am: 46e5a060

Change-Id: Id2ccc41a74a8465e6fc33429c13ca22253a53f12

am: 4c40d734

Change-Id: I680e736766d371f6ac631cae26d11d85dc896e8f

The neverallows in untrusted_app will all apply equally to ephemeral app
and any other untrusted app domains we may add, so this moves them to a
dedicated separate file.

This also removes the duplicate rules from isolated_app.te and ensures
that all the untrusted_app neverallows also apply to isolated_app.

Test: builds
Change-Id: Ib38e136216ccbe5c94daab732b7ee6acfad25d0b

The rules for the two types were the same and /data/app-ephemeral is
being removed. Remove these types.

Test: Builds
Change-Id: I520c026395551ad1362dd2ced53c601d9e6f9b28

am: a38067c7

Change-Id: Ia91ea8fec8f28cdb661a55e64ae1d50b03e17363

am: 254ce3fb

Change-Id: I5108f9113b5511fcda6331b5af860efcc7f8baba

Test: Device boots
Change-Id: I2fb0a03c9ed84710dc2db7b170c572a2eae45412

Update_verifier will read dm-wrapped system/vendor partition. Therefore,
change the sepolicy accordingly.

Here's the denied message:
update_verifier: type=1400 audit(0.0:131): avc: denied { read } for
name="dm-0" dev="tmpfs" ino=15493 scontext=u:r:update_verifier:s0
tcontext=u:object_r:dm_device:s0 tclass=blk_file permissive=0

Bug: 34391662
Test: Read of /dev/block/dm-0 succeeds during boot time.
Change-Id: I23325bd92f6e28e9b1d62a0f2348837cece983d1

am: 9eff8526

Change-Id: I84fa34a4ec67329f5225208c2e223f8bd99ebde3

am: b598b47f

Change-Id: I847241832a67346a58d2b6e1e4c53d57b7297be0

This change adds selinux policy for configstore@1.0 hal. Currently, only
surfaceflinger has access to the HAL, but need to be widen.

Bug: 34314793
Test: build & run

Merged-In: I40e65032e9898ab5f412bfdb7745b43136d8e964
Change-Id: I40e65032e9898ab5f412bfdb7745b43136d8e964
(cherry picked from commit 5ff0f178)

am: 3171829a

Change-Id: Ifef40c211276c8cdf576e10cb04753dcb150ad65

There are many character files that are unreachable to all processes
under selinux policies. Ueventd and init were the only two domains that
had access to these generic character files, but auditing proved there
was no use for that access. In light of this, access is being completely
revoked so that the device nodes can be removed, and a neverallow is
being audited to prevent future regressions.

Test: The device boots
Bug: 33347297
Change-Id: If050693e5e5a65533f3d909382e40f9c6b85f61c

am: 542a4626

Change-Id: I169dbd05d71939e6a337e20a131caa7cbad3a977

Required for I0aeb653afd65e4adead13ea9c7248ec20971b04a

Test: Together with I0aeb653afd65e4adead13ea9c7248ec20971b04a, ensure that the
system service works
Bug: b/30932767
Change-Id: I994b1c74763c073e95d84222e29bfff5483c6a07

am: 01ee59a7

Change-Id: I2d5889cd3faf16957ed329234ffd7b3bc6504203

Since it was introduced it caused quite a few issues and it spams the
SElinux logs unnecessary.

The end goal of the audit was to whitelist the access to the
interpreter. However that's unfeasible for now given the complexity.

Test: devices boots and everything works as expected
      no more auditallow logs

Bug: 29795519
Bug: 32871170
Change-Id: I9a7a65835e1e1d3f81be635bed2a3acf75a264f6

am: 9e90f83e

Change-Id: Idf1178328847bf597005c66c7652e4bda25c3bdd

am: d33a9a19

Change-Id: I8f95628067641e773623603681f226dab4939f2a

The event log tag service uses /dev/event-log-tags, pstore and
/data/misc/logd/event-log-tags as sticky storage for the invented
log tags.

Test: gTest liblog-unit-tests, logd-unit-tests & logcat-unit-tests
Bug: 31456426
Change-Id: Iacc8f36f4a716d4da8dca78a4a54600ad2a288dd

Create an event_log_tags_file label and use it for
/dev/event-log-tags.  Only trusted system log readers are allowed
direct read access to this file, no write access.  Untrusted domain
requests lack direct access, and are thus checked for credentials via
the "plan b" long path socket to the event log tag service.

Test: gTest logd-unit-tests, liblog-unit-tests and logcat-unit-tests
Bug: 31456426
Bug: 30566487
Change-Id: Ib9b71ca225d4436d764c9bc340ff7b1c9c252a9e

Default HAL implementations are built from the platform tree and get
placed into the vendor image. The SELinux rules needed for these HAL
implementations to operate thus need to reside on the vendor
partition.

Up to now, the only place to define such rules in the source tree was
the system/sepolicy/public directory. These rules are placed into the
vendor partition. Unfortunately, they are also placed into the
system/root partition, which thus unnecessarily grants these rules to
all HAL implementations of the specified service, default/in-process
shims or not.

This commit adds a new directory, system/sepolicy/vendor, whose
rules are concatenated with the device-specific rules at build time.
These rules are thus placed into the vendor partition and are not
placed into the system/root partition.

Test: No change to SELinux policy.
Test: Rules placed into vendor directory end up in nonplat* artefacts,
      but not in plat* artefacts.
Bug: 34715716
Change-Id: Iab14aa7a3311ed6d53afff673e5d112428941f1c

am: 04641948

Change-Id: I8e2a131d51725e4ba2cb5867fe99565f810e6381

am: 81a73508

Change-Id: I1fd4a6c21ae80463fe67cc85db2949382453b948

am: 29f1e21d

Change-Id: I8b8d1fca11d748c09faab382e9d0c8f0ca1fc1af

Test: Google Camera app working
Bug: 34786432
Change-Id: Ie14ac8a58a331f96a56fb6fc09318e2d737c4076

Bug: 34077703
Test: recovery image can set the backlight brightness.
Change-Id: I34d72e1a0e959c2d9f48b3b9c55c4eb2d1cc41bf

am: a86316e8

Change-Id: Ia7e8b1746ca814c647c2d945960d1a85b96958d3

Bug: 33746484
Test: Successfully boot with original service and property contexts.
      Successfully boot with split serivce and property contexts.

Change-Id: I87f95292b5860283efb2081b2223e607a52fed04
Signed-off-by: Sandeep Patil <sspatil@google.com>

am: e8acd769

Change-Id: I24a7a10a4658f6db968ba13e556172659b859795

This adds the premissions required for
android.hardware.keymaster@2.0-service to access the keymaster TA
as well as for keystore and vold to lookup and use
android.hardware.keymaster@2.0-service.

IT DOES NOT remove the privileges from keystore and vold to access
the keymaster TA directly.

Test: Run keystore CTS tests
Bug: 32020919

(cherry picked from commit 5090d6f3)

Change-Id: Ib02682da26e2dbcabd81bc23169f9bd0e832eb19