Add selinux rules to allow file level encryption to work

Change-Id: I1e4bba23e99cf5b2624a7df843688fba6f3c3209

* commit 'cbfe9d57':
  system_server: remove appdomain:file write

* commit 'c01f7fd1':
  system_server: remove appdomain:file write

system_server no longer writes to /proc/pid/oom_adj_score. This is
handled exclusively by lmkd now.

See the following commits:

Kernel 3.18:
* https://android-review.googlesource.com/139083
* https://android-review.googlesource.com/139082

Kernel 3.14:
* https://android-review.googlesource.com/139081
* https://android-review.googlesource.com/139080

Kernel 3.10:
* https://android-review.googlesource.com/139071
* https://android-review.googlesource.com/139671

Kernel 3.4:
* https://android-review.googlesource.com/139061
* https://android-review.googlesource.com/139060

Bug: 19636629
Change-Id: Ib79081365bcce4aa1190de037861a87b55c15db9

* commit '1193bdf4':
  Only allow system_server to send commands to zygote.

* commit '6843a793':
  Only allow system_server to send commands to zygote.

* commit '8f81dcad':
  Only allow system_server to send commands to zygote.

Add neverallow rules to ensure that zygote commands are only taken from
system_server.

Also remove the zygote policy class which was removed as an object manager in
commit: ccb3424639821b5ef85264bc5836451590e8ade7

Bug: 19624279

Change-Id: I1c925d7facf19b3953b5deb85d992415344c4c9f

am 3e616ee8: am b41eb698: am 0560e75e: system_server: allow handling app generated unix_stream_sockets

* commit '3e616ee8':
  system_server: allow handling app generated unix_stream_sockets

* commit 'b41eb698':
  system_server: allow handling app generated unix_stream_sockets

* commit '0560e75e':
  system_server: allow handling app generated unix_stream_sockets

Allow system server to handle already open app unix_stream_sockets.
This is needed to support system_server receiving a socket
created using socketpair(AF_UNIX, SOCK_STREAM) and
socketpair(AF_UNIX, SOCK_SEQPACKET). Needed for future Android
functionality.

Addresses the following denial:

  type=1400 audit(0.0:9): avc: denied { read write } for path="socket:[14911]" dev="sockfs" ino=14911 scontext=u:r:system_server:s0 tcontext=u:r:platform_app:s0:c512,c768 tclass=unix_stream_socket permissive=0

Bug: 19648474
Change-Id: I4644e318aa74ada4d98b7f49a41d13a9b9584f39

* commit '3b097779':
  installd: drop noatsecure for dex2oat

* commit '7acfb540':
  Record observed bluetooth service access.

* commit '7f6aa275':
  allow untrusted_app read /data/anr/traces.txt

* commit '7afcaafc':
  installd: drop noatsecure for dex2oat

* commit '4eb2bc7e':
  Record observed bluetooth service access.

* commit 'a9f288b8':
  allow untrusted_app read /data/anr/traces.txt

* commit '0d0d5aa9':
  installd: drop noatsecure for dex2oat

Ensure that AT_SECURE=1 is set when installd executes dex2oat.

LD_PRELOAD is no longer set by init, and installd couldn't see
LD_PRELOAD anyway due to https://android-review.googlesource.com/129971 .
Drop it.

Continuation of commit b00a0379

Change-Id: Icaf08768b3354c6a99dd0f77fef547a706cc96e9

* commit 'bb3cef44':
  Record observed bluetooth service access.

Bug: 18106000
Change-Id: I80b574f73d53439dd710ccdb8f05cc2f9e9a10b4

* commit '1aafc4c7':
  allow untrusted_app read /data/anr/traces.txt

* commit 'a0dfad55':
  move untrusted_app statement to the correct file.

* commit 'bb21fe8a':
  move untrusted_app statement to the correct file.

The GMS core feedback agent runs as untrusted_app, and needs
the ability to read /data/anr/traces.txt to report ANR information.

Allow all untrusted_apps to read /data/anr/traces.txt so that GMS core
can access it.

Longer term, we need to move GMS core into it's own domain, but that's
a longer term change.

Addresses the following denial:

W/ndroid.feedback(17825): type=1400 audit(0.0:68004): avc: denied { read } for name="traces.txt" dev="mmcblk0p28" ino=325762 scontext=u:r:untrusted_app:s0 tcontext=u:object_r:anr_data_file:s0 tclass=file

(cherrypick from commit e2547c3b)

Bug: 18504118
Bug: 18340553
Change-Id: I8b472b6ab7dfe2a73154033e0a088b8e26396fa8

Change-Id: I3b402e3a0f55b236c48dc9f4be1973cbfc0af8a4

Change-Id: I5ae9606023ef7f3489f44e6657766e922160c470

* commit '26f23377':
  update isolated_app service_manager rules

* commit '2b8bf155':
  recovery: remove auditallow for exec_type:dir writes

* commit '88d6766b':
  update isolated_app service_manager rules

* commit '303e139a':
  recovery: remove auditallow for exec_type:dir writes

* commit 'ee66ba8c':
  update isolated_app service_manager rules

* commit 'b76966d6':
  recovery: remove auditallow for exec_type:dir writes

* commit 'f42b8dbc':
  Eliminate CAP_SYS_MODULE from system_server

With the move to block based OTAs, we're never going to fix
this bug. Remove the auditallow statement to avoid SELinux log
spam.

Bug: 15575013
Change-Id: I7864e87202b1b70020a8bdf3ef327a2cf4b6bfbd

* commit 'efb4bdb9':
  Eliminate CAP_SYS_MODULE from system_server

* commit '92b10ddb':
  Eliminate CAP_SYS_MODULE from system_server

Right now, the system_server has the CAP_SYS_MODULE capability.  This allows the
system server to install kernel modules.  Effectively, system_server is one
kernel module load away from full root access.

Most devices don't need this capability. Remove this capability from
the core SELinux policy. For devices which require this capability,
they can add it to their device-specific SELinux policy without making
any framework code changes.

In particular, most Nexus devices ship with monolithic kernels, so this
capability isn't needed on those devices.

Bug: 7118228
Change-Id: I7f96cc61da8b2476f45ba9570762145778d68cb3