Change fb889f23 "Force expand all hal_* attributes" annotated all
hal_* attributes to be expanded to their associated types. However
some of these attributes are used in CTS for neverallow checking.
Mark these attributes to be preserved.

In addition, remove the hacky workaround introduced in oc-dev
for b/62658302 where extraneous neverallow rules were introduced
to prevent unused or negated attributes from being auto-expanded
from policy.

Bug: 62658302
Bug: 63135903
Test: cts-tradefed run cts -m CtsSecurityHostTestCases -t \
    android.cts.security.SELinuxNeverallowRulesTest

    armeabi-v7a CtsSecurityHostTestCases completed in 4s.
    501 passed, 0 failed, 0 not executed
Change-Id: I989def70a16f66e7a18bef1191510793fbe9cb8c

The code used to look like this, but in commit
4cae28d4 we replaced the generic
regexes to improve performance.  Now that we've switched to genfs,
this no longer affects performance, so let's simplify the labeling.

Bug: 62413700
Test: Built, flashed, and booted two devices.  Verified that all of
the files have the correct context and that wifi, camera, and traceur
work.

Change-Id: I1a859d17075fa25543ee090cc7a7478391bc45c1

This should slightly improve performance, as file_contexts is slower
than genfs_contexts.

Now that the kernel patch enabling genfs labeling of tracefs has
landed, we can re-enable this.

Bug: 62413700
Test: Built, flashed, and booted two devices.  Verified that all of
the files have the correct context and that wifi, camera, and traceur
work.

Change-Id: Ifc1c6ac634b94e060ed1f311049bd37f6fcc8313

This reverts commit 7e577318.

Commits 7fa51593 and
92fdd895 removed the
tracing_shell_writable and tracing_shell_writable_debug types, and
relabeled the files with debugfs_tracing and debugfs_tracing_debug,
respectively.  Record this in the compatibility file so that vendor
policy using these types will still work.

Bug: 62573845
Test: None. Prebuilt change only.
Change-Id: Ic6573518035514a86abe2081483431427612699e

Commit: abb1ba65 added policy for a
new property, which was not present in O.  This policy introduced a
new type.  Record it as such.

Bug: 62573845
Test: None, prebuilt change only.
Change-Id: I7d90cd69a5e6e29677598cc109676d5b1ce5ba05

Commit: bde5c801 added a new type,
mediaprovider, which is being applied to an object (process) formerly
labeled as priv_app. Add the new type to the versioned attribute for
priv_app so that any vendor policy written for interaction with
mediaprovider continues to work.

Bug: 62573845
Test: None.  Prebuilt-only change.
Change-Id: Id98293369401a2af23c2328a1cb4a5bb2258aac8

Commit: 50889ce0 added policy for a
new service, which was not present in O.  This policy introduced a
new type.  Record it as such.

Bug: 62573845
Test: None, prebuilt change only.
Change-Id: If9cfaff813c47d3b1c8374e8abfb4aedb902d486

Commit: 11bfcc1e added policy for
a new socket which was not present in O.  This socket has a new
type associated with it.  Record the type as a new type so that
compatibility testing will not complain.

Bug: 62573845
Test: None, prebuilt change only.
Change-Id: I375fc9ca0bd201e277a0302d9b34c0da0eb40fbd

Commit 5f573ab2 added policy for
the additions of upstream fs tools.  Make sure the new types are
denoted as such (no object relabeling needs to be done) and that
objects which are relabeled are.

Bug: 35219933
Bug: 62573845
Test: None. Prebuilt change only.
Change-Id: I6515e05ebc60ca08e98029f471cf2861826036fc

am: 46f2dcb1  -s ours

Change-Id: Ide86623fdfb3567df3ca5825a9e5cb5cb9e03b79

am: aa33afc9

Change-Id: I39b6028f7960b13af1fd83cbfa0f7fec4cac1bab

am: b748e652

Change-Id: I4cd3587232e426b2684c77a7cb548b006f6f8647

Test: Policy compiles.
Change-Id: Iaa19c64f6b54423dbfa5ae16d288501ab0e64cbc

am: 5b277641

Change-Id: I01eefcff7299c87e95fa2fb90dd69d7d5c63f40e

am: 6433a09c

Change-Id: I2efd5ff367424b86ea336ad0a4bb56eca368f4f2

am: b41291f5

Change-Id: I8e1151461bdd5a47cc81a9be744a8918bb61560a

am: a6f6295c

Change-Id: I0c54b62288aa73842a9f0dc8fa0f9a5c8e64bc98

Merge "Add SEPolicy for new Java-based Broadcast Radio service." am: 6466092f am: f44267a5 am: 739f7598
am: c6ef555e

Change-Id: Ic93ebe3cc8148eee16334ff57674ed961d00afb5

am: efb5a5ba

Change-Id: Ie2461f25e7ac409837c84d7f467b63d4f23d918f

am: 739f7598

Change-Id: I0e63a008436b860549cdc687276c33df475afa77

am: c8338f26

Change-Id: Id3db0306763ca605dcdf11409f3b591d6ceda312

am: f44267a5

Change-Id: Iea0f7ef8960d89d19451b7a47dc1852155dd3af9

am: 8745ac43

Change-Id: I6816eea55ad110d7aeea43ec3088452b38b7ccc7

avc: granted { search } scontext=u:r:recovery:s0 tcontext=u:object_r:cache_file:s0 tclass=dir
avc: granted { getattr } scontext=u:r:recovery:s0 tcontext=u:object_r:rootfs:s0 tclass=file
avc: granted { read } scontext=u:r:recovery:s0 tcontext=u:object_r:rootfs:s0 tclass=file
avc: granted { read open } scontext=u:r:recovery:s0 tcontext=u:object_r:rootfs:s0 tclass=file
avc: granted { read } scontext=u:r:recovery:s0 tcontext=u:object_r:sysfs:s0 tclass=file
avc: granted { read open } scontext=u:r:recovery:s0 tcontext=u:object_r:sysfs:s0 tclass=file
avc: granted { search } scontext=u:r:recovery:s0 tcontext=u:object_r:tmpfs:s0 tclass=dir

Fixes: 62619253
Test: policy builds, no more "granted" messages in dmesg for recovery.
Merged-In: I3f6d8ceee80307a01a8fd40cb4f8362a9825b1a3
Change-Id: I3f6d8ceee80307a01a8fd40cb4f8362a9825b1a3
(cherry picked from commit ea1d6e7d)

am: 6466092f

Change-Id: I856e01d9d06978dfcaf13fff078430cefbc7a9eb

am: 88e4be54

Change-Id: I064f2becfde44f300ddf9d36802972b35c54e152

When installd clears cached files on external storage, the sdcardfs
kernel filesystem needs to be kept in the loop to release any cached
dentries that it's holding onto.  (Otherwise the underlying disk
space isn't actually released.)

installd can already delete the underlying files directly (via the
media_rw_data_file rules), so this technically isn't expanding its
capabilities.

avc: granted { search } for name="/" dev="tmpfs" ino=6897 scontext=u:r:installd:s0 tcontext=u:object_r:tmpfs:s0 tclass=dir
avc: denied { open } for path="/mnt/runtime/default/emulated/0/Android/data" dev="sdcardfs" ino=589830 scontext=u:r:installd:s0 tcontext=u:object_r:sdcardfs:s0 tclass=dir permissive=1
avc: denied { write } for name="com.google.android.inputmethod.japanese" dev="sdcardfs" ino=590040 scontext=u:r:installd:s0 tcontext=u:object_r:sdcardfs:s0 tclass=dir permissive=0
avc: denied { remove_name } for name="cache_r.m" dev="sdcardfs" ino=589868 scontext=u:r:installd:s0 tcontext=u:object_r:sdcardfs:s0 tclass=dir permissive=0
avc: denied { getattr } for path="/mnt/runtime/default/emulated/0/Android/data/.nomedia" dev="sdcardfs" ino=589831 scontext=u:r:installd:s0 tcontext=u:object_r:sdcardfs:s0 tclass=file permissive=1

Test: cts-tradefed run commandAndExit cts-dev -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.StorageHostTest
Bug: 37486230
Change-Id: Icfd00a9ba379b1f50c48fe85849304cf9859bcb2
(cherry picked from commit 72f4c619)

Logs show that only dumpstate requires access.

avc: granted { read open } for comm="screencap" path="/dev/ion"
dev="tmpfs" ino=14324 scontext=u:r:dumpstate:s0
tcontext=u:object_r:ion_device:s0 tclass=chr_file
avc: granted { ioctl } for comm="screencap" path="/dev/ion" dev="tmpfs"
ino=14324 ioctlcmd=4906 scontext=u:r:dumpstate:s0
tcontext=u:object_r:ion_device:s0 tclass=chr_file

Grant ion permission to dumpstate which uses it for screencap
feature.

Bug: 28760354
Test: build. Check logs.
Change-Id: I6435b7dbf7656669dac5dcfb205cf0aeda93991b

am: 4b7aa909

Change-Id: I222af35247d5fc4d99f2cdeca79f86cd0a815739

am: 685db0b2

Change-Id: I5c4ae29b9623ee04f0409c5f2e4da9fb325a430f

am: 9ce812fb

Change-Id: Ie71e8eb97e3ace63a230fcd70b81961d1a8f4884

am: e39d5c87

Change-Id: Ibdb49f80b11fca40f5c4de7a92780be26b3280eb