am: 98c3f997

* commit '98c3f997':
  Further restrict access to tun_device

Remove bluetooth's access to tun_device. Auditallow rule demonstrates
that it's not used.

Strengthen the neverallow on opening tun_device to include all Apps.

Bug: 24744295
Change-Id: Iba85ba016b1e24c6c12d5b33e46fe8232908aac1

am: 6fa6bdb6

* commit '6fa6bdb6':
  Support fine grain read access control for properties

Properties are now broken up from a single /dev/__properties__ file into
multiple files, one per property label.  This commit provides the
mechanism to control read access to each of these files and therefore
sets of properties.

This allows full access for all domains to each of these new property
files to match the current permissions of /dev/__properties__.  Future
commits will restrict the access.

Bug: 21852512

Change-Id: Ie9e43968acc7ac3b88e354a0bdfac75b8a710094

am: ad22e867

* commit 'ad22e867':
  shell.te: allow pulling the currently running SELinux policy

Allow pulling the currently running SELinux policy for CTS.

Change-Id: I82ec03724a8e5773b3b693c4f39cc7b5c3ae4516

am: 1d58b2fd

* commit '1d58b2fd':
  Allow priv_apps to stat files on the system partition

Allows safetynet to scan the system partition which is made up of
files labeled system_file (already allowed) and/or files with the
exec_type attribute.

Bug: 25821333
Change-Id: I9c1c9c11bc568138aa115ba83238ce7475fbc5e4

am: a0757c4d

* commit 'a0757c4d':
  bootanim: Remove domain_deprecated

Remove domain_deprecated from bootanim. This removes some unnecessarily
permissive rules.

As part of this, re-allow access to cgroups, proc and sysfs, removed as
a result of removing domain_deprecated.

Bug: 25433265
Change-Id: I58658712666c719c8f5a39fe2076c4f6d166616c

am: 15a1e0d4

* commit '15a1e0d4':
  Explicitly added permissions that were previously granted through domain_deprecated.

domain_deprecated.

BUG: 25965160
Change-Id: I586d082ef5fe49079cb0c4056f8e7b34fae48c03

am: 4367cf2d

* commit '4367cf2d':
  mdnsd: Remove domain_deprecated

Remove domain_deprecated from mdnsd. This removes some unnecessarily
permissive rules from mdnsd.

As part of this, re-allow /proc/net access, which is removed as
a result of removing domain_deprecated.

Bug: 25433265
Change-Id: Ie1cf27179ac2e9170cf4cd418aea3256b9534603

am: 8ff6a86d

* commit '8ff6a86d':
  Add permissions back to app / shell domains

Allow directory reads to allow tab completion in rootfs to work.

"pm" is crashing due to failure to access /data/dalvik-cache. Add
back in the permissions from domain_deprecated.

Allow /sdcard to work again.

Bug: 25954400
Change-Id: I48cfa92fabfa47ed3007a63b85284659ba94ea73

am: d618eb6f

* commit 'd618eb6f':
  Allow appdomains to write on cgroup so it can start threads.

Addresses the following denial:

  avc: denied { write } for path="/dev/cpuctl/bg_non_interactive/tasks" dev="cgroup" ino=716 scontext=u:r:shell:s0 tcontext=u:object_r:cgroup:s0 tclass=file permissive=0

which started occurring because of https://android-review.googlesource.com/184260

Bug: 25945485
Change-Id: I6dcfb4bcfc473478e01e0e4690abf84c24128045

am: 8ca19368

* commit '8ca19368':
  Remove domain_deprecated from adbd and shell

The extra permissions are not needed. Delete them.

This change also adds read permission for /data/misc/zoneinfo
back to all domains. libc refernces this directory for timezone
related files, and it feels dangerous and of little value to
try to restrict access. In particular, this causes problems when the
shell user attempts to run "ls -la" to show file time stamps in
the correct timezone.

Bug: 25433265
Change-Id: I666bb460e440515151e3bf46fe2e0ac0e7c99f46

am: 9a3d1c6b

* commit '9a3d1c6b':
  Perms back to domain

allow reading symlinks in /data and getattr in /system

Change-Id: I8cc9ca056725cf10ebfeef474ebf9c80c5300a73

am: 9b2b4472

* commit '9b2b4472':
  Add bspatch to update_engine_exec.

am: cb835a28

* commit 'cb835a28':
  Add auditallow for bluetoothdomain rules

Let's see if it's safe to get rid of them.

Bug: 25768265
Bug: 25767747
Change-Id: Iaf022b4dafe1cc9eab871c8d7ec5afd3cf20bf96

This allow bspatch to have same perssion as update_engine.

Also added a rule to allow update_engine to execute bspatch.

Bug: 24478450
Test: No more permission deny during delta update.

Change-Id: If94bc703b2f3fc32f901f0d7f300934316d4e9a4

am: 4fd21606

* commit '4fd21606':
  system_server: allow restorecon /data/system/users/0/fpdata

Addresses the following denial:

  avc: denied { relabelfrom } for pid=9971 comm="system_server" name="fpdata" dev="dm-0" ino=678683 scontext=u:r:system_server:s0 tcontext=u:object_r:system_data_file:s0 tclass=dir permissive=0

Bug: 25801240
Change-Id: I043f48f410505acaee4bb97446945316f656a210

am: aef68b77

* commit 'aef68b77':
  Move some perms back to domain

libselinux stats selinuxfs, as does every process that links against
libselinux such as toolbox. grant:
   allow domain selinuxfs:filesystem getattr;

domain is already granted:
   allow domain self:dir r_dir_perms;
   allow domain self:lnk_file r_file_perms;
   allow domain self:{ fifo_file file } rw_file_perms;
To make these possible, also grant:
   allow domain proc:dir search;

Change-Id: Ife6cfa2124c9d61bf908ac89a8444676acdb4259

am: 29a1e43e

* commit '29a1e43e':
  grant country_detector_service app_api_service attribute

All apps should have access to the country_detector service.

avc:  denied  { find } for service=country_detector pid=1802 uid=1010002 scontext=u:r:untrusted_app:s0:c522,c768 tcontext=u:object_r:country_detector_service:s0 tclass=service_manager

Bug: 25766732
Change-Id: Ie3f1a801114030dada7ad70c715a62907a2d264f

am: 85dcd53b

* commit '85dcd53b':
  Move bluetoothdomain rules into their own file.

Don't mix bluetooth rules with bluetoothdomain. The bluetoothdomain
rules are used by several other SELinux domains, not just bluetooth,
and keeping them in the same file is confusing.

Change-Id: I487251ab1c1392467a39c7a87328cdaf802fc1f8