am: 36ee91d4

Change-Id: I9af35533587e962c63b6dd2543b047bf9899fb5e

Bug: 36899958
Test: Builds 'n' boots.
Change-Id: I5836a18f9d0a9a976dda7304045e3b9e1e84565e
Merged-In: I5836a18f9d0a9a976dda7304045e3b9e1e84565e
(cherry picked from commit c0713e86)

am: 99cbe530

Change-Id: I008a9509e758cee7802030e1146bbf140b31ba78

am: d9918e12

Change-Id: Ifc423169476761cb9abd840b75088869c02a76bd

am: 9cd2abc2

Change-Id: Ia6c246e2c33453ffcdee628266553a9dbde7da22

If cppreopts.sh failed to copy files for some reason it would leave
the temporary files sitting around in the data directory. This changes
the selinux rules so that cppreopts is able to get rid of these
temporary files.

Test: phone boots.
Bug: 63995897
Change-Id: I2a7e654c3a3cee7c9f0be8ba64e40c365eee4cfe

am: 01cd12a0

Change-Id: I4318fedbee9c45b7a3b738743dfac59a76329336

am: e63f7f32

Change-Id: If629064af97961fdf4fe6914661f2336cf3a1795

am: 24537b2e

Change-Id: I5033a96073010904191b0761112adce076c1d001

This patch tries to provide similar functionality as the previous
change made here:
https://android-review.googlesource.com/#/c/platform/system/sepolicy/+/432339/



Only, making sure we add the same map permissions for the vendor
directory.

Change-Id: Ia965df2881cdee8bb5d81278a1eb740def582871
Signed-off-by: John Stultz <john.stultz@linaro.org>

Some selinux build packages are defined in embedded.mk,
others are defined in system/sepolicy/Android.mk. Move all
to sepolicy as a dependency of the phony package selinux_policy
which is defined in embedded.mk.

Test: build Marlin (Treble) and Angler (non-Treble)
Merged-In: Ib0443ad3da600447fbb51f2e9f91de04dcf5f9f6
Change-Id: Ib0443ad3da600447fbb51f2e9f91de04dcf5f9f6

am: 9be883b8

Change-Id: I05c352e6e24ff63ba820d54e8e9f4718c9065d4a

am: ced80e80

Change-Id: Ie797f9e4abe40d03848449619368e2a0fd23b84c

am: d90d976e

Change-Id: Id7dc23f6b1c401f350736585222a9e29bf5e3876

am: f5646726

Change-Id: I140a9478fa1e95951a784a499dcae89f7bbbcd73

am: 333808ed

Change-Id: I085967e51ebc74a51a024eed33d4df13e7d65a09

am: 109ee5f9

Change-Id: I47562c12713809970d8531b453f08de74c53466f

Denial message:
avc: denied { write } for pid=640 comm="update_verifier" name="kmsg"
dev="tmpfs" ino=13951 scontext=u:r:update_verifier:s0
tcontext=u:object_r:kmsg_device:s0 tclass=chr_file permissive=0

Bug: 64713327
Test: update_verifier logs successfully during boot time.
Change-Id: I421b1e6660239e5ffc624e504f5945d400510407

This is a Qualcomm proprietary service,
and does not belong here.

Test: boot Marlin
Bug: 63391760
Merged-In: If7469051f6cef3e2440f7021ae26c9815ff54820
Change-Id: If7469051f6cef3e2440f7021ae26c9815ff54820

am: 091d3fcc  -s ours

Change-Id: I1411de756196e749c61cf8301bb35dd75c5ade67

am: 09d37ab9  -s ours

Change-Id: I9a1585c559e893e95292194c3656f2e5cce9871d

am: b190016b

Change-Id: I998048a103664eacfc3b6aecc89ffea1cf277906

am: 0bf4d0db

Change-Id: I352f1142406af5fbe3d5c8142d0053cf4dc23f52

am: 6b780b35  -s ours

Change-Id: I61d2951d682b236e7643b7b81eb5c52f84024950

Only seeing this denial in permissive:
allow shell screencap_exec:file getattr;

Bug: 37565047
Test: adb shell screencap w/o root
Test: cts-tradefed run cts-dev --module CtsAadbHostTestCases
Merged-In: I9f31d2067e002e7042646ee38dbfc06687481ac7
Change-Id: I9f31d2067e002e7042646ee38dbfc06687481ac7

Only seeing this denial in permissive:
allow shell screencap_exec:file getattr;

Bug: 37565047
Test: adb shell screencap w/o root
Test: cts-tradefed run cts-dev --module CtsAadbHostTestCases
Merged-In: I9f31d2067e002e7042646ee38dbfc06687481ac7
Change-Id: I9f31d2067e002e7042646ee38dbfc06687481ac7

am: 751a627c

Change-Id: I13c3fc66e68d36038d7eb3370bfdc396caf65293

am: 530e168c

Change-Id: If5108a28adc67a8f951b1429febf82080d15bdd9

am: 94e2a921

Change-Id: I3cb9bd4305fe3f6d720f757a232d4bb38de98895

Add /dev/kmsg_debug on userdebug devices, to allow crash_dump to log
crashes to dmesg when logd isn't up yet (or is the one crashing).

Bug: http://b/36574794
Test: stop tombstoned; crasher; dmesg
Change-Id: I6ffe11bc613e88198893e82712719522b74fe1be

am: 25d4a090

Change-Id: I4e9bd171ca88b955d3ae2a7217336a9fa2b103fe

am: 881fe06f

Change-Id: I0868a42de485ac8d94c19f1d6082d12928ed8047

am: 7a463809

Change-Id: Iba80938afccd21f0c3b69626223b35c672358e77

Android uses hidepid=2 to restrict visibility to other /proc entries on
the system. This helps preserve user, application, and system
confidentiality by preventing unauthorized access to application metadata,
and addresses attacks such as
http://www.cs.ucr.edu/~zhiyunq/pub/sec14_android_activity_inference.pdf

Ensure the SELinux (weaker) equivalent is being enforced by adding
neverallow compile time assertions.

TODO: The "shell" user runs as both an Android application, as well as
spawned via adb shell. This was a mistake. We should separate out the
"shell" Android app into it's own SELinux domain. For now, exclude the
shell from this assertion. (The shell Android app is covered by
hidepid=2, so there's no leaking of data, but still, it's over
privileged today and should be cleaned up.

Bug: 23310674
Test: policy compiles. Compile time assertion only.
Change-Id: I0e1a6506b2719aabf7eb8127f046c4ada947ba90

am: 20ad01ed

Change-Id: Id37b20e463c26e603f950a5439db221cc08b6e9a

am: 508db351

Change-Id: I123d86d49b0f17d74d7108f101720101254ea810