This is enabled for debugging purposes only. Since
kernel buffer for logs is small, this will allow
external services to capture a bit of data so it
can be reported later.

Change-Id: I588eb91159e6aad07ead9afab9759764b8b3520d

Change-Id: I2c5706b0064d099dc728c8032163d6fb1e686533

am: 1ca5efe9

* commit '1ca5efe9':
  Add SElinux rules for /data/misc/trace

am: f255d775

* commit 'f255d775':
  Add SElinux rules for /data/misc/trace

The directory is to be used in eng/userdebug build to store method
traces (previously stored in /data/dalvik-cache/profiles).

Bug: 25612377

Change-Id: Ia4365a8d1f13d33ee54115dc5e3bf62786503993

am: 9ce30b17

* commit '9ce30b17':
  remove overly permissive rules from domain

am: c97f86eb

* commit 'c97f86eb':
  remove overly permissive rules from domain

am: 7151f754

* commit '7151f754':
  remove overly permissive rules from domain

Move to domain_deprecated

Bug: 25433265
Change-Id: Ib21876e450d8146ef9363d6430f6c7f00ab0c7f3

am: 22af8da9

* commit '22af8da9':
  system_server: clean up stale rules

am: 7de86e2c

* commit '7de86e2c':
  system_server: clean up stale rules

am: 142f97b7

* commit '142f97b7':
  system_server: clean up stale rules

979adffd added an auditallow
to see if system_server was relabeling system_data_file.
The auditallow rule hasn't triggered, so remove the allow rule.

a3c97a76 added an auditallow
to see if system_server was executing toolbox. The auditallow
rule hasn't triggered, so remove the allow rule. AFAIK,
system_server never executes ANY file, so further tightening here
is feasible.

Change-Id: Ia0a93f3833e32c3e2c898463bd8813701a6dd20a

Bug: 25433265
Change-Id: I6ad288fa25c61e3ac79f592d9a58e27a60f3d9cf

am: b476b954

* commit 'b476b954':
  Create attribute for moving perms out of domain

am: e2280fbc

* commit 'e2280fbc':
  Create attribute for moving perms out of domain

am: d22987b4

* commit 'd22987b4':
  Create attribute for moving perms out of domain

am: a873469a

* commit 'a873469a':

am: 134e665d

* commit '134e665d':

Motivation: Domain is overly permissive. Start removing permissions
from domain and assign them to the domain_deprecated attribute.
Domain_deprecated and domain can initially be assigned to all
domains. The goal is to not assign domain_deprecated to new domains
and to start removing domain_deprecated where it is not required or
reassigning the appropriate permissions to the inheriting domain
when necessary.

Bug: 25433265
Change-Id: I8b11cb137df7bdd382629c98d916a73fe276413c

am: 121a70bd

* commit '121a70bd':
  Enable permission checking by binderservicedomain.

am: e25588fb

* commit 'e25588fb':
  Enable permission checking by binderservicedomain.

am: 000b6949

* commit '000b6949':
  Enable permission checking by binderservicedomain.

am: 8c30684c

* commit '8c30684c':
  Enable permission checking by binderservicedomain.

am: 1c749e07

* commit '1c749e07':
  Enable permission checking by binderservicedomain.

am: 32d207e0

* commit '32d207e0':
  Enable permission checking by binderservicedomain.

binderservicedomain services often expose their methods to untrusted
clients and rely on permission checks for access control.  Allow these
services to query the permission service for access decisions.

(cherry-pick of commit: 32d207e0)

Bug: 25282923
Change-Id: I39bbef479de3a0df63e0cbca956f3546e13bbb9b

am: 34ef55c0

* commit '34ef55c0':
  audit mtp sync permission

am: 4c445999

* commit '4c445999':
  audit mtp sync permission

am: 6fc134e3

* commit '6fc134e3':
  audit mtp sync permission

binderservicedomain services often expose their methods to untrusted
clients and rely on permission checks for access control.  Allow these
services to query the permission service for access decisions.

Bug: 25282923
Change-Id: I39bbef479de3a0df63e0cbca956f3546e13bbb9b

am: 8810311a

* commit '8810311a':
  Create a new SELinux type for /data/nativetest

am: 6dd7d3cd

* commit '6dd7d3cd':
  Create a new SELinux type for /data/nativetest

am: e9d261ff

* commit 'e9d261ff':
  Create a new SELinux type for /data/nativetest

1) Don't use the generic "system_data_file" for the files in /data/nativetest.
Rather, ensure it has it's own special label. This allows us to distinguish
these files from other files in SELinux policy.

2) Allow the shell user to execute files from /data/nativetest, on
userdebug or eng builds only.

3) Add a neverallow rule (compile time assertion + CTS test) that nobody
is allowed to execute these files on user builds, and only the shell user
is allowed to execute these files on userdebug/eng builds.

Bug: 25340994
Change-Id: I3e292cdd1908f342699d6c52f8bbbe6065359413

Determine if the following rule can be removed:

allow kernel untrusted_app:fd use

Bug: 25331459
Change-Id: I4ef9f376d7fc1d2bdfba69b2fb3e24d49ac136ad