Change-Id: I40f3ccd9813e0a337ced0a44e686ab489277d78b

klog_write/init create /dev/__kmsg__ backed by a kernel character
device, keep the file descriptor, and then immediately unlink the
file.

Change-Id: I729d224347a003eaca29299d216a53c99cc3197c

Change-Id: I2b7bf3037c94de4fecf3c3081497e0ac1dfef8a9

Change-Id: I91f6965dafad54e98e2f7deda956e86acf7d0c96

vold reboots needs to reboot the system when it succeeds or fails to
encrypt partitions.

Change-Id: Ibb1a5378228be60215162ae248e6c1049a16b830

Change-Id: I544c0c1bbe84834970958a65fcef1d10e7e29047

This allows wpa_supplicant to interact with the sockets created
for it by init. Eventually we'll want those to be properly
labelled, but allow until then.

Change-Id: I33fcd22173a8d47bbc4ada8d6aa62b4d159cbb15

"init_shell" is used for shell processes spawned by init.

Change-Id: I9e35d485bac91f3d0e4f3704acdbb9af7d617173

Change-Id: I9b05f0f2ce6c6c52b4207cac3120f06565b7da30

Properties under bluetooth. and persist.service.bdroid. are
considered Bluetooth-related properties.

Change-Id: Iee937d9a1184c2494deec46f9ed7090c643acda7

Merge "Expand permissions for 3 existing allow policies for rild and a new one for rild." into jb-mr2-dev

Change-Id: Iafe68ac1b742e40c1a23a2f6cfd6373ea89cc07b

Change-Id: I168f681d8c67f470b6e639f0b1bf39346c4eb396

Change-Id: I56e3ddae08b0c3d5e6b2492a6754899cc4e25a21

Long term this should be scoped down.

Change-Id: I261f05568566cca38bc5c43fbfa7ff1c816e5846

Change-Id: Ia7457e3fd4f1100bbee821f412e80ba17fede5ec

Change-Id: Ie96d573be971b2dcc3d60614794ba9ca13b31471

Change-Id: Iaa8fb6fa8726d083ee3c49edbbd398f0e8f33a37

This rule doesn't work, as /proc/sysrq-trigger isn't properly labeled.
Revert this change for now.

This reverts commit bb2591e5.

This reverts commit 69fbbdd5.

Some of these will get factored out into device-specific
configs later.

Change-Id: I359915e2607b56112bb22456d28e06c162fcbdff

This reverts commit e7e54fac

Change-Id: I26b577cf46a0eaccf6adf7ae851383a10bf03b4b

This reverts commit 1c101164

Restoring now that the conflict with tuna has passed.

Change-Id: I587dab8d7102c913fc03825a006e96d76680858d

This reverts commit f51e9007

Looks like this caused a build breakage in master, may have a duplicate rule from AOSP.

Change-Id: I4ea83a47baec4ffa2840b5fe50b6f55e1eeda53c

Some of these will get factored out into device-specific
configs later.

Change-Id: I7ea9c22a666b13bca2d867e5bcc7084ed7129de3

Change-Id: Ief2d412dddf4cefdf43a26538c4be060df4cc787

Change-Id: I6f68323cddcf9e13b2a730b8d6b8730587fb4366

Bug: 8539042
Change-Id: I6a9c3247688f49bed4a1637c728e77c2e865afd2

Bug: 8539042
Change-Id: I255930759ce0612f6ec9b931bfe545342ef808fc

Bug: 8539042
Change-Id: I87165fd83b1abef9eb7bf4c403714150aaefed6e

Bug: 8539042
Change-Id: I31e7a3ae6ba783b78c3b38756966950a20f2f2aa

Bug: 8539042
Change-Id: I27bcc4a485b031d54e17b03164642821d546e62f

/data/security is another location that policy
files can reside. In fact, these policy files
take precedence over their rootfs counterparts
under certain circumstances. Give the appropriate
players the rights to read these policy files.

Change-Id: I9951c808ca97c2e35a9adb717ce5cb98cda24c41

- Remove dac_read_search as it is no longer required by run-as.
- Introduce a separate type for /dev/tty so that we can allow use of own tty for
for a run-as shell without allowing access to other /dev/tty[0-9]* nodes.
- Allow sigchld notifications for death of run-as and its descendants by adbd.
- Drop redundant rules for executing shell or system commands from untrusted_app;
now covered by rules in app.te.

Change-Id: Ic3bf7bee9eeabf9ad4a20f61fbb142a64bb37c6c

/data/app-private is used when making an
app purchase or forward locking. Provide a
new label for the directory as well as the
tmp files that appear under it.

Change-Id: I910cd1aa63538253e10a8d80268212ad9fc9fca5
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>