* commit 'f6647eb9':
  Change 0 to NULL Byte

Change-Id: I16b47f8dbf64e8dffb550b5a89321f920604ef7a

Change-Id: I3112f4cf0fafb6e7e3c9c60084a097f5e6190c22

This is a rewrite of the existing implementation.
Three new variables are now needed to add/modify
the exisitng base policy. They are, BOARD_SEPOLICY_REPLACE
and BOARD_SEPOLICY_UNION which govern what files
are replaced and concatenated, and BOARD_SEPOLICY_DIRS
which lists the various directories that will contain
the BOARD_SEPOLICY_REPLACE and BOARD_SEPOLICY_UNION
policy files.

Change-Id: Id33381268cef03245c56bc5242fec7da9b6c6493
Signed-off-by: rpcraig <robertpcraig@gmail.com>

* commit 'd8b122c7':
  Use file target as dependency.

"sepolicy" is a phony target defined by the build system.
If you use it as dependency of a file target, you'll get unnecessary
rebuild.

Change-Id: I3a948ebbaff6a146050eb86a3d04cdc050f7c001

* commit '5dbfdc0b':
  Add double free protection to checkseapp.

A double free error occurs when building with non glibc
devices. The hdestroy() function frees all comparison
keys internally in these cases. So avoid an explicit
call to free().

Change-Id: If9c5dc1a969605cd1eeb9218de02a9f8dbbd3ae1
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>

am 6766cc9e: Merge "allow apps access to the keystore, dhcp/pptp fixes, wifi fixes and isolated_app access"

* commit '6766cc9e':
  allow apps access to the keystore, dhcp/pptp fixes, wifi fixes and isolated_app access

* commit '91c12e3c':
  file class macro cleanup

* commit '01a58af1':
  Add a checkfc utility to check file_contexts validity and invoke it.

Change-Id: I4b12dc3dcb432edbdf95dd3bc97f809912ce86d1
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

This reverts commit b620dc60.

(cherry picked from commit 128db962)

Change-Id: I21227e6232c925a42597e5c8fc0fcc0585d7a876

* commit '659aaced':
  Remove HAVE_SELINUX guard

- allow all apps to connect to the keystore over unix socket
- dhcp runs scripts in /system/etc/dhcpcd/dhcpcd-hooks and creates/removes lease files
- mtp connects to dnsproxyd when a pptp vpn connection is established
- allow appdomain to also open qtaguid_proc and release_app to read qtaguid_device
- WifiWatchDog uses packet_socket when wifi comes up
- apps interact with isolated_apps when an app uses an isolated service and uses sockets for that interaction
- for apps with levelFromUid=true to interact with isolated_app, isolated_app must be an mlstrustedsubject

Change-Id: I09ff676267ab588ad4c73f04d8f23dba863c5949
Signed-off-by: Joshua Brindle <jbrindle@tresys.com>

Change-Id: I45b4a749bf4fb085d96d912871bae33aa5288119

Change-Id: I328bc882b3d6e200742e017aa23154fb01e638a5

* commit '3ac1d26a':
  Switch app_* and isolated to _app and _isolated in seapp_contexts.

The app_* syntax was a legacy of the original approach of looking up
the username returned by getpwuid() and the original username encoding
scheme by bionic.  With the recent changes to move away from this approach,
there is no reason to retain that syntax.  Instead, just use _app to match
app UIDs and _isolated to match isolated service UIDs.  The underscore
prefix is to signify that these are not real usernames and to avoid
conflicts with any system usernames.

Requires a corresponding change to libselinux.

Change-Id: Ic388a12c1c9d3e47386c8849db607140ef8a3d75
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

* commit '061f254d':
  Define security labeling for isolated processes.

remove system/bluetooth dependency.

bug 6849488

Change-Id: I259322385adafa4128deef5324e854bebef2b033

Used when an app service is declared with android:isolatedProcess="true".
Place such processes in a separate domain, and further isolate them
from each other via categories.

Change-Id: I1d64f8278f0619eedb448f9a741f1d2c31985325
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

* commit '66a3e8d9':
  Drop the use of a policy version suffix on the sepolicy file.

The policy version suffix support was carried over from conventional
Linux distributions, where we needed to support simultaneous installation
of multiple kernels and policies.  This isn't required for Android, so
get rid of it and thereby simplify the policy pathname.

We still default to generating a specific policy version (the highest
one supported by the emulator kernel), but this can be overridden
by setting POLICYVERS on the make command-line or in the environment.

Requires a corresponding change to libselinux.

Change-Id: I40c88e13e8063ea37c2b9ab5b3ff8b0aa595402a
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

* commit 'fc6b1032':
  Fix for segfault/jmp depends on unitialized variable
  Fix check_seapp segfault and undefined linking err

* changes:
  Fix for segfault/jmp depends on unitialized variable
  Fix check_seapp segfault and undefined linking err

When realloc creates the first block of memory, it must
be initialized to NULL for the following strcat functions
to operate correctly.

Change-Id: I98fc14e1b19de5aa205354d16e54445293430d8e

When LINK_SEPOL_STATIC was not defined, symbol
log_warning was trying to be resolved by the linker.
That symbol was not defined as it should have been
log_warn and not log_warning.

When a key would be validated in key_map_validate(), an
unchecked key, like user, could cuase a segfault when
the se_key was getting free'd no matter what at the end
of the function, even if no se_key was alloc'd.

Change-Id: If334ba7350e6d2ad1fa9bed142bb2fabe7caa057

* commit '9c08abbd':
  Allow domain access to /dev/ion

* commit 'c27d30a6':
  Correct spelling mistake

Change-Id: I87f81a632ed61f284f2fe09726f5c4529d36f252

Change-Id: If4deccfe740c8de6b88929a0d0439667c3ea340d

* commit '10f9a372':
  Corrected gramatical issues
  Added new line to end of file
  Changed seapp_contexts temporary file naming
  Fix mls checking code
  Support overrides in seapp_contexts
  Add tf_daemon labeling support.
  Add ppp/mtp policy.
  per device seapp_context support
  dhcp policy.
  Trusted Execution Environment policy.

Change-Id: If3ed9998033378de5b47472315444f5b8bd4743e

Change-Id: I62ce62475f4a17d278243cc96db773872b2dc89c