This change renames the non-platform sepolicy files on a DUT from
nonplat_* to vendor_*.

It also splits the versioned platform sepolicy from vendor_sepolicy.cil
to a new file /vendor/etc/selinux/plat_pub_versioned.cil. And only keeps
vendor customizations in vendor_sepolicy.cil.

Build variable BOARD_SEPOLICY_DIRS is also renamed to
BOARD_VENDOR_SEPOLICY_DIRS.

Bug: 64240127
Test: boot an existing device
Change-Id: Iea87a502bc6191cfaf8a2201f29e4a2add4ba7bf

* changes:
  Correctly label data types
  Test that /data is properly labeled

Bug: 62940136
Test: read /dev/v4l-touchX from inputflinger

Change-Id: Ifcece4192c567e0cbaba1b7ad40d25c8f34f8e40

Data outside /data/vendor must have the core_data_file_type
attribute.

Test: build (this is a build time test)
Bug: 34980020
Change-Id: Ia727fcad813d5fcfbe8f714246364bae0bda43bd
Merged-In: Ibacfcc938deab40096b54b8d0e608d53ca91b947

Data outside of /data/vendor should have the core_data_file_type.
Exempt data_between_core_and_vendor for some types.

Ensure core_data_file_type and coredomain_socket do not get expanded
to their underlying types.

Test: build sepolicy for all targets in master (this is a build time
    test)
Bug: 34980020
Change-Id: I59387a87875f4603a001fb03f22fa31cae84bf5a
(cherry picked from commit bdd45479)

chmod +x

Test: build all sepolicy targets.
Change-Id: I9e47b78667e4a213c31ecce0e37fe7f84abd9655

Bug: 72668919
Test: build
Change-Id: Id156b40a572dc0dbfae4500865400939985949d9

This script will build the SELinux policy for multiple targets in parallel.

To use it, run:
./build_policies.sh <Android root directory> <output directory> [specific targets to build]

If you do not pass any individual targets, it will build all targets it can find.

It will print out the list of failing targets.  You can open up the corresponding log file in the output directory to see the exact errors.

This script is still a work in progress.  It currently cannot discover all build targets (it misses ones "lunch" does not list).

Bug: 33463570
Test: Ran script to build multiple targets with and without failures.
Change-Id: Iee8ccf4da38e5eb7ce2034431613fe10c65696ab

Test: App startup on boot
Change-Id: I7740aafc088aadf676328e3f1bb8db5175d97102

This should fix presubmit tests.

Bug: 72472544
Test: Built policy.
Change-Id: I01f0fe3dc759db66005e26d15395893d494c4bb7

vendor_init exists on the system partition, but it is meant to be an
extention of init that runs with vendor permissions for executing
vendor scripts, therefore it is not meant to be in coredomain.

Bug: 62875318
Test: boot walleye
Merged-In: I01af5c9f8b198674b15b90620d02725a6e7c1da6
Change-Id: I01af5c9f8b198674b15b90620d02725a6e7c1da6

Instead of having statsd linking the perfetto client library
and talk directly to its socket, we let just statsd exec()
the /system/bin/perfetto cmdline client.

There are two reasons for this:
1) Simplify the interaction between statsd and perfetto, reduce
  dependencies, binary size bloat and isolate faults.
2) The cmdline client also takes care of handing the trace to
  Dropbox. This allows to expose the binder interaction surface
  to the short-lived cmdline client and avoid to grant binder
  access to the perfetto traced daemon.

This cmdline client will be used by:
 - statsd
 - the shell user (for our UI and Studio)

Bug: 70942310
Change-Id: I8cdde181481ad0a1a5cae5937ac446cedac54a1f

This should fix presubmit tests.

Bug: 72550646
Test: Built policy.
Change-Id: I51345468b7e74771bfa2958efc45a2a839c50283

This should fix presubmit tests.

Bug: 72507494
Test: Built policy.
Change-Id: I56944d92232c7a715f0c88c13e24f65316805c39

This neverallow exception is not needed.

Bug: 62875318
Test: build walleye, bullhead
Change-Id: Ide37ef9fe7a0e1cc4a1809589f78052007698cf5

Test: n/a
Change-Id: I7c46d5f984955f963b668fe8d978e68e6b7b9a83

The exception for vendor_init in this neverallow was never needed.

Bug: 62875318
Test: Build walleye, bullhead
Change-Id: Iac2b57df30b376492851d7520994e0400a87f1e1

The current neverallow rules for compatible properties restrict
domains from write file permissions to the various property files.
This however is the wrong restriction, since only init actually writes
to these property files.  The correct restriction is to restrict 'set'
for 'property_service' as this change does.

Note there is already a restriction preventing {domain -init} from
writing to these files in domain.te.

Test: build
Change-Id: I19e13b0d084a240185d0f3f5195e54065dc20e09

We are occasionally seeing the following SELinux denial:

avc: denied { read } for comm="idmap" path="/proc/947/mounts" scontext=u:r:idmap:s0 tcontext=u:r:installd:s0 tclass=file

This commit suppresses that exact denial.

We believe this is occurring when idmap is forked from installd, which is reading its mounts file in another thread.

Bug: 72444813
Test: Boot Walleye and test wifi and camera.
Change-Id: I3440e4b00c7e5a708b562a93b304aa726b6a3ab9

Allow dumpstate & system server watchdog to dump statsd stacks.

Bug: 72461610
Test: m
Change-Id: I4c3472881da253f85d54b5e5b767b06e2618af9c

Merge "Allow binder call between statsd and healthd. Also allow statsd to find health hal service for battery metrics."

This should fix presubmit tests.

Bug: 72444813
Test: Built policy.
Change-Id: I5b8661b34c9417cd95cb0d6b688443dcbe0d1c0b

Since /product is an extension of /system, its file contexts should be
consistent with ones of /system.

Bug: 64195575
Test: tested installing a RRO, apps, priv-apps and permissions
Change-Id: I7560aaaed852ba07ebe1eb23b303301481c897f2