In normal, user builds, shell doesn't have the required
DAC permissions to acess the kernel log.

Change-Id: I001e6d65f508e07671bdb71ca2c0e1d53bc5b970

Add policy for run-as program and label it in file_contexts.
Drop MLS constraints on local socket checks other than create/relabel
as this interferes with connections with services, in particular for
adb forward.

Change-Id: Ib0c4abeb7cbef559e150a620c45a7c31e0531114
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

Change-Id: I06ea2b400cc826c684b6ad25e12b021c2667b48a

New property_contexts file for property selabel backend.
New property.te file with property type declarations.
New property_service security class and set permission.
Allow rules for setting properties.

Allow reading of properties area, which is now created before init has switched contexts.  Revisit this later - we should explicitly label the properties file.