Previously appdomains allowed to execute off of /data
where whitelisted. This had the unfortunate side effect of
disallowing the creation of device specific app domains
with fewer permissions than untrusted_app. Instead grant
all apps a neverallow exemption and blacklist specific app
domains that should still abide by the restriction.

This allows devices to add new app domains that need
/data execute permission without conflicting with this rule.

Bug: 26906711

(cherry picked from commit c5266df9)

Change-Id: I4adb58e8c8b35122d6295db58cedaa355cdd3924

Remove the ioctl permission for most socket types. For others, such as
tcp/udp/rawip/unix_dgram/unix_stream set a default unprivileged whitelist
that individual domains may extend (except where neverallowed like
untrusted_app). Enforce via a neverallowxperm rule.

Change-Id: I15548d830f8eff1fd4d64005c5769ca2be8d4ffe

Grant permissions observed.

Bug: 28760354
Change-Id: Ie63cda709319bbf635ef7bffbba3477c2cccc11b

Fix file diffs.

Change-Id: Iac673c718b49779bba380e75ddd083caf6a2a1c3

Bug: 31364540
Change-Id: I2e11ef4666048c94b4754d50de74d1c526c6933c

(cherry picked from commit 8f40b41e)

bug 24503801

Change-Id: I6cf1afb3982c4da4f5e57188d3e24ac01c4bd416

Bug: 31246864

Change-Id: I8319e632b3be1e558dfc550453b8298914c89064
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>

Bug: 30041228
Test: WiFi tethering, client mode continues to function

Change-Id: I95a583ad4d57642f4731e415abb77732df5289ac
(cherry picked from commit fb5b13ee)

Bug: http://b/29622562
Change-Id: I21bc79f31ffd0b002b4a25d3ceefaf12f42f05c4

Newer kernels apparently introduce a new SELinux label
"netlink_generic_socket".

AOSP is missing some patches for ioctl whitelisting and
it was suggested we add unpriv_socket_ioctls as a stopgap.

Bug: 31226503
Change-Id: Ie4dd499925f74747c0247e5d7ad0de0f673b5ed2

This patch allows mips to boot in enforcing mode.

Change-Id: Ia4676db06adc3ccb20d5f231406cf4ab67317496

am: c8820d04  -s ours

Change-Id: I7a9086cbd781d8e4450564f6c7c1697fd14643f6

am: 3dfef1fd  -s ours

Change-Id: Ia0adf841c0b37647c27fe31b805abcf3cff4d62c

am: fe8d6739  -s ours

Change-Id: I199ff6989c4acceb1878062ce9086ad9da6444b2

(cherry picked from commit 48d68a64)

Remove audit messaged.

Addresses:
avc:  granted  { read } for  pid=1 comm="init" name="cmdline" dev="proc" ino=4026535448 scontext=u:r:kernel:s0 tcontext=u:object_r:proc:s0 tclass=file
avc:  granted  { read open } for  pid=1 comm="init" path="/proc/cmdline" dev="proc" ino=4026535448 scontext=u:r:kernel:s0 tcontext=u:object_r:proc:s0 tclass=file

Bug: 28760354
Change-Id: I48ea01b35c6d1b255995484984ec92203b6083be

(cherry picked from commit 8486f4e6)

Grant observed permissions

Addresses:
init
avc:  granted  { use } for  pid=1 comm="init" path="/sys/fs/selinux/null" dev="selinuxfs" ino=22 scontext=u:r:init:s0 tcontext=u:r:kernel:s0 tclass=fd

mediaextractor
avc: granted { getattr } for pid=582 comm="mediaextractor" path="/proc/meminfo" dev="proc" ino=4026535447 scontext=u:r:mediaextractor:s0 tcontext=u:object_r:proc_meminfo:s0 tclass=file
avc: granted { read } for pid=582 comm="mediaextractor" name="meminfo" dev="proc" ino=4026535447 scontext=u:r:mediaextractor:s0 tcontext=u:object_r:proc_meminfo:s0 tclass=file
avc: granted { read open } for pid=582 comm="mediaextractor" path="/proc/meminfo" dev="proc" ino=4026535447 scontext=u:r:mediaextractor:s0 tcontext=u:object_r:proc_meminfo:s0 tclass=file

uncrypt
avc: granted { getattr } for pid=6750 comm="uncrypt" path="/fstab.angler" dev="rootfs" ino=9809 scontext=u:r:uncrypt:s0 tcontext=u:object_r:rootfs:s0 tclass=file
avc: granted { read } for pid=6750 comm="uncrypt" name="fstab.angler" dev="rootfs" ino=9809 scontext=u:r:uncrypt:s0 tcontext=u:object_r:rootfs:s0 tclass=file
avc: granted { read open } for pid=6750 comm="uncrypt" path="/fstab.angler" dev="rootfs" ino=9809 scontext=u:r:uncrypt:s0 tcontext=u:object_r:rootfs:s0 tclass=file

Bug: 28760354
Change-Id: Ibd51473c55d957aa7375de60da67cdc6504802f9

* changes:
  Allow wificond to drop privileges after startup
  Allow wificond to set interfaces up and down
  Allow wificond to clean up wpa_supplicant state
  Allow wificond to drop signals on hostapd
  Give wificond permission to start/stop init services
  Give hostapd permissions to use its control socket
  Allow wificond to write wifi component config files
  add netlink socket permission for wificond
  SEPolicy to start hostapd via init
  Allow system_server to call wificond via Binder
  Allow wificond to mark interfaces up and down
  Separate permissions to set WiFi related properties
  Define explicit label for wlan sysfs fwpath
  sepolicy: Add permissions for wpa_supplicant binder
  sepolicy: add sepolicy binder support for wificond
  Sepolicy files for wificond

Grant permissions observed.

(cherry picked from commit 9c820a11)

Merged-in: Ifdead51f873eb587556309c48fb84ff1542ae303
Bug: 28760354
Change-Id: Ifdead51f873eb587556309c48fb84ff1542ae303

am: 163c6080

Change-Id: Ia7e00dda7fea4e58c450c50ab7fd5fc709ebaa3e

(cherry picked from commit e8a53dff)

With the breakup of mediaserver, distinguishing between
camera_device and video_device is meaningful. Only grant
cameraserver access to camera_device.

Bug: 28359909
Change-Id: I0ae12f87bac8a5c912f0a693d1d56a8d5af7f3f3

am: 4e6655b5

Change-Id: I13896b6e919f8bd10573aa085bf73998e28f8661

isolated_app can already write to a file. Apps may want to append
instead of write.

Fixes: 30984610
Change-Id: I7a90b3311dcaff597f07930ceea0a23b29b0df2d

am: 47b373af

Change-Id: I58b6e0b40662e3fa5c771300f443d32cc40df3a3

wificond will now change user/group to wifi/wifi after
taking control of a particular path in the sysfs.

Bug: 29870863
Change-Id: I9ccb23f60a66d6850f3969c364288f8850044fed
Test: wificond unit and integration tests pass
(cherry picked from commit 8a04a313)

This is apparently a privileged ioctl.  Being able to do this allows us
to no longer kill hostapd with SIGTERM, since we can cleanup after hard
stops.

Bug: 31023120
Test: wificond unit and integration tests pass

Change-Id: Icdf2469d403f420c742871f54b9fb17432805991
(cherry picked from commit ca7b04ba)

system_server communicates with wpa_supplicant via various control
sockets.  Allow wificond to unlink these sockets after killing
wpa_supplicant.

Bug: 30666540
Change-Id: Ic1419a587f066c36723c24518952025834959535
(cherry picked from commit ba96cd1c)

Stopping hostapd abruptly with SIGKILL can sometimes leave the driver
in a poor state.  Long term, we should pro-actively go in and clean up
the driver.  In the short term, it helps tremendously to send SIGTERM
and give hostapd time to clean itself up.

Bug: 30311493
Test: With patches in this series, wificond can cleanly start and stop
      hostapd in integration tests.

Change-Id: Ic770c2fb1a1b636fced4620fe6e24d1c8dcdfeb8
(cherry picked from commit 762cb7c4)

Bug: 30292103
Change-Id: I433f2b8cc912b42bf026f6e908fd458a07c41fc2
Test: Integration tests reveal wificond can start/stop hostapd.
(cherry picked from commit 1faa9c55)

Bug: 30311493
Test: hostapd starts and stops reliably without complaining about
      permission to create the control directory, the control socket,
      or write to the control socket.

Change-Id: If8cf57cce5df2c6af06c8b7f28708e40876e948c
(cherry picked from commit cbabe363)

We need the ability to set file permissions, create files, write
files, chown files.

Test: integration tests that start/stop hostapd and write its config
      file via wificond pass without SELinux denials.
Bug: 30040724

Change-Id: Iee15fb36a6a4a89009d4b45281060379d70cd53c
(cherry picked from commit f83da142)

 wificond: type=1400 audit(0.0:43): avc: denied { create } for
 scontext=u:r:wificond:s0 tcontext=u:r:wificond:s0 tclass=netlink_socket
 permissive=1

 wificond: type=1400 audit(0.0:44):
 avc: denied { setopt } for scontext=u:r:wificond:s0
 tcontext=u:r:wificond:s0 tclass=netlink_socket permissive=1

 wificond: type=1400 audit(0.0:45):
 avc: denied { net_admin } for capability=12 scontext=u:r:wificond:s0
 tcontext=u:r:wificond:s0 tclass=capability permissive=1

 wificond: type=1400 audit(0.0:46):
 avc: denied { bind } for scontext=u:r:wificond:s0
 tcontext=u:r:wificond:s0 tclass=netlink_socket permissive=1

 wificond: type=1400 audit(0.0:47):
 avc: denied { write } for scontext=u:r:wificond:s0
 tcontext=u:r:wificond:s0 tclass=netlink_socket permissive=1

 wificond: type=1400 audit(0.0:48):
 avc: denied { read } for path="socket:[35892]" dev="sockfs" ino=35892
 scontext=u:r:wificond:s0 tcontext=u:r:wificond:s0 tclass=netlink_socket
 permissive=1

TEST=compile and run

Change-Id: I5e1befabca7388d5b2145f49462e5cff872d9f43
(cherry picked from commit 781cfd82)

While here, remove a lot of extra permissions that we apparently
had because hostapd was inheriting fds from netd.

Bug: 30041118
Test: netd can request init to start/stop hostapd without denials.

Change-Id: Ia777497443a4226a201030eccb9dfc5a40f015dd
(cherry picked from commit 8a6c5f85)

WifiStateMachin: type=1400 audit(0.0:24): avc: denied { call } for
scontext=u:r:system_server:s0 tcontext=u:r:wificond:s0 tclass=binder
permissive=0

Bug: 29607308
Test: Above denial disapears

Change-Id: I9b5cfe414683991ffb6308eea612ca6750f1b8ec
(cherry picked from commit 71fb20be)