Assortment of policy changes include:
 * Bluetooth domain to talk to init and procfs.
 * New device node domains.
 * Allow zygote to talk to its executable.
 * Update system domain access to new device node domains.
 * Create a post-process sepolicy with dontaudits removed.
 * Allow rild to use the tty device.

Change-Id: Ibb96b590d0035b8f6d1606cd5e4393c174d10ffb
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>

This reverts commit 60d4d71e

This should (finally) be fixed in https://android-review.googlesource.com/#/c/54730/

Change-Id: I3dd358560f7236f28387ffbe247fc2b004e303ea

Use TOP instead of ANDROID_BUILD_TOP

Fix spelling issues in keys.conf

Change-Id: Ib90b3041af5ef68f30f4ab78c768ad225987ef2d

This reverts commit cd4104e8

This builds clean locally, but seems to explode on the build servers. Reverting until there's a solution.

Change-Id: I09200db37c193f39c77486d5957a8f5916e38aa0

This reverts commit 1446e714

Hidden dependency has been resolved.

Change-Id: Ia535c0b9468ea5f705dff9813186a7fa8bab84ae

See README for further details.

Change-Id: I4599c7ecd5a552e38de89d0a9e496e047068fe05

This reverts commit 22fc0410

Change-Id: I2d91b1262e8d0e82a21ea7c5333b1e86f3ed9bee

Change-Id: I5d5362ad0055275052b0c2ba535b599a8e26112e

Change-Id: If361ea93fabd343728196eed2663fd572ecaa70b
Signed-off-by: Robert Craig <rpcraig@tycho.ncsc.mil>

Support the inseretion of the public key from pem
files into the mac_permissions.xml file at build
time.

Change-Id: Ia42b6cba39bf93723ed3fb85236eb8f80a08962a

Support overriding ma_permissions.xml
in BOARD_SEPOLICY_REPLACE

Change-Id: If0bca8bf29bc431a291b6d7b20de132e68cd6a79

This reverts commit af56ac19.

Change-Id: Id658a90b58ea31365051c0878c58393fd055fc69

Change-Id: I57b0dd9f8071eae492020f410c87f465ba820711

This is a rewrite of the existing implementation.
Three new variables are now needed to add/modify
the exisitng base policy. They are, BOARD_SEPOLICY_REPLACE
and BOARD_SEPOLICY_UNION which govern what files
are replaced and concatenated, and BOARD_SEPOLICY_DIRS
which lists the various directories that will contain
the BOARD_SEPOLICY_REPLACE and BOARD_SEPOLICY_UNION
policy files.

Change-Id: Id33381268cef03245c56bc5242fec7da9b6c6493
Signed-off-by: rpcraig <robertpcraig@gmail.com>

"sepolicy" is a phony target defined by the build system.
If you use it as dependency of a file target, you'll get unnecessary
rebuild.

Change-Id: I3a948ebbaff6a146050eb86a3d04cdc050f7c001

Change-Id: I4b12dc3dcb432edbdf95dd3bc97f809912ce86d1
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

Change-Id: I45b4a749bf4fb085d96d912871bae33aa5288119

The policy version suffix support was carried over from conventional
Linux distributions, where we needed to support simultaneous installation
of multiple kernels and policies.  This isn't required for Android, so
get rid of it and thereby simplify the policy pathname.

We still default to generating a specific policy version (the highest
one supported by the emulator kernel), but this can be overridden
by setting POLICYVERS on the make command-line or in the environment.

Requires a corresponding change to libselinux.

Change-Id: I40c88e13e8063ea37c2b9ab5b3ff8b0aa595402a
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

Change-Id: I4f522869eeaa6f84771e4ee2328f65296dcc29db

Change-Id: I614caa520e218f8f148eef641fed2301571da8e1

Provides support for overriding seapp_contexts declerations
in per device seapp_contexts files.

Change-Id: I23a0ffa1d24f1ce57825b168f29a2e885d3e1c51

This was moved from external/mac-policy.git

Change-Id: Ia544f13910abbe5e9f6a6cafae397415a41a7a94

ocontexts was split up into 4 files:
1.fs_use
2.genfs_contexts
3.initial_sid_contexts
4.port_contexts

Each file has their respective declerations in them.
Devices, in their respective device directory, can now specify sepolicy.fs_use, sepolicy.genfs_contexts, sepolicy.port_contexts, and sepolicy.initial_sid_contexts. These declerations will be added right behind their respective sepolicy counterparts in the concatenated configuration file.

Signed-off-by: Joshua Brindle <jbrindle@tresys.com>

Change-Id: I22f49db3d59b50ed8975d8c1146bb9c322adbf7e

Change-Id: I22f49db3d59b50ed8975d8c1146bb9c322adbf7e

New property_contexts file for property selabel backend.
New property.te file with property type declarations.
New property_service security class and set permission.
Allow rules for setting properties.

Avoid any future collisions with the use of .fc or .te suffixes in the
per-device directories.  If we want multiple file support, add a separate
subdirectory for sepolicy files.