Change-Id: I35be7a7df73325fba921b8a354659b2b2a3e06e7

Change-Id: Idcd252e39b2c4829201c93b6c99cf368adcb405e

Force any experimental SELinux domains (ones tagged with
"permissive_or_unconfined") into unconfined. This flag is
intended to be flipped when we're preparing a release,
to eliminate inconsistencies between user and userdebug devices,
and to ensure that we're enforcing a minimal set of rules for all
SELinux domains.

Without this change, our user builds will behave differently than
userdebug builds, complicating testing.

Change-Id: I52fd5fbe30a7f52f1143f176915ce55fb6a33f87

* commit '2f91ce55':

* commit '1c7463ac':

* commit 'ddfaf822':

* commit '554a8a3d':

* commit 'e4409728':
  Allow netd to create data files in /data/misc/net/.

* commit 'd27aeb21':
  recovery: allow read access to fuse filesystem

* commit 'd86b0a81':
  New domain "install_recovery"

* commit 'e900e573':
  Rules to allow installing package directories.

Support opening the ffs-based interface for adbd in recovery.  (Copied
from adbd.te.)

Bug: 16183878
Change-Id: I714ccb34f60d1413d2b184dae9b561cd06bc6b45

* commit 'a2933b66':
  install_recovery: start enforcing SELinux rules

* commit '2b3c5de2':
  install_recovery: start enforcing SELinux rules

* commit '5b347a60':
  allow ueventd sysfs_type lnk_file

* commit '1d2ff869':
  allow ueventd sysfs_type lnk_file

ueventd is allowed to change files and directories in /sys,
but not symbolic links. This is, at a minimum, causing the
following denial:

type=1400 audit(0.0:5): avc: denied { getattr } for comm="ueventd" path="/sys/devices/tegradc.0/driver" dev=sysfs ino=3386 scontext=u:r:ueventd:s0 tcontext=u:object_r:sysfs_devices_tegradc:s0 tclass=lnk_file

Allow ueventd to modify labeling / attributes of symlinks.

Change-Id: If641a218e07ef479d1283f3171b2743f3956386d

* commit '5b5ba50f':
  Drop sys_rawio neverallow for tee

* commit 'b59dc27a':
  Drop sys_rawio neverallow for tee

The new Nexus 5 tee implementation requires raw block I/O
for anti-rollback protection.

Bug: 15777869
Change-Id: I57691a9d06b5a51e2699c240783ed56e3a003396

* commit '7e953e77':
  Don't use don't

* commit 'f5835666':
  Don't use don't

* commit 'f7cf7a4b':
  ensure that untrusted_app can't set properties

* commit '99d86c7a':
  ensure that untrusted_app can't set properties

Single quotes sometimes mess up m4 parsing

Change-Id: Ic53cf0f9b45b2173cbea5c96048750f6a582a535

Bug: 10243159
Change-Id: I9409fe8898c446a33515f1bee2990f36a2e11535

* commit 'bfd4eac7':
  sepolicy: allow system server to remove cgroups

* commit 'aaaeb02e':
  Typedef+rules for SysSer to access persistent block device

* commit '568443bc':
  Let DCS read staged APK clusters.

* commit '5d60f04e':
  sepolicy: allow system server to remove cgroups

* commit '2cd9c9bd':
  Typedef+rules for SysSer to access persistent block device

* commit 'd3356826':
  Let DCS read staged APK clusters.

Bug: 15313911
Change-Id: Ib7d39561a0d52632929d063a7ab97b6856f28ffe

DCS is DefaultContainerService.

avc: denied { getattr } for path="/data/app/vmdl2.tmp"
    dev="mmcblk0p28" ino=162910 scontext=u:r:platform_app:s0
    tcontext=u:object_r:apk_tmp_file:s0 tclass=dir

Bug: 14975160
Change-Id: Ifca9afb4e74ebbfbeb8c01e1e9ea65f5b55e9375

* commit '9c52a78c':
  Allow SystemServer to start PersistentDataBlockService

* commit 'e844113b':
  Allow SystemServer to start PersistentDataBlockService

Start enforcing SELinux rules for install_recovery.

Change-Id: I052c7d2203babf3e146cf32794283e80ca21dd9a

Defines new device type persistent_data_block_device

This block device will allow storage of data that
will live across factory resets.

Gives rw and search access to SystemServer.

Change-Id: I298eb40f9a04c16e90dcc1ad32d240ca84df3b1e