Change-Id: I87f81a632ed61f284f2fe09726f5c4529d36f252

Change-Id: If4deccfe740c8de6b88929a0d0439667c3ea340d

Change-Id: If3ed9998033378de5b47472315444f5b8bd4743e

Change-Id: I62ce62475f4a17d278243cc96db773872b2dc89c

Change-Id: I4f0576a47ca2e99bca719bf321349c7d7d05cd3c

Change-Id: I4f522869eeaa6f84771e4ee2328f65296dcc29db

Change-Id: I614caa520e218f8f148eef641fed2301571da8e1

Provides support for overriding seapp_contexts declerations
in per device seapp_contexts files.

Change-Id: I23a0ffa1d24f1ce57825b168f29a2e885d3e1c51

Initial policy for Point-to-Point tunneling and
tunneling manager services.

Change-Id: Ia292607cbd06514a8ac3b0ad49eaefcdce12ef16

This patchset covers the /mnt/asec variety only.

This was moved from external/mac-policy.git

Only enforce per-app process and file isolation via SELinux for third party apps, not platform apps.

Platform (any of the apps signed by build keys, i.e. platform|release|shared|media) apps expect to be able to share files with each other or with third party apps by passing open files or pathnames over Binder.  Therefore, we switch to only enforcing the per-app process and file isolation via SELinux on third party apps, not platform apps.

Make the platform app domains mlstrustedsubjects so that they can access any files created by third party apps.
Introduce a new platform_app_data_file type for platform apps so that we can mark it as a mlstrustedobject and allow third party apps to read/write files created by the platform apps.
Specify this new type for the platform app entries in seapp_contexts.
Remove levelFromUid=true for the platform apps in seapp_contexts since we are no longer enforcing per-app separation among them.