This file is /vendor/etc/selinux/nonplat_sepolicy.cil from aosp_arm64-eng
from mr1-dev

Bug: 69390067
Test: prebuilt only change
Change-Id: I717513ae66e806afe0071cf5b42e9f709264d0b6

Bug: 65551293
Bug: 69390067
Test: None. Prebuilt only change.
Change-Id: I62304b342a8b52fd505892cc2d4ebc882148224b

Bug: 37916906
Test: Builds 'n' boots.
Change-Id: Ia1d86264446ebecc1ca79f32f11354921bc77668
Merged-In: I208ec6a864127a059fb389417a9c6b259d7474cb

The following commits were cherry-picked from internal master to AOSP,
but to avoid merge-conflicts we'll do a large diff instead of individual
cherry-picks:
521742e9
9aefc916
3686efca
de51e7de
fff3fe2f

Bug: 37916906
Test: angler builds and boots.
Merged-In: Ie010cc12ae866dbb97c387471f433158d3b699f3
Change-Id: I5126ebe88b9c76a74690ecf95851d389cfc22d1f

Add /dev/kmsg_debug on userdebug devices, to allow crash_dump to log
crashes to dmesg when logd isn't up yet (or is the one crashing).

(Originally commited in a015186f)
(cherry-pick of commit: 3458ec13)

Bug: 37916906
Bug: 36574794
Bug: 62101480
Test: Builds and boots.
Change-Id: I83aa392f49bb412d96534925fb02921a8f4731fa

(cherry-pick of commit: 55c77504)

Bug: 37916906
Bug: 37896931
Test: none, just prebuilt update.
Change-Id: I55b5179f98703026699a59cce4b2e1afb166fd1d

More changes went into oc-dev after the freeze-date.  Reflect them.
(cherry-pick of commit: 148578a6)

Bug: 37916906
Bug: 37896931
Test: prebuilts - none.
Change-Id: I3300751ea7362d5d96b327138544be65eb9fc483

commit: 5c6a227e added the oc-dev
sepolicy prebuilts (api 26.0), but did not include the corresponding
base mapping file, which is to be maintained along with current
platform development in order to ensure backwards compatibility.
(cherry-pick of commit: 5e4e0d7f)

Bug: 37916906
Bug: 37896931
Test: none, this just copies the old mapping file to prebuilts.
Change-Id: Ia5c36ddab036352845878178fa9c6a9d649d238f

Copy the final system sepolicy from oc-dev to its prebuilt dir
corresponding to its version (26.0) so that we can uprev policy and
start maintaining compatibility files, as well as use it for CTS
tests targeting future platforms.

(cherry-pick of commit: 5c6a227e)

Bug: 37896931
Bug: 37916906
Test: none, this just copies the old policy.
Change-Id: Ib069d505e42595c467e5d1164fb16fcb0286ab93

The treble compatibility tests check for policy differences between old
and new policy.  To do this correctly, we must not modify the policy which
represents the older policies.  Move the files meant to be changed to a
different location from the ones that are not meant to be touched to avoid
any undesired changes to old policy, e.g. commit:
2bdefd65078d890889672938c6f0d2accdd25bc5

Bug: 36899958
Test: Build-time tests build.
Change-Id: I8fa3947cfae756f37556fb34e1654382e2e48372

untrusted_app_visible_hwservice was an attribute that was meant to
give partners time to add their HALs to AOSP.  It was removed from mr1
and so needs to be accounted for in the compatibility mapping.

Bug: 64321916
Test: Builds with treble policy tests.
Change-Id: I359a842083016f0cf6c9d7ffed2116feb9e159c6

Only seeing this denial in permissive:
allow shell screencap_exec:file getattr;

Bug: 37565047
Test: adb shell screencap w/o root
Test: cts-tradefed run cts-dev --module CtsAadbHostTestCases
Change-Id: I9f31d2067e002e7042646ee38dbfc06687481ac7

On Full Treble devices, servicemanager should only service
services from the platform service_contexts file.

Created new type to separate plat_ and nonplat_service_contexts,
and added new type to mapping (although I don't think this type
should have been used by vendors).

Bug: 36866029
Test: Marlin/Taimen boot
Change-Id: Ied112c64f22f8486a7415197660faa029add82d9

Commit: 2490f1ad meant to add
thermalserviced_tmpfs to the new_object list in the mapping file,
but copy-paste error resulted in thermalserviced_exec_tmpfs being
recorded instead.  Fix this.

(cherry-pick of commit: fbacc656)

Bug: 62573845
Test: None. prebuilt change.
Change-Id: Iab4eaef04742187d6397a539aae854651caa9935

A new API [getNamesForUids] was recently added to the PackageManager
and this API needs to be accessible to native code. However, there
were two constraints:
1) Instead of hand-rolling the binder, we wanted to auto generate
the bindings directly from the AIDL compiler.
2) We didn't want to expose/annotate all 180+ PackageManager APIs
when only a single API is needed.
So, we chose to create a parallel API that can be used explicitly
for native bindings without exposing the entirety of the
PackageManager.

Bug: 62805090
Test: Manual
Test: Create a native application that calls into the new service
Test: See the call works and data and returned
Change-Id: I0d469854eeddfa1a4fd04b5c53b7a71ba3ab1f41

Commit: ec3b6b7e added a new daemon
and corresponding types to sepolicy.  The explicitly declared types
were added to 26.0.ignore.cil to reflect the labeling of new objects,
but another type, thermalserviced_tmpfs was created by macro and was
missed in code review.  Add it as well.

Bug: 62573845
Test: None. prebuilt change.
Change-Id: Ia8968448eea0be889911f46fe255f581659eb548
(cherry picked from commit 2490f1ad)

Add sepolicy for thermalserviced daemon, IThermalService binder
service, IThermalCallback hwservice, and Thermal HAL revision 1.1.

Test: manual: marlin with modified thermal-engine.conf
Bug: 30982366
Change-Id: I207fa0f922a4e658338af91dea28c497781e8fe9
(cherry picked from commit ec3b6b7e)

Commit: 5aef6a94 added a new type,
system_net_netd_hwservice, for a new hwservice.  Record this in the
compatibility infrastructure as labeling a new object, rather than
relabeling one from O.

Bug: 62573845
Test: None. Prebuilt change only.
Change-Id: If360eb9e05684d9b47316d53e494aa773485e93f

Commit: 3eed3eac added the compatibility
statement for the new mediaprovider app domain, but it missed another
new, private type, mediaprovider_tmpfs, that is automatically created for
all appdomains.  It replaces priv_app_tmpfs, but since both types are
private, they do not need to be added to the actual mapping (vendor policy
cannot use it).

Bug: 62573845
Test: None.  Prebuilt-only change.
Change-Id: I62229a5be74cd928fe0ca82a45b73cb61d6f5223

Commit: 632bc494 added hwservice labeling
and was cherry-picked to oc-dev, but the hal_wifi_offload_hwservice type
was not part of the cherry-pick because the service was not in oc-dev.
Record the type for compatibility purposes.

Bug: 62573845
Test: None. Prebuilt change only.
Change-Id: Ib2c0fe862eddb566fbe6b0287238fa93dddae7b8

Remove reference to non-existent attribute domain_deprecated.

Test: successfully build
Change-Id: I9b019147c033bf4019e37cb11736eb0a91284d9d

Bug: 63905942
Test: mm -j40
Change-Id: I354ee863475aedd2dc9d2b436a00bcd82931456f
(cherry picked from commit 4fc5fb5e521347d65dc921f8c1fb751c66f9a92c)

This type was removed in commit: 93166cef
and no longer needs to be included in compatibility infrastructure.

Bug: 62573845
Test: None, prebuilt change.
Change-Id: I9dc05512c7fcb3ef4445c4c6b040809a1d595282

Prevent files in /proc from incorrectly having sysfs_type attribute.

Rework neverallows so that ueventd has write access to all of
/sys which it needs to handle uevents.

Bug: 63147833
Test: Build. Flash angler, verify files are correctly labeled and no
    new denials are in the logs.

Change-Id: Ib94d44e78cee0e83e2ac924f1c72e611e8e73558

This reinstates the exception for netd_stable_secret_prop, which
was added after O sepolicy freeze. This exception, along with the
corresponding core sepolicy change, was reverted in order to
allow these policies to be added to per-device sepolicy.

DO NOT SUBMIT until http://ag/2528214 has automerged to master.

This reverts commit 777c8ee0.

Bug: 17613910
Bug: 62573845
Test: make -j64 bootimage
Change-Id: I20b52f1d8e1c0cbb18a339bf45586dacbc7405ad

This will allow removing the netd_stable_secret_prop from common
policy in master. It will be re-added after the wahoo-specific
sepolicy for netd_stable_secret_prop lands in oc-dr1-dev, is
automerged to master, and then is reverted in master.

This reverts commit ebea2b45.

Bug: 17613910
Bug: 62573845
Test: None, prebuilt change only.
Change-Id: I1234326d2fe6446e7e09ba9e97187518fa9bce33

Platform SELinux policy may be updated without a corresponding
update to non-platform policy.  This is meant to be accomplished by
maintaining a compatibility mapping file which will be built along
with the current platform policy to link older non-platform policy.

Introduce an example vendor policy built from 26.0 public policy and
make sure that the current platform policy and mapping file, for that
version, build with it.  Add this as a dependency for the
selinux_treble_tests, which are meant to ensure treble properties,
ultimately to provide this compatibility guarantee.

Bug: 36899958
Test: Current platform policy builds with oc-dev vendor policy and
oc-dev mapping file.  Removed private type with no effect.  Removed
public type without corresponding mapping entry causes build to fail.

Change-Id: I7994ed651352e2da632fc91e598f819b64c05753

Commit: e58a8de5 added a new type
which has no analogue in 26.0.  Record it as such.

Bug: 62573845
Test: None. Prebuilt change only.
Change-Id: I6b6d2aa64e0ac2c39c8d0427d333e6c7fc2b0bb1

Commit: 86cb5215 gave /dev/memcg a
new label, but also explicitly prohibited access to vendor domains.
Add the type to the 'new types' and don't map it to any other type
for backwards compatibility.

Bug: 62573845
Test: None. Prebuilt change only.
Change-Id: I8902716830b162ead69834544ace9e02a94c65b4

Commit: 38f0928f added a type for a
new system service.  This service did not exist previously, so mark
the type as not needing any compat entry.

Bug: 62573845
Test: None. Prebuilt change only.
Change-Id: I52d8e144c614b27f5c52fa99be6cfac87159bbcd

Commit: 78e595de added a new hwservice,
which replaced a previous system service.  This effectively means we are
deleting one object and creating a new one, so no compatibility mapping
should be necessary since previous vendor processes trying to access the
service will not be able to find it now independent of policy.

Bug: 62573845
Test: None. Prebuilt change only.
Change-Id: I6882d968dccb55561379e940f6ecb62902bb1659

Bug: 37896931
Test: none, just update prebuilt.
Change-Id: Id940d1c2bc46deab1eb49bacebbb41069e2034e4

Commit: b8f7a408 removed three
attributes from public policy.  These attributes could be assigned
to vendor types, and so need to be kept in policy when combined with
vendor policy of that version.

Bug: 62573845
Test: None. Prebuilt change only.
Change-Id: I7d71ef7795f8b82c214c2ef72478c3ca84d1869c

Commit: 4dc88795 changed the label of
uid_time_in_state from proc to proc_uid_time_in_state.  This file
could have been used by vendor services.  Add a compat mapping.

Bug: 62573845
Test: None. Prebuilt change only.
Change-Id: I2e5222c4d4fe12cb0bbc4e85ba53c1f59b714d61

Commits 7fa51593 and
92fdd895 removed the
tracing_shell_writable and tracing_shell_writable_debug types, and
relabeled the files with debugfs_tracing and debugfs_tracing_debug,
respectively.  Record this in the compatibility file so that vendor
policy using these types will still work.

Bug: 62573845
Test: None. Prebuilt change only.
Change-Id: Ic6573518035514a86abe2081483431427612699e

Commit: abb1ba65 added policy for a
new property, which was not present in O.  This policy introduced a
new type.  Record it as such.

Bug: 62573845
Test: None, prebuilt change only.
Change-Id: I7d90cd69a5e6e29677598cc109676d5b1ce5ba05

Commit: bde5c801 added a new type,
mediaprovider, which is being applied to an object (process) formerly
labeled as priv_app. Add the new type to the versioned attribute for
priv_app so that any vendor policy written for interaction with
mediaprovider continues to work.

Bug: 62573845
Test: None.  Prebuilt-only change.
Change-Id: Id98293369401a2af23c2328a1cb4a5bb2258aac8

Commit: 50889ce0 added policy for a
new service, which was not present in O.  This policy introduced a
new type.  Record it as such.

Bug: 62573845
Test: None, prebuilt change only.
Change-Id: If9cfaff813c47d3b1c8374e8abfb4aedb902d486

Commit: 11bfcc1e added policy for
a new socket which was not present in O.  This socket has a new
type associated with it.  Record the type as a new type so that
compatibility testing will not complain.

Bug: 62573845
Test: None, prebuilt change only.
Change-Id: I375fc9ca0bd201e277a0302d9b34c0da0eb40fbd

Commit 5f573ab2 added policy for
the additions of upstream fs tools.  Make sure the new types are
denoted as such (no object relabeling needs to be done) and that
objects which are relabeled are.

Bug: 35219933
Bug: 62573845
Test: None. Prebuilt change only.
Change-Id: I6515e05ebc60ca08e98029f471cf2861826036fc