICY_REPLACE
and BOARD_SEPOLICY_UNION which govern what files
are replaced and concatenated, and BOARD_SEPOLICY_DIRS
which lists the various directories that will contain
the BOARD_SEPOLICY_REPLACE and BOARD_SEPOLICY_UNION
policy files.

Change-Id: Id33381268cef03245c56bc5242fec7da9b6c6493
Signed-off-by: rpcraig <robertpcraig@gmail.com>

* commit '6b964fa1':
  Use file target as dependency.

* commit 'd8b122c7':
  Use file target as dependency.

"sepolicy" is a phony target defined by the build system.
If you use it as dependency of a file target, you'll get unnecessary
rebuild.

Change-Id: I3a948ebbaff6a146050eb86a3d04cdc050f7c001

* commit '8f4600c0':
  Add double free protection to checkseapp.