* commit '75922a0a':
  Fix NFC image transfer

* commit '27fcf3ef':
  Revert "Move tlcd_sock policy over to manta."

* commit '10baf47c':
  Revert "Move tlcd_sock policy over to manta."

This doesn't compile on non-manta devices because of a
missing drmserver_socket declaration.

external/sepolicy/mediaserver.te":68:ERROR 'unknown type drmserver_socket' at token ';' on line 6764:
#line 68
allow mediaserver drmserver_socket:sock_file write;
checkpolicy:  error(s) encountered while parsing configuration
make: *** [out/target/product/flo/obj/ETC/sepolicy_intermediates/sepolicy] Error 1
make: *** Waiting for unfinished jobs....

This reverts commit 8cd400d3.

Change-Id: Ib8f07b57008b9ed1165b945057502779e806f0f8

* commit '98a6cf08':
  Add file_contexts entries for socket files.

* commit '94e06523':
  Add file_contexts entries for socket files.

* commit '628bc290':
  Move tlcd_sock policy over to manta.

So that we do not relabel them on a restorecon -R /data.

Change-Id: I8dd915d9bb80067339621b905ea2b4ea0fa8d71e
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

* commit '8cd400d3':
  Move tlcd_sock policy over to manta.

* commit 'd57848df':
  allow wpa_cli to work.

Change-Id: I7d5a5f964133177e7d466b9759fcf6300fec345d
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

* commit 'ba1a7315':
  allow wpa_cli to work.

With wpa_supplicant in enforcing, wpa_cli doesn't work.

Denial:

type=1400 audit(1390597866.260:59): avc:  denied  { write } for  pid=3410 comm="wpa_supplicant" name="wpa_ctrl_4852-1" dev="mmcblk0p28" ino=618993 scontext=u:r:wpa:s0 tcontext=u:object_r:wifi_data_file:s0 tclass=sock_file

After I9e35cc93abf89ce3594860aa3193f84a3b42ea6e and
I51b09c5e40946673a38732ea9f601b2d047d3b62, the /data/misc/wifi/sockets
directory is labeled properly. This change allows the communication
between the su domain and wpa.

Steps to reproduce:
  Start wifi (so wpa_supplicant will run)
  Start wpa_cli - it will hand
  $ adb root
  $ adb shell
  # wpa_cli -g @android:wpa_wlan0

Bug: 12721629
Change-Id: I03170acc155ad122c5197baaf590d17fc1ace6a5

* commit '369384d1':
  Label /data/misc/wifi/sockets with wpa_socket.

* commit '418e2abd':
  Label /data/misc/wifi/sockets with wpa_socket.

This will ensure that any sockets created in this directory
will default to wpa_socket unless a type_transition is defined.
Define a type transition for system_server to keep its separate
system_wpa_socket type assigned for its socket.  Allow wpa
to create and unlink sockets in the directory.  We leave the
already existing rules for wifi_data_file in place for compatibility
with existing devices that have wifi_data_file on /data/misc/wifi/sockets.

Change-Id: I9e35cc93abf89ce3594860aa3193f84a3b42ea6e
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

* commit '7d40044a':
  sepolicy: Add write_logd, read_logd & control_logd

* commit '8ed750e9':
  sepolicy: Add write_logd, read_logd & control_logd

- Add write_logd, read_logd and control_logd macros added along
  with contexts for user space logd.
- Specify above on domain wide, or service-by-service basis
- Add logd rules.
- deprecate access_logcat as unused.
- 'allow <domain> zygote:unix_dgram_socket write;' rule added to
  deal with fd inheritance. ToDo: investigate means to allow
  references to close, and reopen in context of application
  or call setsockcreatecon() to label them in child context.

Change-Id: I35dbb9d5122c5ed9b8c8f128abf24a871d6b26d8

* commit '3fc0df76':
  assert: Do not allow access to generic device:chr_file

* commit 'a637b2f2':
  assert: Do not allow access to generic device:chr_file

* commit 'df80ebd9':
  assert: do not allow raw access to generic block_device

Rather, enforce that a relabel should be done. This
tightens an existing assertion.

Change-Id: I0500e3dc483e6bf97e5b017043e358bcbdc69904

* commit 'd0919ec2':
  assert: do not allow raw access to generic block_device

Rather then allowing open,read,write to raw block devices, one
should relabel it to something more specific.

vold should be re-worked so we can drop it from this assert.

Change-Id: Ie891a9eaf0814ea3878d32b18b4e9f4d7dac4faf

* commit 'b4f8d095':
  drmserver: allow looking in efs_file directories

* commit 'b71dae82':
  drmserver: allow looking in efs_file directories

* commit '114576b7':
  Update README.

* commit 'af292c00':
  Catch nonexistent BOARD_SEPOLICY_UNION policy files.

* commit '9dbd005a':
  Update README.

Commit Icc5febc5fe5a7cccb90ac5b83e6289c2aa5bf069
introduced a new error check for non existent
BOARD_SEPOLICY_UNION files. Need an update to
the docs describing the change.

Change-Id: If96c9046565b05e0811ab2d526ae12a3b8b90bf0
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>

* commit 'd4f6c5f0':
  Catch nonexistent BOARD_SEPOLICY_UNION policy files.

* commit 'e5db229e':
  Remove MAC capabilities from unconfined domains.