This change enables SELinux security enforcement on vold.

For the vold.te file ONLY, this change is conceptually a revert of
77d4731e and
50e37b93, with the following
additional changes:

1) Removal of "allow vold proc:file write;" and
"allow vold self:capability { sys_boot };". As of system/vold
change adfba3626e76c1931649634275d241b226cd1b9a, vold no longer
performs it's own reboots, so these capabilities are no longer
needed.

2) Addition of the powerctl property, which vold contacts to
tell init to reboot.

3) Removal of "allow vold kernel:system module_request;". As of
CTS commit f2cfdf5c057140d9442fcfeb4e4a648e8258b659, Android
devices no longer ship with loadable modules, hence we don't
require this rule.

4) Removal of "fsetid" from "self:capability". Any setuid / setgid
bits SHOULD be cleared if vold is able to change the permissions
of files. IMHO, it was a mistake to ever include this capability in
the first place.

Testing: As much as possible, I've tested filesystem related
functionality, including factory reset and device encryption.
I wasn't able to test fstrim functionality, which is a fairly
new feature.  I didn't see any policy denials in dmesg. It's quite
possible I've missed something. If we experience problems, I
happy to roll back this change.

Bug: 9629920
Change-Id: I683afa0dffe9f28952287bfdb7ee4e0423c2e97a

This change does several things:

1) Restore domain.te to the version present at
cd516a32 . This is the version
currently being distributed in AOSP.

2) Add "allow domain properties_device:file r_file_perms;" to
domain.te, to allow all domains to read /dev/__properties__ .
This change was missing from AOSP.

3) Restore netd.te to the version present at
80c9ba52 . This is the version
currently being distributed in AOSP.

4) Remove anything involving module loading from netd.te. CTS
enforces that Android kernels can't have module loading enabled.

5) Add several new capabilities, plus data file rules, to
netd.te, since netd needs to write to files owned by wifi.

6) Add a new unconfined domain called dnsmasq.te, and allow
transitions from netd to that domain. Over time, we'll tighten up
the dnsmasq.te domain.

7) Add a new unconfined domain called hostapd.te, and allow
transitions from netd to that domain. Over time, we'll tighten up
the hostapd.te domain.

The net effect of these changes is to re-enable SELinux protections
for netd. The policy is FAR from perfect, and allows a lot of wiggle
room, but we can improve it over time.

Testing: as much as possible, I've exercised networking related
functionality, including turning on and off wifi, entering airplane
mode, and enabling tethering and portable wifi hotspots. It's quite
possible I've missed something, and if we experience problems, I
can roll back this change.

Bug: 9618347
Change-Id: I23ff3eebcef629bc7baabcf6962f25f116c4a3c0

In the process of taking a bugreport, "dumpstate -B" will instruct
zygote to fire up com.android.shell, which runs as UID=2000.
This transition was not included in seapp_contexts, so zygote
didn't know how to properly set the context for the shell user.

Add an entry to allow zygote to know what to do with UID=2000
requests.

Bug: 9588981
Change-Id: I2e726be8d58437ef1de3bcbad3b897a97ed18e22

System server needs to be able to tell Zygote to create processes
with differing ids, capabilities, and SELinux security information.
Allow it.

These rules are not in unconfined.te, and as a result, are not
automatically allowed by SELinux in enforcing mode.

Change-Id: I010eaa2b0e0cee5d995e08e6c785cc5e01b2c974

* commit '95c960de':
  Clean up remaining denials.

* commit '274d2927':
  Clean up remaining denials.

Bug: 8424461
Change-Id: I8f0b01cdb19b4a479d5de842f4e4844aeab00622

Change-Id: Ide4d5d28e9a1673775b944780677d8c2eb4d7cd6

* commit 'eb2dc6d0':
  Revert "Add the selinux policy version number."

* commit '77d4731e':
  Make all domains unconfined.

* commit '42cabf34':
  Revert "Add the selinux policy version number."

This prevents denials from being generated by the base policy.
Over time, these rules will be incrementally tightened to improve
security.

Change-Id: I4be1c987a5d69ac784a56d42fc2c9063c402de11

This reverts commit b77b3aff.

* commit '92b8f148':
  Move domains into per-domain permissive mode.

* commit '50e37b93':
  Move domains into per-domain permissive mode.

* commit 'a77daf87':
  Add the selinux policy version number.

* commit 'b77b3aff':
  Add the selinux policy version number.

Bug: 4070557
Change-Id: I027f76cff6df90e9909711cb81fbd17db95233c1

Bug: 8841348
Change-Id: I1acf355b8e700500eeb0ddcbb8203a4769bde3bc

* commit '28dde094':
  Revert "Add a policy version."

* commit 'd0a5e06d':
  SELinux policy: let vold write to device:dir.

* commit '92f35dcc':
  Revert "Add a policy version."

* commit 'c25023e1':
  SELinux policy: let vold write to device:dir.

Faugh. Typo.

This reverts commit adb481dd

Change-Id: Id1ccc0a59cc79b8ad7171fcb6b3d8cb3aaf29bee

* commit '06dab1bf':
  Add a policy version.

* commit 'bd77ab31':
  Add a policy version.

Bug: 8841348
Change-Id: I83497c9b5346ba3b35e4e288190fc217a26be505

* commit '31083f90':
  SELinux policy: let vold create /data/tmp_mnt

Manual merge to get automerger going again.

Conflicts:
	adbd.te

Change-Id: Ibf8db0306b421a3426e925cf9c8f253bbcd500b3

* commit '1adb7ca3':
  SELinux policy: let vold create /data/tmp_mnt

* commit '3b9fd5ff':
  SELinux policy: let adbd drop Linux capabilities.

Change-Id: I40f3ccd9813e0a337ced0a44e686ab489277d78b

Change-Id: Id41891b89c7b067919cbda06ab97d5eff2ad044f

I have no idea what vold is doing when this operation is attempted
(when a full-disk encrypted device is booting up). Thus, I don't know
if there is a better way of restricting the policy.

Change-Id: I537b70b1abb73c36e5abf0357b766292f625e1af

* commit 'e5e98aef':
  SELinux policy for users of libcutils klog_write.

Change-Id: Ia9f34580a35d3f5ff7ea0ac9a3784d2650e61b6a