clatd's environment may not have a sufficiently large memlock
ulimit; it needs >=1MB but values much lower can be encountered.

The mmap() is performed while clatd is still root, before dropping
privileges; allow this to succeed.

Bug: 21736319
Change-Id: I8171e077046566924c769e855144ae5fac634d4c

SANITIZE_TARGET adds shared libraries in /data/lib.

Bug: 21785137
Change-Id: I8ac3d059d88d57d24ed762ffc6202a4ce5a42333

If a duplicate entry is found, rule_map_cmp() incorrectly
assumes that the lengths of the key value pairs should be
equal, when this is not true. The duplicate detection is
done on the input parameters, thus the lengths can be
different. This resulted in a duplicate error string
message of "do not match", instead of "match on all inputs".

Also, the file name printed that contained the error was
the output file, not the input file that contained it.

Change-Id: I9b3f99fa4aa3454849de55f18b198b0b56e44320
Signed-off-by: William Roberts <william.c.roberts@intel.com>

The recovery and update_binary need to access the /oem partition for
devices like sprout.

Bug: 19764039
Change-Id: I3647c5d72ed708cd797968669fa1116a3ba39542
(cherry picked from commit d245789c)

Bug: http://b/19483574
Change-Id: Ie620011cb1d2c05fdfd4f2da375a57e47140b98f

Point to external/selinux/libsepol instead of external/libsepol.

Change-Id: I09c33a4cbd7b4cd3ef2341c042259b96c0b59372

System server and uncrypt need to communicate with a named pipe on the
/cache partition. It will be created and deleted by system server.

Bug: 20012567
Bug: 20949086
(cherry picked from commit 70c6dbf0)
Change-Id: I4ddc523c2a0f4218877dae8f8a9b7fcf3f786625

Point to external/selinux/libsepol instead of external/libsepol

Change-Id: If6dc1e9261f397d801ba2376ab60c5dc5b5d86e4

service_manager_local_audit_domain was used to fine tune the service_manager
auditallow rules when introducing the service_manager SELinux rules.  This is no
longer needed.

Bug: 21656807
Change-Id: Ia042a887e7bf9eb2a2b08b8d831e68dfe6395f75

- Enable logpersistd to write to /data/misc/logd
- Enable logpersistd to read from pstore to help complete any content
  lost by reboot disruption
- Enable shell readonly ability logpersistd files in /data/misc/logd
- Enable logcat -f when placed into logd context to act as a
  logpersistd (nee logcatd) agent, restrict access to run only in
  userdebug or eng

Bug: 19608716
Change-Id: I3209582bc796a1093c325c90068a48bf268e5ab5

SystemPropPoker in settings app lists and communicates with every service on the
system on property change, which is not currently allowed for all services.

This occurs, for instance, when toggling
Developer options -> Monitoring -> Profile GPU Rendering -> On scren as bars.

Addresses the following denials:
SELinux : avc:  denied  { find } for service=samplingprofiler scontext=u:r:system_app:s0 tcontext=u:object_r:samplingprofiler_service:s0 tclass=service_manager
SELinux : avc:  denied  { find } for service=DockObserver scontext=u:r:system_app:s0 tcontext=u:object_r:DockObserver_service:s0 tclass=service_manager
SELinux : avc:  denied  { find } for service=devicestoragemonitor scontext=u:r:system_app:s0 tcontext=u:object_r:devicestoragemonitor_service:s0 tclass=service_manager
SELinux : avc:  denied  { find } for service=media.camera.proxy scontext=u:r:system_app:s0 tcontext=u:object_r:cameraproxy_service:s0 tclass=service_manager
SELinux : avc:  denied  { find } for service=scheduling_policy scontext=u:r:system_app:s0 tcontext=u:object_r:scheduling_policy_service:s0 tclass=service_manager
SELinux : avc:  denied  { find } for service=battery scontext=u:r:system_app:s0 tcontext=u:object_r:battery_service:s0 tclass=service_manager
SELinux : avc:  denied  { find } for service=processinfo scontext=u:r:system_app:s0 tcontext=u:object_r:processinfo_service:s0 tclass=service_manager
SELinux : avc:  denied  { find } for service=batteryproperties scontext=u:r:system_app:s0 tcontext=u:object_r:healthd_service:s0 tclass=service_manager
SELinux : avc:  denied  { find } for service=drm.drmManager scontext=u:r:system_app:s0 tcontext=u:object_r:drmserver_service:s0 tclass=service_manager
SELinux : avc:  denied  { find } for service=commontime_management scontext=u:r:system_app:s0 tcontext=u:object_r:commontime_management_service:s0 tclass=service_manager

Bug: 20762975
Bug: 21446739
Change-Id: I92b7629077eb5aabffb72170f4ef71f574ebb95c

These are all userspace security class definitions that are
unused in Android; they are only meaningful in Linux distributions.

Change-Id: I99738752da996d9a1c7793eea049d937ffe4255b
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

All uses were removed by I1c925d7facf19b3953b5deb85d992415344c4c9f;
this is just a dead definition.

Change-Id: Id6b08b624c9eea824f5a55d99b7a4ebf9c9f207e
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

Change-Id: Ic5935f8a6ab55c1aa02a0e5753c3baf4b948eda7

Change-Id: Iec14c79f060f3e54985828932112911067c973ea

/dev/rtc0 is not the only possible rtc device node, make sure all are given the
rtc_device label.

Change-Id: I50d15aa62e87509e940acd168474433803b2115d

Grant access to system_server, as it is used by AlarmManagerService.

Change-Id: I4f099fe30ba206db07d636dd454d43d3df9d3015

Change-Id: I45002cfd05e4e184bfc66039b3ae9a4af057adb1
Signed-off-by: William Roberts <william.c.roberts@linux.intel.com>

Keystore is going through an API cleanup to make names more clear and
remove unclear methods.

Change-Id: I06354ccd0a9a73fd20168bfce9350c451cfaced3

Encourage the use of set_prop macro by making existing
unix_socket_connect(domain, property, init) calls
warn at compile time. When encountering one of these macros,
m4 will emit a deprecated message as follows:

m4: external/sepolicy/adbd.te: 97: deprecated: unix_socket_connect(adbd, property, init) Please use set_prop(adbd, <property name>) instead.

Change-Id: I997fed75d2683933e08db8b9efeecea71523c7c3
Signed-off-by: William Roberts <william.c.roberts@linux.intel.com>

Bug: http://b/19483574
Change-Id: Id39a5aaf531d2a75a22647bdafb34a6ef18201c8

Only a few daemons need transition to shell. Prevent
misuse and over-privileging of shell domain.

Change-Id: Ib1a5611e356d7a66c2e008232c565035e3fc4956
Signed-off-by: William Roberts <william.c.roberts@linux.intel.com>

Only a few system level components should be creating and writing
these files, force a type transition for shared files.

Change-Id: Ieb8aa8a36859c9873ac8063bc5999e9468ca7533
Signed-off-by: William Roberts <william.c.roberts@linux.intel.com>

user_changed will be used for state change methods around android user
creation/deletion.

Change-Id: I295ca9adfc4907b5d7bcf0555f6e5a9a3379635b

Addresses the following error when running CTS on master:
junit.framework.AssertionFailedError: The following errors were encountered when validating the SELinuxneverallow rule:
neverallow { appdomain -bluetooth } self:capability *;
/tmp/SELinuxHostTest5593810182495331783.tmp: error while loading shared libraries: libc++.so: cannot open shared object file: No such file or directory

Also indicate that none of the sepolicy tools need c++ std lib.

(cherry-pick of 0cdb0517be696c0dc6882d289eedd45bf2da918c now made possible by
addition of commit: 28b72eddd54cb1287dd7daae853e8e4b78fa17eb)

Bug: 19617220
Change-Id: I2c5b7ab1ddeb0e02cbaad2b7d5430a0974524a89

AVC message we get without this change creating
/data/misc/vold/user_keys

05-12 08:57:54.839   189   189 W vold    : type=1400 audit(0.0:176):
avc: denied { create } for name="user_keys" scontext=u:r:vold:s0
tcontext=u:object_r:vold_data_file:s0 tclass=dir permissive=0

Bug: 19704432
Change-Id: I10fc90c64c7c10fa9811133a4289663ae8617607

A common source of mistakes when authoring sepolicy is properly
setting up property sets. This is a 3 part step of:
1. Allowing the unix domain connection to the init/property service
2. Allowing write on the property_socket file
3. Allowing the set on class property_service

The macro unix_socket_connect() handled 1 and 2, but could be
confusing for first time policy authors. 3 had to be explicitly
added.

To correct this, we introduce a new macros:
set_prop(sourcedomain, targetprop)

This macro handles steps 1, 2 and 3.

No difference in sediff is expected.

Change-Id: I630ba0178439c935d08062892990d43a3cc1239e
Signed-off-by: William Roberts <william.c.roberts@linux.intel.com>

Files on the /oem partition are weird. The /oem partition is an ext4
partition, built in the Android tree using the "oem_image" build target
added in build/ commit b8888432f0bc0706d5e00e971dde3ac2e986f2af. Since
it's an ext4 image, it requires SELinux labels to be defined at build
time. However, the partition is mounted using context=u:object_r:oemfs:s0,
which ignores the labels on the filesystem.

Assign all the files on the /oem image to be oemfs, which is consistent
with how they'll be mounted when /oem is mounted.

Other options would be to use an "unlabeled" label, or try to fix the
build system to not require SELinux labels for /oem images.

Bug: 20816563
Change-Id: Ibe8d9ff626eace8a2d5d02c3f06290105baa59fe

The default label for files on /system is already system_file. No
need to explicitly specify it.

Change-Id: If0c92a0da4119a0d8f83b4a3e05101cfcdb9a82d