1) fc_sort is not needed as there is no reason to sort system
   properties, so this is removed and replaced with a simply copy
2) Use the new property_info_checker instead of checkfc for
   validating property information.  This supports exact match
   properties and will be extended to verify property schemas in the
   future.

Bug: 36001741
Test: verify bullhead's property contexts correct
Test: verify faulty property contexts result in failures
Change-Id: Id9bbf401f385206e6907449a510e3111424ce59e

This reverts commit 8b562206.

Reason for revert: broke mac build

b/70273082

FAILED: out/target/product/generic_x86/obj/ETC/vendor_sepolicy.cil_intermediates/vendor_sepolicy.cil
/bin/bash -c "(out/host/darwin-x86/bin/version_policy -b out/target/product/generic_x86/obj/FAKE/selinux_policy_intermediates/plat_pub_policy.cil -t out/target/product/generic_x86/obj/ETC/vendor_sepolicy.cil_intermediates/vendor_policy_raw.cil -n 10000.0 -o out/target/product/generic_x86/obj/ETC/vendor_sepolicy.cil_intermediates/vendor_sepolicy.cil.tmp ) && (grep -Fxv -f out/target/product/generic_x86/obj/ETC/plat_pub_versioned.cil_intermediates/plat_pub_versioned.cil out/target/product/generic_x86/obj/ETC/vendor_sepolicy.cil_intermediates/vendor_sepolicy.cil.tmp > out/target/product/generic_x86/obj/ETC/vendor_sepolicy.cil_intermediates/vendor_sepolicy.cil ) && (out/host/darwin-x86/bin/secilc -m -M true -G -N -c 30 		out/target/product/generic_x86/obj/ETC/plat_sepolicy.cil_intermediates/plat_sepolicy.cil out/target/product/generic_x86/obj/ETC/plat_pub_versioned.cil_intermediates/plat_pub_versioned.cil out/target/product/generic_x86/obj/ETC/10000.0.cil_intermediates/10000.0.cil out/target/product/generic_x86/obj/ETC/vendor_sepolicy.cil_intermediates/vendor_sepolicy.cil -o /dev/null -f /dev/null )"
Parsing out/target/product/generic_x86/obj/FAKE/selinux_policy_intermediates/plat_pub_policy.cil
Parsing out/target/product/generic_x86/obj/ETC/vendor_sepolicy.cil_intermediates/vendor_policy_raw.cil
grep: out of memory

Change-Id: I14f0801fdd6b9be28e53dfcc0f352b844005db59

This change renames the non-platform sepolicy files on a DUT from
nonplat_* to vendor_*.

It also splits the versioned platform sepolicy from vendor_sepolicy.cil
to a new file /vendor/etc/selinux/plat_pub_versioned.cil. And only keeps
vendor customizations in vendor_sepolicy.cil.

Build variable BOARD_SEPOLICY_DIRS is also renamed to
BOARD_VENDOR_SEPOLICY_DIRS.

Bug: 64240127
Test: boot an existing device
Change-Id: I53a9715b2f9ddccd214f4cf9ef081ac426721612

Unconditionally compile treble_sepolicy_tests. Make compat
files conditional on running the compat tests.

Bug: 37008075
Test: build
Change-Id: Ib3aee6e93d285ca141803a13958fbcb38b891b68

PRODUCT_FULL_TREBLE is being broken up into smaller,
more manageable components.

Bug: 62019611
Test: manual
Change-Id: I9b65f120851d9ea134a0059a417f0282777717fc

This file is necessary for using an mr1 system image in conjunction
with an oc-dev vendor image.  This is currently needed by GSI testing,
for example.

(cherry-pick of commit: 03596f28)

Bug: 66358348
Test: File is included on system image.
Change-Id: Ie694061d08acf17453feb596480e42974f8c714c

Allows partners to add a new attribute definition to their public
policy without causing a compatibility failure with the AOSP system
image.

Bug: 67092827
Bug: 37915794
Test: build and boot aosp_sailfish with new type declared in public
    policy

Change-Id: I015c26fa7c399423e8a6e7079b5689007d031479

FAILED:
out/target/product/sailfish/obj/ETC/treble_sepolicy_tests_intermediates/treble_sepolicy_tests
Error: library-path out/host/darwin-x86/lib64/libsepolwrap.so
does not exist

Note, fixing here instead of reverting to avoid reverting
changes in CTS.

Test: ctate testing on Mac
Change-Id: I95f483b152d9bece1a16267cbc49eedb1f902990

Bug: 37008075
Test: build, all tests pass. Modify some attributes locally to
    cause tests to fail (verify that they are actually working).
Change-Id: If9f9ece61dff835f38ef9c8a57f5a7baddbae5cd

This is a necessary for enforcing these tests in CTS.

Bug: 37008075
Test: build
Change-Id: I36b4ce71c26a0ba01cd0289fe363f0a9f7db1214
(cherry picked from commit 8d614b3f)

This reverts commit f9cd76b1.

Change-Id: I4f753f3159b422fbca94be78e620bee2c39de38a

Bug: 67018095
Test: None. Relying on treehugger.
Change-Id: I68221183cf56b666c81f224a533b56a0761f8c15

This file is necessary for using an mr1 system image in conjunction
with an oc-dev vendor image.  This is currently needed by GSI testing,
for example.

(cherry-pick of commit: 03596f28)

Bug: 66358348
Test: File is included on system image.
Change-Id: I3a6b7ed5edf1c07941bbf835e70f2ae8d03fee25

This file is necessary for using an mr1 system image in conjunction
with an oc-dev vendor image.  This is currently needed by GSI testing,
for example.

Bug: 66358348
Test: File is included on system image.
Change-Id: I3a6b7ed5edf1c07941bbf835e70f2ae8d03fee25

Bug: 37916906
Test: Builds 'n' boots.
Change-Id: Ia1d86264446ebecc1ca79f32f11354921bc77668
Merged-In: I208ec6a864127a059fb389417a9c6b259d7474cb

sort respects locale settings, so the value of LC_ALL can affect
how sort orders things. This can cause labeling issues.

More information on locale and sort can be found via:
  * locale(1) - man 1 locale
  * sort(1) - man 1 sort
  * https://debbugs.gnu.org/cgi/bugreport.cgi?bug=28539



Rather than deal with this locale setting use fc_sort on
property contexts. This also has the side-effect of
stripping comments, and thus sed can be dropped.

Test: This was tested by:
  * comparing outputs to previous runs
  * compile tested *only*.

Change-Id: I1e1eb4dff76f717b5f82f697e677a108abb69892
Signed-off-by: William Roberts <william.c.roberts@intel.com>

sort respects locale settings, so the value of LC_ALL can affect
how sort orders things. Issues have surfaced when CTS build
servers locale differs from image build server locale. And thus
the prologue of property_contexts differs with what CTS was
expecting.

More information on locale and sort can be found via:
  * locale(1) - man 1 locale
  * sort(1) - man 1 sort
  * https://debbugs.gnu.org/cgi/bugreport.cgi?bug=28539



Rather than deal with this locale setting use fc_sort on
property contexts. This also has the side-effect of
stripping comments, and thus sed can be dropped.

Test: This was tested by:
  * comparing outputs to previous runs
  * booting the x86-64 emulator

Change-Id: I144ef549cc11d9c61849ffc0e1b1b000f1b8d1a8
Signed-off-by: William Roberts <william.c.roberts@intel.com>

Bug: 37916906
Test: Builds 'n' boots.
Change-Id: Ia1d86264446ebecc1ca79f32f11354921bc77668
Merged-In: I208ec6a864127a059fb389417a9c6b259d7474cb

Fixes: 65263013
Test: build
Merged-In: I0ec412481c5990927fcbee7c4303bee2da876210
Change-Id: I0ec412481c5990927fcbee7c4303bee2da876210
(cherry picked from commit 5c5e79cd)

Fixes: 65263013
Test: build
Merged-In: I0ec412481c5990927fcbee7c4303bee2da876210
Change-Id: I0a5b9a80e988fcd16a29807ed83b2c65bba9000f

On full Treble devices, servicemanager should only host services
served from processes on /system; nonplat_service_contexts
should not be created at all in this case.

Bug: 36866029
Test: Build marlin and make sure nonplat_service_contexts is not
      created.

Change-Id: Id02c314abbb98fc69884198779488c52231d22c3
Merged-In: Id02c314abbb98fc69884198779488c52231d22c3

Bug: 36899958
Test: Builds 'n' boots.
Change-Id: I5836a18f9d0a9a976dda7304045e3b9e1e84565e
Merged-In: I5836a18f9d0a9a976dda7304045e3b9e1e84565e
(cherry picked from commit c0713e86)

Bug: 64982450
Test: manual
Change-Id: Ic5d25b8a12271e5bfa71e30843a36fb643b914ff

Some selinux build packages are defined in embedded.mk,
others are defined in system/sepolicy/Android.mk. Move all
to sepolicy as a dependency of the phony package selinux_policy
which is defined in embedded.mk.

Test: build Marlin (Treble) and Angler (non-Treble)
Merged-In: Ib0443ad3da600447fbb51f2e9f91de04dcf5f9f6
Change-Id: Ib0443ad3da600447fbb51f2e9f91de04dcf5f9f6

The treble compatibility tests check for policy differences between old
and new policy.  To do this correctly, we must not modify the policy which
represents the older policies.  Move the files meant to be changed to a
different location from the ones that are not meant to be touched to avoid
any undesired changes to old policy, e.g. commit:
2bdefd65078d890889672938c6f0d2accdd25bc5

Bug: 36899958
Test: Build-time tests build.
Change-Id: I8fa3947cfae756f37556fb34e1654382e2e48372

Add support to the treble_sepolicy_tests suite that explicitly look at
the old and current policy versions, as well as the compatibility file,
to determine if any new types have been added without a compatibility
entry.  This first test catches the most common and likely changes that
could change the type label of an object for which vendor policy may have
needed access.  It also should prove the basis for additional compatibility
checks between old and new policies.

Bug: 36899958
Test: Policy builds and tests pass.
Change-Id: I609c913e6354eb10a04cc1a029ddd9fa0e592a4c

Bug: 36899958
Test: Builds 'n' boots.
Change-Id: I5836a18f9d0a9a976dda7304045e3b9e1e84565e

Platform SELinux policy may be updated without a corresponding
update to non-platform policy.  This is meant to be accomplished by
maintaining a compatibility mapping file which will be built along
with the current platform policy to link older non-platform policy.

Introduce an example vendor policy built from 26.0 public policy and
make sure that the current platform policy and mapping file, for that
version, build with it.  Add this as a dependency for the
selinux_treble_tests, which are meant to ensure treble properties,
ultimately to provide this compatibility guarantee.

Bug: 36899958
Test: Current platform policy builds with oc-dev vendor policy and
oc-dev mapping file.  Removed private type with no effect.  Removed
public type without corresponding mapping entry causes build to fail.

Change-Id: I7994ed651352e2da632fc91e598f819b64c05753

ASAN makes use of shenanigans that violate our policy best-practices.
This is by design.  Exempt them from these tests to get it building
again.

Bug: 37740897
Test: Builds with ASAN enabled.
Change-Id: Iffde28c2741466da5862b2dfe1fffa2c0d93caeb

This will prevent us from breaking our own neverallow rules
in the platform sepolicy regardless of vendor policy adding
exceptions to the neverallow rules using "*_violators" attributes

Bug: 62616897
Bug: 62343727

Test: Build policy for sailfish
Test: Build policy with radio to rild socket rule enabled for all
      and ensure the build fails

Change-Id: Ic66ec3e10c76a7c9a17669e0d3deb3a1c7b00809
Signed-off-by: Sandeep Patil <sspatil@google.com>

Test that:
- File types on /sys have attr sysfs_type
- File types on /sys/kernel/debug have attr debugfs_type
- File types on /data have attr data_file_type

Test: build policy
Change-Id: Ie4f1f1c7e5345da0999082962f084fdac6b85428

[    7.674739] selinux: selinux_android_file_context: Error getting
file context handle (No such file or directory)

Bug: 62564629
Test: build and flash marlin. Successfully switch between regular
    and recovery modes

Change-Id: I0f871f8842d95322c844fb7b13ad1b4b42578e35

This change is primarily to fix CTS which checks file ordering of
file_contexts. Having two separate means of loading file_contexts
has resulted in ordering variations.

Previously the binary file_contexts was preferred since it
loaded faster. However with the move to libpcre2, there is no
difference in loading time between text and binary file_contexts.
This leaves us with build system complexity with no benefit.
Thus removing this unnecessary difference between devices.

Bug: 38502071
Test: build and boot non-Treble Bullhead, run CTS tests below
Test: build and boot Treble Marlin, run CTS tests below
Test: cts-tradefed run singleCommand cts --skip-device-info \
    --skip-preconditions --skip-connectivity-check --abi arm64-v8a \
    --module CtsSecurityHostTestCases \
    -t android.security.cts.SELinuxHostTest#testAospFileContexts
Test: cts-tradefed run singleCommand cts --skip-device-info \
    --skip-preconditions --skip-connectivity-check --abi arm64-v8a \
    --module CtsSecurityHostTestCases \
    -t android.security.cts.SELinuxHostTest#testValidFileContexts
Change-Id: I088b3aeafaaab320f6658feb058a1fb89cbb65e1

This change is primarily to fix CTS which checks file ordering of
file_contexts. Having two separate means of loading file_contexts
has resulted in ordering variations.

Previously the binary file_contexts was preferred since it
loaded faster. However with the move to libpcre2, there is no
difference in loading time between text and binary file_contexts.
This leaves us with build system complexity with no benefit.
Thus removing this unnecessary difference between devices.

Bug: 38502071
Test: build and boot non-Treble Bullhead, run CTS tests below
Test: build and boot Treble Marlin, run CTS tests below
Test: cts-tradefed run singleCommand cts --skip-device-info \
    --skip-preconditions --skip-connectivity-check --abi arm64-v8a \
    --module CtsSecurityHostTestCases \
    -t android.security.cts.SELinuxHostTest#testAospFileContexts
Test: cts-tradefed run singleCommand cts --skip-device-info \
    --skip-preconditions --skip-connectivity-check --abi arm64-v8a \
    --module CtsSecurityHostTestCases \
    -t android.security.cts.SELinuxHostTest#testValidFileContexts
Change-Id: I088b3aeafaaab320f6658feb058a1fb89cbb65e1

checkseapp does not expect filenames before the appearance of neverallow
rules against which to check.  They had previously been hidden by default
because they were only gathered from one file, but with the addition of
the BOARD_PLAT_[PUBLIC|PRIVATE]_SEPOLICY_DIRS to allow for /system policy
extensions, this may change.

Bug: 36467375
Bug: 62357603
Test: Builds with seapp_contexts extension.
Change-Id: I270bd60ae368aa3c082299d57c4bf12936ac2073

Bug: 37008075
Test: build policy on Marlin
Change-Id: I53748f94c5df66fa17a53e7d0bed1be6b8603544
(cherry picked from commit e1ddc6df)

Bug: 37008075
Test: build policy on Marlin
Change-Id: I53748f94c5df66fa17a53e7d0bed1be6b8603544

These directories were added to allow for partner extensions to the
android framework without needing to add changes to the AOSP global
sepolicy.  There should only ever be one owner of the framework and
corresponding updates, so enforce this restriction to prevent
accidental accrual of policy in the system image.

Bug: 36467375
Test: Add public and private files to policy and verify that they are
added to the appropriate policy files.  Also test that specifying
multiple directories for public or private results in an error.

Change-Id: I397ca4e7d6c8233d1aefb2a23e7b44315052678f
Merged-In: I397ca4e7d6c8233d1aefb2a23e7b44315052678f
(cherry picked from commit 1633da06)

Add new build variables for partner customization (additions) to platform sepolicy.
This allows partners to add their own policy without having to touch the AOSP sepolicy
directories and potentially disrupting compatibility with an AOSP system image.

Bug: 36467375
Test: Add public and private files to sailfish policy and verify that they are
added to the appropriate policy files, but that the policy is otherwise identical.
Also add private/mapping/*.cil files in both locations and change the BOARD_SEPOLICY_VERS
to trigger use of prebuilt mapping files and verify that they are appropriately
combined and built in policy.

Change-Id: I38efe2248520804a123603bb050bba75563fe45c
Merged-In: I38efe2248520804a123603bb050bba75563fe45c
(cherry picked from commit f893700c)

These directories were added to allow for partner extensions to the
android framework without needing to add changes to the AOSP global
sepolicy.  There should only ever be one owner of the framework and
corresponding updates, so enforce this restriction to prevent
accidental accrual of policy in the system image.

Bug: 36467375
Test: Add public and private files to policy and verify that they are
added to the appropriate policy files.  Also test that specifying
multiple directories for public or private results in an error.

Change-Id: I397ca4e7d6c8233d1aefb2a23e7b44315052678f