Add rule to address dir search violation for video_device

bug:27115708
Change-Id: I14bad283af1ddda725e41d0100a09e6066519846

Large numbers of denials have been collected.  Remove from logging until
further action is taken to address existing denials and remove sysfs
access from additional appdomains.

(cherry-pick from commit: 0b80f4dc)

Change-Id: I11b9b159702fb2d50d4352f9cd8b68503d07222a

Remove the .data=NULL assignments that were pushing the
static keymap mapping horizontal.

(cherry picked from commit 29adea51)

Change-Id: I2e6e78930ac8d1d8b9bd61d9dedb59f4859ea13c
Signed-off-by: William Roberts <william.c.roberts@intel.com>

Data type tracking is no longer needed now that per
key validation routines are supported.

(cherry picked from commit c92dae98)

Change-Id: I2f1d0d5b1713e0477996479b0f279a58f43f15c7
Signed-off-by: William Roberts <william.c.roberts@intel.com>

Input validation was hard-coded into a validation routine
that would check against type and key names in a scattered,
order dependent conditional code block.

This makes it harder than it should be to add new key value
pairs and types into checkseapp.

To correct this, we add a validation callback into the
static mapping. If the validation callback is set, the
existing validation routine will call this for input
validation. On failure, a validation specific error message
is returned to be displayed.

(cherry picked from commit 696a66ba)

Change-Id: I92cf1cdf4ddbcfae19168b621f47169a3cf551ac
Signed-off-by: William Roberts <william.c.roberts@intel.com>

Change the final error message to be consistent with the others.

From:
Error: reading /home/wcrobert/workspace/aosp/external/sepolicy/seapp_contexts, line 82, name domain, value system_server

To:
Error: Reading file: "/home/wcrobert/workspace/aosp/external/sepolicy/seapp_contexts" line: 82 name: "domain" value: "system_server"

(cherry picked from commit efebf97e)

Change-Id: Idf791d28fbba95fbeed8b9ccec9a296eea33afb9
Signed-off-by: William Roberts <william.c.roberts@intel.com>

(cherry picked from commit 25528cf4)

Change-Id: Ic4dc59650ca849b950cb145fedafdf4fc250f009
Signed-off-by: William Roberts <william.c.roberts@intel.com>

Address the following denial from 3rd party voice interaction test:
SELinux : avc:  denied  { find } for service=voiceinteraction pid=30281 uid=10139 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:voiceinteraction_service:s0 tclass=service_manager permissive=0

Bug: 27105570
Change-Id: Ib87d364673cbc883df017bcda7fe1e854a76654f

update_engine needs to access bootctrl_block_device to get and set the slot to boot.
avc: denied { write } for name="mmcblk0boot1" dev="tmpfs" ino=1266 scontext=u:r:update_engine:s0 tcontext=u:object_r:bootctrl_block_device:s0 tclass=blk_file
avc: denied { open } for path="/dev/block/mmcblk0boot1" dev="tmpfs" ino=1266 scontext=u:r:update_engine:s0 tcontext=u:object_r:bootctrl_block_device:s0 tclass=blk_file

Also track the name change of the native binder service.
avc:  denied  { add } for service=android.os.UpdateEngineService pid=210 uid=0 scontext=u:r:update_engine:s0 tcontext=u:object_r:default_android_service:s0 tclass=service_manager

Bug: 27106053
Change-Id: Idbfef18578489db33fead0721e8f26d63db5ce09
(cherry picked from commit 3ec34ceb)

The zygote is reponsible for moving ART A/B OTA artifacts over to
the regular dalvik-cache.

Bug: 25612095
Change-Id: I838d9ec6ee5a0f0af5f379a4696abda69cea51ca

Bug: 22775369

Change-Id: Ic6abe3d0e18ba6f7554d027e0ec05fd19011709b

untrusted_apps could be allowed to create/unlink files in world
accessible /data locations. These applications could create
files in a way that would need cap dac_override to remove from
the system when they are uninstalled and/or leave orphaned
data behind.

Keep untrusted_app file creation to sandbox, sdcard and media
locations.

Signed-off-by: William Roberts <william.c.roberts@intel.com>

(cherry picked from commit bd0768cc)

Change-Id: Ideb275f696606882d8a5d8fdedb48545a34de887

am: 52719ea5

* commit '52719ea5':
  Add SELinux label for app fuse.

am: e3965aa2

* commit 'e3965aa2':
  Add SELinux label for app fuse.

Change-Id: I5863c56a53419d2327ab62a7189034711cda7fcc

am: eb3480b7

* commit 'eb3480b7':
  Allow domain to read proc dirs.

am: 8f611b6e

* commit '8f611b6e':
  Replace "neverallow domain" by "neverallow *"

am: abf31acb

* commit 'abf31acb':
  Allow domain to read proc dirs.

Ability to read all of proc was placed in domain_deprecated with the
intention of reducing information leaking from proc.  Many processes try
to read proc dirs, though.  Allow this with the belief that information
leakage is from the proc files themselves rather than dir structure.

Address the following denial:
avc: denied { read } for name="/" dev="proc" ino=1 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:proc:s0 tclass=dir permissive=0

Bug: 26833472
Change-Id: I975ae022c093e1cf80de21487dc11e49f938e5a3

am: 35a14514

* commit '35a14514':
  Replace "neverallow domain" by "neverallow *"

Modify many "neverallow domain" rules to be "neverallow *" rules
instead. This will catch more SELinux policy bugs where a label
is assigned an irrelevant rule, as well as catch situations where
a domain attribute is not assigned to a process.

Change-Id: I5b83a2504c13b384f9dff616a70ca733b648ccdf

Change-Id: I0cfc604676dc67701fdd5cdd1c143974d7200d07

The labels for filesystem and files are assigned by vold with using
context= mount option.

Change-Id: I8a9d701a46a333093a27107fc3c52b17a2af1a94

Add permissions to dex2oat, introduce otapreopt binary and otadexopt
service.

Bug: 25612095
Change-Id: I80fcba2785e80b2931d7d82bb07474f6cd0099f7

Currently vdc emits logs to stderr, which makes sense for command
line invocations, but when exec'ed they're silently dropped unless
the caller uses logwrapper.

avc: denied { read write } for path="/dev/pts/2" dev="devpts" ino=5 scontext=u:r:vdc:s0 tcontext=u:object_r:devpts:s0 tclass=chr_file permissive=0

Bug: 25796509
Change-Id: Ib92e0a7f580b1934a9853a83684f95b24bdc355c

am: 47f95192

* commit '47f95192':
  persist.mmc.* only set in init

am: d1435604

* commit 'd1435604':
  persist.mmc.* only set in init

Bug: 26976972
Change-Id: I0e44bfc6774807a3bd2ba05637a432675d855118

am: f9065c89

* commit 'f9065c89':
  Fix SELinux warning when passing fuse FD from system server.

am: 4c42a0dc

* commit '4c42a0dc':
  Fix SELinux warning when passing fuse FD from system server.