- Remove dac_read_search as it is no longer required by run-as.
- Introduce a separate type for /dev/tty so that we can allow use of own tty for
for a run-as shell without allowing access to other /dev/tty[0-9]* nodes.
- Allow sigchld notifications for death of run-as and its descendants by adbd.
- Drop redundant rules for executing shell or system commands from untrusted_app;
now covered by rules in app.te.

Change-Id: Ic3bf7bee9eeabf9ad4a20f61fbb142a64bb37c6c

/data/app-private is used when making an
app purchase or forward locking. Provide a
new label for the directory as well as the
tmp files that appear under it.

Change-Id: I910cd1aa63538253e10a8d80268212ad9fc9fca5
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>

Change-Id: I09b4e33b1c9ea201a96d2f07cb74bdb804b5aad2
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

The test gracefully handles unreadable directories, so
we do not need to allow this for all file types.

Change-Id: Ib5f5be7cacc3f0270b72c046200cc3d21f3fc374
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

Change-Id: I448a5553937a98775178b94f289ccb45ae862876
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

Redundant with other rules or not required for untrusted app.

Change-Id: Idb5d50326cc14696423cf133508c0d013c5928a6
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

Change-Id: I54af993bd478d6b8d0462d43950bb1a991131c82
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

Change-Id: I8d46a809c08cd21b0d6c3173998035ab3cc79ada
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

Change-Id: I809738e7de038ad69905a77ea71fda4f25035d09
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

Change-Id: I013e08bcd82a9e2311a958e1c98931f53f6720c9
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

Read access to /dev/log/* is no longer restricted.
Filtering on reads is performed per-uid by the kernel logger driver.

Change-Id: Ia986cbe66b84f3898e858c60f12c7f3d63ac47cf
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

As AOSP does not support the device admin API or the older
SEManager system app, just drop the allow rules associated with
permitting SELinux management via device admin or a system app.

Change-Id: Icdf40c9e6d343b19c156e4c7aea4cfb8c5f234ad
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

Required for If8b8d66120453123c1371ce063b6f20e8b96b6ef .

Change-Id: I98871b957db8b291cbbb827b5eb39b4279ce4194
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

timerirq_device has been removed in favor
of using the existing sensors_device domain.

Change-Id: I503e4a511c2901890356559c0afb971392b4ec6f
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>

Increase the SELinux policy version to 26.  This is needed
for name-based transitions used by the manta sepolicy.
Requires kernel 3.0 or higher.

Change-Id: I046fa9f7122f77506c70b2c735345bc0194935df
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

Change-Id: Ib37b392cb6f6d3fb80852b9a2a6547ab86cd9bff
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

Just allow them unconditionally for compatibility.

Change-Id: I85b56532c6389bdfa25731042b98d8f254bd80ee
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

A prior merge accidentally dropped the seinfo tag from the
release keys stanza.

Change-Id: I99f9ea8d0981c5324c3875896b0673552a03d2ca
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>

This reverts commit 31d1a40b

Change-Id: I70aab6f01b9a74512dcbd9bff167890747e54355

Change-Id: I86f2f28f7c558b8e9a70e5aa9ebcfa8bf26f9ef7

This reverts commit ba84bf1d

Hidden dependency resolved.

Change-Id: I9f0844f643abfda8405db2c722a36c847882c392

Allow script to union mac_permissions.xml files
specified using the BOARD_SEPOLICY_DIRS and
BOARD_SEPOLICY_UNION constructs.

Change-Id: I4fc65fd1ab4c612f25e966f030247e54a270b614
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>

Assortment of policy changes include:
 * Bluetooth domain to talk to init and procfs.
 * New device node domains.
 * Allow zygote to talk to its executable.
 * Update system domain access to new device node domains.
 * Create a post-process sepolicy with dontaudits removed.
 * Allow rild to use the tty device.

Change-Id: Ibb96b590d0035b8f6d1606cd5e4393c174d10ffb
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>

This reverts commit 60d4d71e

This should (finally) be fixed in https://android-review.googlesource.com/#/c/54730/

Change-Id: I3dd358560f7236f28387ffbe247fc2b004e303ea

Use TOP instead of ANDROID_BUILD_TOP

Fix spelling issues in keys.conf

Change-Id: Ib90b3041af5ef68f30f4ab78c768ad225987ef2d

This reverts commit cd4104e8

This builds clean locally, but seems to explode on the build servers. Reverting until there's a solution.

Change-Id: I09200db37c193f39c77486d5957a8f5916e38aa0

This reverts commit b24c30b4

Reverting the changes that depend on insertkeys until the issues there are resolved.

Change-Id: Ie7e0d6657d8e7cfb44fc3efa2f99c8d1011a0fe1

Rewrite all stanzas to only include seinfo tags.

Change-Id: I4d528ce092ec8d1aac15195ed3a8e307d604607e
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>

This reverts commit 1446e714

Hidden dependency has been resolved.

Change-Id: Ia535c0b9468ea5f705dff9813186a7fa8bab84ae

iio: Industrial I/O subsystem
usb_accessory: accessory protocol for usb

Allow system access in both cases.

Change-Id: I02db9775ec2ddaaeda40fae6d5e56e320957b09c
Signed-off-by: Robert Craig <rpcraig@tycho.ncsc.mil>

Change-Id: I7ff4ed9f73f43918cac05a026af68cca8dbe02c3
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>