(cherry picked from commit d3edd6b5)

Bug: 29278988
Change-Id: I199572377a6b5c33116c718a545159ddcf50df30

* changes:
  fix build: exclude bluetooth from neverallow restriction
  Remove platform_app from neverallow execute from /data
  Rework neverallow for /data execute permission

Bluetooth is sometimes started from init.

Addresses the following compiler error:

  libsepol.report_failure: neverallow on line 489 of
  system/sepolicy/domain.te (or line 9149 of policy.conf) violated by
  allow init bluetooth:process { transition };
  libsepol.check_assertions: 1 neverallow failures occurred
  Error while expanding policy

(cherry-picked from commit 7e380216)

Change-Id: I2bc1e15217892e1ba2a62c9683af0f3c0aa16b86

Apparently some manufacturers sign APKs with the platform key
which use renderscript. Renderscript works by compiling the
.so file, and placing it in the app's home directory, where the
app loads the content.

Drop platform_app from the neverallow restriction to allow partners
to add rules allowing /data execute for this class of apps.

We should revisit this in the future after we have a better
solution for apps which use renderscript.

(cherry picked from commit c55cf17a)

Bug: 29857189
Change-Id: I058a802ad5eb2a67e657b6d759a3ef4e21cbb8cc

Previously appdomains allowed to execute off of /data
where whitelisted. This had the unfortunate side effect of
disallowing the creation of device specific app domains
with fewer permissions than untrusted_app. Instead grant
all apps a neverallow exemption and blacklist specific app
domains that should still abide by the restriction.

This allows devices to add new app domains that need
/data execute permission without conflicting with this rule.

Bug: 26906711

(cherry picked from commit c5266df9)

Change-Id: I4adb58e8c8b35122d6295db58cedaa355cdd3924

No "granted" messages for the removed permissions observed in three
months of log audits.

Bug: 28760354
Change-Id: I7713a9ad9a1604b17119ecad4970e2aa46c15bd0

No "granted" messages for the removed permissions observed in three
months of log audits.

Bug: 28760354
Change-Id: I6bd9525b663a2bdad4f5b2d4a85d3dd46d5fd106

Remove the ioctl permission for most socket types. For others, such as
tcp/udp/rawip/unix_dgram/unix_stream set a default unprivileged whitelist
that individual domains may extend (except where neverallowed like
untrusted_app). Enforce via a neverallowxperm rule.

Change-Id: I15548d830f8eff1fd4d64005c5769ca2be8d4ffe

Grant permissions observed.

Bug: 28760354
Change-Id: Ie63cda709319bbf635ef7bffbba3477c2cccc11b

Fix file diffs.

Change-Id: Iac673c718b49779bba380e75ddd083caf6a2a1c3

Bug: 31364540
Change-Id: I2e11ef4666048c94b4754d50de74d1c526c6933c

(cherry picked from commit 8f40b41e)

bug 24503801

Change-Id: I6cf1afb3982c4da4f5e57188d3e24ac01c4bd416

Bug: 31246864

Change-Id: I8319e632b3be1e558dfc550453b8298914c89064
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>

Bug: 30041228
Test: WiFi tethering, client mode continues to function

Change-Id: I95a583ad4d57642f4731e415abb77732df5289ac
(cherry picked from commit fb5b13ee)

Bug: http://b/29622562
Change-Id: I21bc79f31ffd0b002b4a25d3ceefaf12f42f05c4

Newer kernels apparently introduce a new SELinux label
"netlink_generic_socket".

AOSP is missing some patches for ioctl whitelisting and
it was suggested we add unpriv_socket_ioctls as a stopgap.

Bug: 31226503
Change-Id: Ie4dd499925f74747c0247e5d7ad0de0f673b5ed2

This patch allows mips to boot in enforcing mode.

Change-Id: Ia4676db06adc3ccb20d5f231406cf4ab67317496

am: c8820d04  -s ours

Change-Id: I7a9086cbd781d8e4450564f6c7c1697fd14643f6

am: 3dfef1fd  -s ours

Change-Id: Ia0adf841c0b37647c27fe31b805abcf3cff4d62c

am: fe8d6739  -s ours

Change-Id: I199ff6989c4acceb1878062ce9086ad9da6444b2

(cherry picked from commit 48d68a64)

Remove audit messaged.

Addresses:
avc:  granted  { read } for  pid=1 comm="init" name="cmdline" dev="proc" ino=4026535448 scontext=u:r:kernel:s0 tcontext=u:object_r:proc:s0 tclass=file
avc:  granted  { read open } for  pid=1 comm="init" path="/proc/cmdline" dev="proc" ino=4026535448 scontext=u:r:kernel:s0 tcontext=u:object_r:proc:s0 tclass=file

Bug: 28760354
Change-Id: I48ea01b35c6d1b255995484984ec92203b6083be

(cherry picked from commit 8486f4e6)

Grant observed permissions

Addresses:
init
avc:  granted  { use } for  pid=1 comm="init" path="/sys/fs/selinux/null" dev="selinuxfs" ino=22 scontext=u:r:init:s0 tcontext=u:r:kernel:s0 tclass=fd

mediaextractor
avc: granted { getattr } for pid=582 comm="mediaextractor" path="/proc/meminfo" dev="proc" ino=4026535447 scontext=u:r:mediaextractor:s0 tcontext=u:object_r:proc_meminfo:s0 tclass=file
avc: granted { read } for pid=582 comm="mediaextractor" name="meminfo" dev="proc" ino=4026535447 scontext=u:r:mediaextractor:s0 tcontext=u:object_r:proc_meminfo:s0 tclass=file
avc: granted { read open } for pid=582 comm="mediaextractor" path="/proc/meminfo" dev="proc" ino=4026535447 scontext=u:r:mediaextractor:s0 tcontext=u:object_r:proc_meminfo:s0 tclass=file

uncrypt
avc: granted { getattr } for pid=6750 comm="uncrypt" path="/fstab.angler" dev="rootfs" ino=9809 scontext=u:r:uncrypt:s0 tcontext=u:object_r:rootfs:s0 tclass=file
avc: granted { read } for pid=6750 comm="uncrypt" name="fstab.angler" dev="rootfs" ino=9809 scontext=u:r:uncrypt:s0 tcontext=u:object_r:rootfs:s0 tclass=file
avc: granted { read open } for pid=6750 comm="uncrypt" path="/fstab.angler" dev="rootfs" ino=9809 scontext=u:r:uncrypt:s0 tcontext=u:object_r:rootfs:s0 tclass=file

Bug: 28760354
Change-Id: Ibd51473c55d957aa7375de60da67cdc6504802f9

* changes:
  Allow wificond to drop privileges after startup
  Allow wificond to set interfaces up and down
  Allow wificond to clean up wpa_supplicant state
  Allow wificond to drop signals on hostapd
  Give wificond permission to start/stop init services
  Give hostapd permissions to use its control socket
  Allow wificond to write wifi component config files
  add netlink socket permission for wificond
  SEPolicy to start hostapd via init
  Allow system_server to call wificond via Binder
  Allow wificond to mark interfaces up and down
  Separate permissions to set WiFi related properties
  Define explicit label for wlan sysfs fwpath
  sepolicy: Add permissions for wpa_supplicant binder
  sepolicy: add sepolicy binder support for wificond
  Sepolicy files for wificond

Grant permissions observed.

(cherry picked from commit 9c820a11)

Merged-in: Ifdead51f873eb587556309c48fb84ff1542ae303
Bug: 28760354
Change-Id: Ifdead51f873eb587556309c48fb84ff1542ae303

am: 163c6080

Change-Id: Ia7e00dda7fea4e58c450c50ab7fd5fc709ebaa3e

(cherry picked from commit e8a53dff)

With the breakup of mediaserver, distinguishing between
camera_device and video_device is meaningful. Only grant
cameraserver access to camera_device.

Bug: 28359909
Change-Id: I0ae12f87bac8a5c912f0a693d1d56a8d5af7f3f3

am: 4e6655b5

Change-Id: I13896b6e919f8bd10573aa085bf73998e28f8661

isolated_app can already write to a file. Apps may want to append
instead of write.

Fixes: 30984610
Change-Id: I7a90b3311dcaff597f07930ceea0a23b29b0df2d

am: 47b373af

Change-Id: I58b6e0b40662e3fa5c771300f443d32cc40df3a3

wificond will now change user/group to wifi/wifi after
taking control of a particular path in the sysfs.

Bug: 29870863
Change-Id: I9ccb23f60a66d6850f3969c364288f8850044fed
Test: wificond unit and integration tests pass
(cherry picked from commit 8a04a313)

This is apparently a privileged ioctl.  Being able to do this allows us
to no longer kill hostapd with SIGTERM, since we can cleanup after hard
stops.

Bug: 31023120
Test: wificond unit and integration tests pass

Change-Id: Icdf2469d403f420c742871f54b9fb17432805991
(cherry picked from commit ca7b04ba)

system_server communicates with wpa_supplicant via various control
sockets.  Allow wificond to unlink these sockets after killing
wpa_supplicant.

Bug: 30666540
Change-Id: Ic1419a587f066c36723c24518952025834959535
(cherry picked from commit ba96cd1c)