Remove obsolete netlink_firewall_socket and netlink_ip6fw_socket classes. am: 4921085d am: bb268195 am: f91ef883
am: b51dfbb3

Change-Id: I90daccc0d9a93985c5b2a090a880ba9e0092445c

Define extended_socket_class policy capability and socket classes am: 431bdd9f am: 7a069af2 am: eb6196b1
am: e677bea7

Change-Id: I48f781c0b9e2192595f44da378ffa24336fabb80

Define the user namespace capability classes and access vectors. am: 8a003607 am: 60eff1f2 am: 2d6dc8b5
am: ffa66ea2

Change-Id: I0dd01731c2b005d3750636b36bce5b6aaeee1f5f

Remove obsolete netlink_firewall_socket and netlink_ip6fw_socket classes. am: 4921085d am: bb268195
am: f91ef883

Change-Id: I0b6352a3584188def58b84215383fb0025329518

am: eb6196b1

Change-Id: I4ff39ba20966778c4084a91a0454dbc346b08b8c

am: 2d6dc8b5

Change-Id: Id1d56498a1221655543916632c376113da918e14

am: bb268195

Change-Id: I7f321af50b4d0e5b69c31e2e1d2a5fb9e67ff553

am: 7a069af2

Change-Id: Ic5ba2abe3d5d2aa531ad5aebd64bc564eb707c78

am: 60eff1f2

Change-Id: I903b56cbf25dcc5e8da3508874afce151571d976

am: 4921085d

Change-Id: I6bc17893925ad40ad9e9a49c66ff6943ba7a4346

am: 431bdd9f

Change-Id: Ifb8085ca9b3107acc4c1b658c01b321770c82a96

am: 8a003607

Change-Id: Ifdce40a385442a85f69d7e477c95ab540457f54b

The implementation for NETLINK_FIREWALL and NETLINK_IP6_FW protocols
was removed from the kernel in commit
d16cf20e2f2f13411eece7f7fb72c17d141c4a84 ("netfilter: remove ip_queue
support") circa Linux 3.5.  Unless we need to retain compatibility
for kernels < 3.5, we can drop these classes from the policy altogether.

Possibly the neverallow rule in app.te should be augmented to include
the newer netlink security classes, similar to webview_zygote, but
that can be a separate change.

Test: policy builds

Change-Id: Iab9389eb59c96772e5fa87c71d0afc86fe99bb6b
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

am: 0fb8fe6c

Change-Id: If5582c95102649dc197402db02d8eaaa5670d99c

am: ff9596ff

Change-Id: I59c221933f992107b2e436e9de14bac56c0928a2

am: 60bfd5d6

Change-Id: I9451ce42cc1c0dc1f351f48261a80d7c89034e30

am: 59b687a2

Change-Id: I6191f42a361b9915a73ad07f5eb2ab78f542bdfa

am: f28860e5

Change-Id: Ib98c12a50bf1e957f44bece06faf49687acadf49

am: fc24757a

Change-Id: I7d720227471de483db81264f0a0a89b430aa4d19

am: c4bc8992

Change-Id: I3b18e5ac428349baf2ee5b3cc305fd378c08adca

am: 9805f2cd

Change-Id: I09e3c0050b3beaf40df89e153cc2506b8f0b8072

am: 0db7aae1

Change-Id: I191e6bc530fc735167c8d364c552bd2e6e099f9d

am: d7ebbf1d

Change-Id: I3f1ec16d480ad653242127f8d2680c4b05461f9f

am: 5470aefb

Change-Id: I9d0adb605c5b38990f77ac21acb16ecc547fe433

am: d765766b

Change-Id: I94a6e3b6082f9e153a7272c6d75f36f78a8a314c

am: d04a2dd0

Change-Id: I911532b7f4b82379005b3f78165ddc1bd4546b21

am: d583a833

Change-Id: I40a8da8b67dc54552cae42529c9b51cb25da6290

Add a definition for the extended_socket_class policy capability used
to enable the use of separate socket security classes for all network
address families rather than the generic socket class.  The capability
also enables the use of separate security classes for ICMP and SCTP
sockets, which were previously mapped to rawip_socket class.  Add
definitions for the new socket classes and access vectors enabled by
this capability.  Add the new socket classes to the socket_class_set
macro, and exclude them from webview_zygote domain as with other socket
classes.

Allowing access by specific domains to the new socket security
classes is left to future commits.  Domains previously allowed
permissions to the 'socket' class will require permission to the
more specific socket class when running on kernels with this support.

The kernel support will be included upstream in Linux 4.11.  The
relevant kernel commits are da69a5306ab92e07224da54aafee8b1dccf024f6
("selinux: support distinctions among all network address families"),
ef37979a2cfa3905adbf0c2a681ce16c0aaea92d ("selinux: handle ICMPv6
consistently with ICMP"), and b4ba35c75a0671a06b978b6386b54148efddf39f
("selinux: drop unused socket security classes").

This change requires selinux userspace commit
d479baa82d67c9ac56c1a6fa041abfb9168aa4b3 ("libsepol: Define
extended_socket_class policy capability") in order to build the
policy with this capability enabled.  This commit is already in
AOSP master.

Test: policy builds

Change-Id: I788b4be9f0ec0bf2356c0bbef101cd42a1af49bb
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

Kernel commit 8e4ff6f228e4722cac74db716e308d1da33d744f
(selinux: distinguish non-init user namespace capability checks)
introduced support for distinguishing capability
checks against a target associated with the init user namespace
versus capability checks against a target associated with a non-init
user namespace by defining and using separate security classes for the
latter.  This support is needed on Linux to support e.g. Chrome usage of
user namespaces for the Chrome sandbox without needing to allow Chrome to
also exercise capabilities on targets in the init user namespace.

Define the new security classes and access vectors for the Android policy.
Refactor the original capability and capability2 access vector definitions
as common declarations to allow reuse by the new cap_userns and cap2_userns
classes.

This change does not allow use of the new classes by any domain; that
is deferred to future changes as needed if/when Android enables user
namespaces and the Android version of Chrome starts using them.

The kernel support went upstream in Linux 4.7.

Based on the corresponding refpolicy patch by Chris PeBenito, but
reworked for the Android policy.

Test: policy builds

Change-Id: I71103d39e93ee0e8c24816fca762944d047c2235
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

am: 943d7ed5

Change-Id: I4b3e10c0001e61c9ca93f3834342131b1a834a2a

am: 4d140237

Change-Id: I70b3840694763c4eb14a46a931173a343b31926d

Move neverallows from untrusted_app.te to app_neverallows.te am: 46e5a060 am: 829c8e0a am: 3d1e5959
am: c62facf2

Change-Id: Ibe11a940b712c6f4cf0d2f7d92b19f07d63dfe3f

am: 01002937

Change-Id: I1148f7c40e25b13c833ece35644c51943f311062

am: 3d1e5959

Change-Id: Iea59fcc55ea2813d71141558e3f86fbfdc22d034

am: 812213ae

Change-Id: I38671a9200d7b76dc7b748848f8134df6e2ef267

am: 829c8e0a

Change-Id: I9ded883761ec9d6fbbcfead877788edbbcb41521

am: 95804f17

Change-Id: I744c77d2e32dd2d84a64197fb2bf5c41cffa6a61

* changes:
  crash_dump: dontaudit CAP_SYS_PTRACE denial.
  crash_dump: don't allow CAP_SYS_PTRACE or CAP_KILL.

am: 46e5a060

Change-Id: Id2ccc41a74a8465e6fc33429c13ca22253a53f12