* commit 'e8df21b2':
  Remove read access from mls constraints.

* commit 'e4da594d':
  Delete unconfined domain

* commit '07e73489':
  init: drop read_policy permission

No longer used.  :-)

Change-Id: I687cc36404e8ad8b899b6e76b1de7ee8c5392e07

As of https://android-review.googlesource.com/127858 ,
open(O_RDONLY) is no longer used for chmod. It's no
longer necessary to allow init to read the SELinux policy.

Change-Id: I691dd220827a01a8d7a9955b62f8aca50eb25447

* commit 'ed532c06':
  init: remove permissive_or_unconfined()

Bug: 19050686
Change-Id: Ie41c3e4d5aaeb43577ba85a4768a5fdbdd665efb
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

* commit 'a8e073cd':
  Create boot_block_device and allow install_recovery read access

The install_recovery script creates a new recovery image based
off of the boot image plus a patch on /system. We need to allow
read access to the boot image to allow the patching to succeed,
otherwise OTAs are broken.

Addresses the following denial:

  type=1400 audit(9109404.519:6): avc: denied { read } for pid=341 comm="applypatch" name="mmcblk0p37" dev="tmpfs" ino=9186 scontext=u:r:install_recovery:s0 tcontext=u:object_r:block_device:s0 tclass=blk_file permissive=0

TODO: Add device specific labels for the boot image.

Bug: 19534538
Change-Id: Ic811ec03e235df3b1bfca9b0a65e23307cd968aa

* commit '543faccc':
  allow init tmpfs:dir relabelfrom

Addresses the following denial encountered when sharing photos between personal
and managed profiles:

Binder_5: type=1400 audit(0.0:236): avc: denied { read } for path="/data/data/com.google.android.apps.plus/cache/media/3/3bbca5f1bcfa7f1-a-nw" dev="dm-0" ino=467800 scontext=u:r:untrusted_app:s0:c529,c768 tcontext=u:object_r:app_data_file:s0:c512,c768 tclass=file permissive=0

Bug: 19540297
Change-Id: If51108ec5820ca40e066d5ca3e527c7a0f03eca5

* commit 'a4b82264':
  Revert "Allow ueventd to set verity.* properties"

When encrypting a device, or when an encrypted device boots,
a tmpfs is mounted in place of /data, so that a pseudo filesystem
exists to start system_server and related components. SELinux labels
need to be applied to that tmpfs /data so the system boots
properly.

Allow init to relabel a tmpfs /data.

Addresses the following denial:

[    6.294896] type=1400 audit(29413651.850:4): avc:  denied  { relabelfrom } for  pid=1 comm="init" name="/" dev="tmpfs" ino=6360 scontext=u:r:init:s0 tcontext=u:object_r:tmpfs:s0 tclass=dir

Steps to reproduce:
  1) Go into Settings > Security > Encrypt Phone
  2) Encrypt phone
  3) See denial
  4) reboot phone
  5) See denial on boot

Bug: 19050686
Change-Id: Ie57864fe1079d9164d5cfea44683a97498598e41

Updating properties from ueventd may lead to deadlocks with init in rare
cases, which makes these changes unnecessary after all.

This reverts commit 47cd53a5.

Change-Id: I87bdd66f0ec025eb3a9ea17574a67e908f3de6da

* commit '006ede39':
  dontaudit clatd self:capability ipc_lock

* commit 'a3364dfd':
  kernel.te: fix MTP sync

* commit '9d87c647':
  Allow init to execute /sbin/slideshow

STEPS TO REPRODUCE:
  1. Connect the device to Mac.
  2. Switch to AFT.
  3. Now AFT on Mac will show the device contents.
  4. Now drag and drop the file to device and observe.

EXPECTED RESULTS:
  Should able to copy.

OBSERVED RESULTS:
  Showing can not copy file and on clicking ok,
  It shows device storage can not connect and close the AFT.

Addresses the following denial:

  W kworker/u:11: type=1400 audit(0.0:729): avc: denied { use } for path="/storage/emulated/0/Download/song2.mp3" dev="fuse" ino=143 scontext=u:r:kernel:s0 tcontext=u:r:untrusted_app:s0:c512,c768 tclass=fd
  12310 12530 E MtpRequestPacket: Malformed MTP request packet

ps -Z entry:
  u:r:untrusted_app:s0:c512,c768 u0_a6     12310 203   android.process.media

Bug: 15835289
Change-Id: I47b653507f8d4089b31254c19f44706077e2e96a

clatd calls mmap(MAP_LOCKED) with a 1M buffer. MAP_LOCKED first checks
capable(CAP_IPC_LOCK), and then checks to see the requested amount is
under RLIMIT_MEMLOCK. The latter check succeeds. As a result, clatd
does not need CAP_IPC_LOCK, so we suppress any denials we see
from clatd asking for this capability.
See https://android-review.googlesource.com/127940

Suppresses the following denial:
  type=1400 audit(1424916750.163:7): avc: denied { ipc_lock } for pid=3458 comm="clatd" capability=14 scontext=u:r:clatd:s0 tcontext=u:r:clatd:s0 tclass=capability

Change-Id: Ica108f66010dfc6a5431efa0b4e58f6a784672d1

Add rules to allow /sbin/slideshow to access framebuffer and input
devices at early stages of boot, and rules to allow init to execute
the program (from init.rc using exec).

Needed by changes from
  I58c79a7f3ac747eec0d73a10f018d3d8ade9df7d

Change-Id: I1d5018feb7025853f0bf81651f497fef8c3a6ab0

* commit 'd99ea5a8':
  Revert /proc/net related changes

* commit '9fe810b7':
  allow kernel to use vold file descriptors

Vold opens ASEC containsers on the sdcard, or OBB files from app's
home directories, both of which are supplied by vold. We need to
allow kernel threads to access those file descriptors.

Addresses the following denial:

  loop0   : type=1400 audit(0.0:28): avc: denied { use } for path="/mnt/secure/asec/smdl1159865753.tmp.asec" dev="mmcblk1" ino=19 scontext=u:r:kernel:s0 tcontext=u:r:vold:s0 tclass=fd permissive=0

Bug: 19516891
Change-Id: I5a3607b48f5e0e504e4b3fcaec19152c3784f49d

* commit 'ab4be88e':
  fs_use: Enabled loading security xattrs for squashfs

Change-Id: Icfa4b2cac6a960ef47e928308e4c6c9bd797d180
Signed-off-by: Mohamad Ayyash <mkayyash@google.com>

Revert the tightening of /proc/net access. These changes
are causing a lot of denials, and I want additional time to
figure out a better solution.

Addresses the following denials (and many more):

  avc: denied { read } for comm="SyncAdapterThre" name="stats" dev="proc" ino=X scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:proc_net:s0 tclass=file
  avc: denied { read } for comm="facebook.katana" name="iface_stat_fmt" dev="proc" ino=X scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:proc_net:s0 tclass=file
  avc: denied { read } for comm="IntentService[C" name="if_inet6" dev="proc" ino=X scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:proc_net:s0 tclass=file
  avc: denied { read } for comm="dumpstate" name="iface_stat_all" dev="proc" ino=X scontext=u:r:dumpstate:s0 tcontext=u:object_r:proc_net:s0 tclass=file

This reverts commit 0f0324cc
and commit 99940d1a

Bug: 9496886
Bug: 19034637
Change-Id: I436a6e3638ac9ed49afbee214e752fe2b0112868

* commit '28ddd104':
  su: don't auditallow service_manager for su

Addresses the following auditallow messages:

  avc: granted { find } for service=accessibility scontext=u:r:su:s0 tcontext=u:object_r:accessibility_service:s0 tclass=service_manager
  avc: granted { find } for service=activity scontext=u:r:su:s0 tcontext=u:object_r:activity_service:s0 tclass=service_manager
  avc: granted { find } for service=package scontext=u:r:su:s0 tcontext=u:object_r:package_service:s0 tclass=service_manager
  avc: granted { find } for service=user scontext=u:r:su:s0 tcontext=u:object_r:user_service:s0 tclass=service_manager
  avc: granted { find } for service=window scontext=u:r:su:s0 tcontext=u:object_r:window_service:s0 tclass=service_manager

Change-Id: Ie58ad3347e9ef1aacd39670cfec7d095875e237b

* commit '4308ce8c':
  kernel: make kernel an mlstrustedsubject

Addresses post-review comment in
https://android-review.googlesource.com/130620

Change-Id: I427ba99d63724eb526d41da47b95cc0ae038acdd

* commit 'f95858ed':
  kernel:  remove permissive_or_unconfined()

* commit 'f70fcbd8':
  sepolicy:  remove block_device access from install_recovery