am: 7c4f46b5

Change-Id: I88aa64b8847456f66310d632ee86929a76dfaf7b

am: b0d59450

Change-Id: If85613b84aecf43b0519bb933d925eb1829e3d5e

With project Treble, we're relying heavily on attributes for
permission inheritance and enforcement of separation between
platform and vendor components.

We neead tests that verify those attributes are correctly applied.
This change adds the framework for those tests including a wrapper
around libsepol for loading and querying policy, and a python module
for running tests on policy and file_contexts.

Included with the testing framework is a test asserting that the
coredomain attribute is only applied to core processes. This
verification is done using the following rules:
1. Domain's entrypoint is on /system - coredomain
2. Domain's entrypoint is on /vendor - not coredomain
3. Domain belongs to a whitelist of known coredomains - coredomain

In a subsequent commit these tests will be applied at build time.
However, I first need to fix existing Treble violations exposed by
this test. These tests will also be applied during CTS.

Test: LD_PRELOAD=$ANDROID_HOST_OUT/lib64/libsepolwrap.so python \
    treble.py -p $OUT/vendor/etc/selinux/precompiled_sepolicy \
    -f $OUT/vendor/etc/selinux/nonplat_file_contexts \
    -f $OUT/system/etc/selinux/plat_file_contexts
Bug: 37008075
Change-Id: I7825f5c2909a5801deaccf2bef2bfd227adb0ae9

Add policy changes to enable a new service. The service
is currently switched off in config, but this change is
needed before it could be enabled.

Bug: 31008728
Test: make droid
Change-Id: I29c4509304978afb2187fe2e7f401144c6c3b4c6

This is sometimes used for communication with the bootloader.

Bug: 62052545
Test: Build
Change-Id: I3ae37793407719e55ab0830129aa569c9018f7da

SEPolicy: Allow app / system_server to write to dumpstate pipes. am: a34781ae am: 32c7000e am: b25e8823
am: bf7a5bd6

Change-Id: I13dfde61b2d69ba690fbb6a1bf5aab76f990dbf9

am: b25e8823

Change-Id: I778011a48800ace4d865813b148efcdd88d166bb

am: 32c7000e

Change-Id: I57d3af7a930f77be74feba88d9875c9b5b90ab7c

am: a34781ae

Change-Id: Ic4103ff418e69f000198bb588f0cfccc578ba324

am: 6d9f42f0

Change-Id: I1894493c01399348bf0d83679bc119d00acc149e

tombstoned allows dumpstate to install "intercepts" to java trace
requests for a given process. When an "intercept" is installed, all
trace output is redirected to a pipe provided by dumpstate instead
of the default location (usually in /data/anr or /data/tombstone).

Note that these processes are already granted "write" and "getattr"
on dumpstate:fifo_file in order to communicate with dumpstate; this
change adds "append" to the existing set of permissions.

Bug: 32064548
Test: manual
Change-Id: Iccbd78c59071252fef318589f3e55ece51a3c64c

SEPolicy: Changes for new stack dumping scheme. am: e628cb5b am: 5e8fe834 am: 51a01817  -s ours
am: a7d87b94  -s ours

Change-Id: I8c2250afc39882dc3ee0b9888e3fb2e1d872cb8a

am: 51a01817  -s ours

Change-Id: I4ecaa2194614148b4b50245e6250bdde02206160

Applications connect to tombstoned via a unix domain socket and request
an open FD to which they can write their traces. This socket has a new
label (tombstoned_java_trace_socket) and appdomain and system_server are
given permissions to connect and write to it.

Apps no longer need permissions to open files under /data/anr/ and
these permissions will be withdrawn in a future change.

Bug: 32064548
Test: Manual

(cherry picked from commit a8832dabc7f3b7b2381760d2b95f81abf78db709)

(cherry picked from commit 11bfcc1e)

Change-Id: Icc60d227331c8eee70a9389ff1e7e78772f37e6f

am: 5e8fe834

Change-Id: Ibfe717b42fc26da2ec7876143b8cf0445a20eaec

am: e628cb5b

Change-Id: If2ce6fbf2b897d58da78430a7bae0fd6fb6e5a49

Applications connect to tombstoned via a unix domain socket and request
an open FD to which they can write their traces. This socket has a new
label (tombstoned_java_trace_socket) and appdomain and system_server are
given permissions to connect and write to it.

Apps no longer need permissions to open files under /data/anr/ and
these permissions will be withdrawn in a future change.

Bug: 32064548
Test: Manual

Merged-In: I70a3e6e230268d12b454e849fa88418082269c4f
Change-Id: Ib4b73fc130f4993c44d96c8d68f61b6d9bb2c7d5

am: 19e71b7b

Change-Id: Ife8931f2543dc6339e16faabef66879c1e184390

am: d2b3a454

Change-Id: I1ba8e73e1a004b654bc32dd6520b1e41ec3bc9cf

Bug: 62102558
Test: see b/62102558
Change-Id: If80d1270bcf6835e6d1a78e2176c3e139cebd174

Applications connect to tombstoned via a unix domain socket and request
an open FD to which they can write their traces. This socket has a new
label (tombstoned_java_trace_socket) and appdomain and system_server are
given permissions to connect and write to it.

Apps no longer need permissions to open files under /data/anr/ and
these permissions will be withdrawn in a future change.

Bug: 32064548
Test: Manual

(cherry picked from commit a8832dabc7f3b7b2381760d2b95f81abf78db709)

Change-Id: I70a3e6e230268d12b454e849fa88418082269c4f

am: cd591483

Change-Id: If3b128bcc0dbeb043f9476c28334d83912ed53e4

am: e95974b0

Change-Id: I29eeb3ec90a67fe4377fe10f0884608a5fa52ea9

am: f23230c8

Change-Id: I2214556e60abce3bf0801bc01d86e8c481e44c38

am: c3f4afef

Change-Id: I8810383b62d3c678c289867a0e17732242ee6679

am: e589330e

Change-Id: I532d4b0ca606663a324dda1e65ce18175e808e7e

am: 75b99632

Change-Id: I272e173f63c6f30bfe5994e15fc4b0bf558535da

am: 032c6d61

Change-Id: Ibc245f943ad12afbc71f0d13be915120d2388529

am: 9ac5d01f

Change-Id: I31b6b74e498efd2a6f6795f91d6a39a000886061

am: 11b239f0  -s ours

Change-Id: Ifabe749bffbc196782476129fdc34bd746f64b47

am: 33d7e90b

Change-Id: I72b51db1d65df6a82b396187e982df1e4336c6be

* changes:
  Restrict BOARD_PLAT_[PUBLIC|PRIVATE]_SEPOLICY_DIRS to one dir.
  Add BOARD_PLAT_[PUBLIC|PRIVATE]_SEPOLICY_DIRS

This reverts commit a015186f.

Bug: http://b/62101480
Change-Id: I8e889e3d50cf1749168acc526f8a8901717feb46