This reverts commit c147b592.

The new domain changed neverallows, breaking CTS compatability.
Revert the domain now, with the intention to re-add for the next
release.

Bug: 62102757
Test: domain is set to priv_app
Change-Id: I907ff7c513cd642a306e3eaed3937352ced90005

Allow run-as to read/write unix_stream_sockets created by adbd. am: 1847a38b am: 23946193 am: 96df849f
am: 690ab198

Change-Id: I7e3c27dad722e2bd208281d74c475a39f91b04dc

am: 96df849f

Change-Id: I631667710b2998361b0e2db3f13f5fb7d2582420

am: 23946193

Change-Id: I0bfb94d859467848ce54e1b7e7581f543331c640

am: 1847a38b

Change-Id: I8c8351da5f2c41a284a6c6aa05e268f209242e00

Copy the final system sepolicy from oc-dev to its prebuilt dir
corresponding to its version (26.0) so that we can uprev policy and
start maintaining compatibility files, as well as use it for CTS
tests targeting future platforms.

Bug: 37896931
Test: none, this just copies the old policy.
Change-Id: Ib069d505e42595c467e5d1164fb16fcb0286ab93

am: c6ba60d8

Change-Id: I1a091cb4715577db620ec5e0b3e3dabfcd15ee6a

am: e546e81b

Change-Id: Iac0bb7ca4994a7921049881f94e767b34851052e

checkseapp does not expect filenames before the appearance of neverallow
rules against which to check.  They had previously been hidden by default
because they were only gathered from one file, but with the addition of
the BOARD_PLAT_[PUBLIC|PRIVATE]_SEPOLICY_DIRS to allow for /system policy
extensions, this may change.

Bug: 36467375
Bug: 62357603
Test: Builds with seapp_contexts extension.
Change-Id: I270bd60ae368aa3c082299d57c4bf12936ac2073

On Marlin ~120 ms of time is spent relabeling /sys/devices/system/cpu
every time we come out of suspend. Moving from file_contexts to
genfs_contexts as the labeling mechanism knocks this down to ~3 ms.

Bug: 32938130
Test: build and boot Marlin. Verify that files in
    /sys/devices/system/cpu have the proper label before and after
    suspend.

Change-Id: Ie71ea7e3dd5df250cabe4ba9600afbf67e69f720

am: e3aad5ed  -s ours

Change-Id: I00c4e09c718b06df5a47b3af7093d0dc01d292b6

am: 715955b7  -s ours

Change-Id: Idaf2e285bc60707aaa1141d9c141146e37c2526f

am: c85b8596  -s ours

Change-Id: I32f3b92444637ac4f62b53bc7b66daa64c6bd7dd

am: 0a53f1d4

Change-Id: I15df35ef6ab490530d20bfca4cab168607b72668

am: 8ae0bd62  -s ours

Change-Id: I53305cfdaa523542b6795bd1c31c7eaa6e3b91af

am: 1fc0682e

Change-Id: I5f6adf8043686e1dbc5327b6845d710e6f673256

am: e41af203

Change-Id: I586cf07d87339f83d66919871d1531e9b8d79c4e

am: bdfc0301

Change-Id: Ifafca851d39158cff053f4205583dd22f89070c8

This is to Allow commands like `adb shell run-as ...`.

Bug: http://b/62358246
Test: run commands manually.
Change-Id: I7bb6c79a6e27ff1224a80c6ddeffb7f27f492bb2

am: dde38d9b

Change-Id: I8ad39a6ba69fa936f6522e29820127adc80798d5

am: 9ff58c84

Change-Id: If0bc8e741af7cade57c76020db89516c1da69728

am: 7b19b081

Change-Id: I49de01eac93ff0f4c7a334cb899aa7ba75e275fa

am: 7aa08523

Change-Id: I9fcf646602327f1c54d28c3fabf19741a6b72ef4

It appears that selinux requires the write permission to receive
a writable pipe from dumpstate, for unclear reasons. Add the permission
for now.

Bug: http://b/62297059
Test: dumpstate
Merged-In: I0f25682177115aacd5c2203ddc0008228b0380ad
Change-Id: I0f25682177115aacd5c2203ddc0008228b0380ad
(cherry picked from commit 7aa08523)

On Marlin ~120 ms of time is spent relabeling /sys/devices/system/cpu
every time we come out of suspend. Moving from file_contexts to
genfs_contexts as the labeling mechanism knocks this down to ~3 ms.

Bug: 32938130
Test: build and boot Marlin. Verify that files in
    /sys/devices/system/cpu have the proper label before and after
    suspend.

Change-Id: Ie71ea7e3dd5df250cabe4ba9600afbf67e69f720

It appears that selinux requires the write permission to receive
a writable pipe from dumpstate, for unclear reasons. Add the permission
for now.

Bug: http://b/62297059
Test: dumpstate
Change-Id: I0f25682177115aacd5c2203ddc0008228b0380ad

Bug: 37008075
Test: build policy on Marlin
Change-Id: I53748f94c5df66fa17a53e7d0bed1be6b8603544
(cherry picked from commit e1ddc6df)

modprobe domain was allowed to launch vendor toolbox even if its a
coredomain. That violates the treble separation. Fix that by creating a
separate 'vendor_modprobe' domain that init is allowed to transition to
through vendor_toolbox.

Bug: 37008075
Test: Build and boot sailfish

Change-Id: Ic3331797691bb5d1fdc05a674aa4aa313e1f86b2
Signed-off-by: Sandeep Patil <sspatil@google.com>
(cherry picked from commit 9e366a0e)

With project Treble, we're relying heavily on attributes for
permission inheritance and enforcement of separation between
platform and vendor components.

We neead tests that verify those attributes are correctly applied.
This change adds the framework for those tests including a wrapper
around libsepol for loading and querying policy, and a python module
for running tests on policy and file_contexts.

Included with the testing framework is a test asserting that the
coredomain attribute is only applied to core processes. This
verification is done using the following rules:
1. Domain's entrypoint is on /system - coredomain
2. Domain's entrypoint is on /vendor - not coredomain
3. Domain belongs to a whitelist of known coredomains - coredomain

In a subsequent commit these tests will be applied at build time.
However, I first need to fix existing Treble violations exposed by
this test. These tests will also be applied during CTS.

Test: LD_PRELOAD=$ANDROID_HOST_OUT/lib64/libsepolwrap.so python \
    treble.py -p $OUT/vendor/etc/selinux/precompiled_sepolicy \
    -f $OUT/vendor/etc/selinux/nonplat_file_contexts \
    -f $OUT/system/etc/selinux/plat_file_contexts
Bug: 37008075
Change-Id: I7825f5c2909a5801deaccf2bef2bfd227adb0ae9
(cherry picked from commit 0366afdf)

Consolidate ctypes boilerplate code, and other cleanup.

Change-Id: I06c1d6acc9511f2f6d491c8ca2d4b630fd4120fd
Test: build policy

am: 1b70d896

Change-Id: I9aaf78ffb28b8319e2011400f45f34ef93322cb3

* changes:
  Run Treble sepolicy tests at build time
  Fix coredomain violation for modprobe

am: 7a31444a

Change-Id: I71e33a0923e9f17c35b91172c81612d420a10c0b

am: 05121724

Change-Id: I6c8f336aed4833d6c9f9765a8768bba4b496a40e

am: e77d9eea

Change-Id: I3e4c83d962b1a4c9fbfba83ffd0df5fc8d59c8fc