* commit '411d940e':
  Allow use of art as the Android runtime.

* commit '527316a2':
  Allow use of art as the Android runtime.

system_server and app domains need to map dalvik-cache files with PROT_EXEC.

type=1400 msg=audit(13574814.073:132): avc: denied { execute } for pid=589 comm="system_server" path="/data/dalvik-cache/system@priv-app@SettingsProvider.apk@classes.dex" dev="mmcblk0p30" ino=684132 scontext=u:r:system_server:s0 tcontext=u:object_r:dalvikcache_data_file:s0 tclass=file

Apps need to map cached dex files with PROT_EXEC.  We already allow this
for untrusted_app to support packaging of shared objects as assets
but not for the platform app domains.

type=1400 audit(1387810571.697:14): avc:  denied  { execute } for  pid=7822 comm="android.youtube" path="/data/data/com.google.android.youtube/cache/ads1747714305.dex" dev="mmcblk0p30" ino=603259 scontext=u:r:platform_app:s0 tcontext=u:object_r:platform_app_data_file:s0 tclass=file

Change-Id: I309907d591ea6044e3e6aeb57bde7508e426c033
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

* commit 'f3988de8':
  Confine sdcardd, but leave it permissive for now.

* commit '7fa9a4ab':
  Confine dhcp, but leave it permissive for now.

* commit '588bb5c7':
  Confine sdcardd, but leave it permissive for now.

* commit 'c48fd77b':
  Confine dhcp, but leave it permissive for now.

Change-Id: I11b185ff539915174bd2da53bfaa2cad87173008
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

* commit 'bbe68e6d':
  Delete dalvikcache_data_file write/setattr access from shell.

* commit 'c17d30a5':
  Delete dalvikcache_data_file write/setattr access from shell.

This showed up at some point in the past during our own
internal CTS testing but it seems wrong based on the DAC
permissions and a potential way to inject code into apps
from the shell.  Drop it for now and see if it shows up again.
This predates userdebug/eng vs user shell split so possibly
it only happens in the userdebug/eng case.

Change-Id: If8b1e7817f8efecbf68a0ba5fd06328a23a6c6db
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

* commit '70eb1c2e':
  shell: allow setting debug_prop and powerctl_prop

* commit 'd28ceeb0':
  shell: allow setting debug_prop and powerctl_prop

* commit '4bd24975':
  vold: allow wakelocks, fsck logs

* commit 'fe907e57':
  vold: allow wakelocks, fsck logs

* commit '0522774a':
  Allow dumpsys

* commit '9969a4d2':
  Allow dumpsys

Allow the shell user to set debug.* properties.
This allows systrace to work on Android.

Allow the shell user to set sys.powerctl, to allow reboots
to work.

Addresses the following denials:

<4>[ 2141.449722] avc:  denied  { set } for property=debug.atrace.tags.enableflags scontext=u:r:shell:s0 tcontext=u:object_r:debug_prop:s0 tclass=property_service
<4>[ 2141.450820] avc:  denied  { set } for property=debug.atrace.app_cmdlines scontext=u:r:shell:s0 tcontext=u:object_r:debug_prop:s0 tclass=property_service
<4>[ 2141.506703] avc:  denied  { set } for property=debug.atrace.tags.enableflags scontext=u:r:shell:s0 tcontext=u:object_r:debug_prop:s0 tclass=property_service
<4>[ 2141.507591] avc:  denied  { set } for property=debug.atrace.app_cmdlines scontext=u:r:shell:s0 tcontext=u:object_r:debug_prop:s0 tclass=property_service

Bug: 12231073
Change-Id: Iaba1db06ba287c7d5d10ce287833c57238e03bb6

* commit 'c3928dc8':
  Allow dumpstate to use ping.

* commit 'a2c4cb3c':
  Allow dumpstate to use ping.

Allow adb shell to run dumpsys.

Addresses the following denials:

23.720402   type=1400 audit(1387473582.512:12): avc:  denied  { read write } for  pid=1469 comm="dumpsys" path="/dev/pts/0" dev="devpts" ino=3 scontext=u:r:system_server:s0 tcontext=u:object_r:devpts:s0 tclass=chr_file
23.862719   type=1400 audit(1387473582.652:13): avc:  denied  { getattr } for  pid=696 comm="Binder_3" path="/dev/pts/0" dev="devpts" ino=3 scontext=u:r:system_server:s0 tcontext=u:object_r:devpts:s0 tclass=chr_file

Change-Id: I6c56f9267d769d579514dca3cfde8d5a99170456

When encrypting a device, vold tries to acquire a wake lock,
to prevent the device from sleeping. Add an allow rule.

After booting with a freshly encrypted device, fsck logs data to
/dev/fscklogs/log . Add an allow rule.

Addresses the following denials.

wake lock:

<5>[  372.401015] type=1400 audit(1387488823.195:6): avc:  denied  { read write } for  pid=143 comm="vold" name="wake_lock" dev="sysfs" ino=69 scontext=u:r:vold:s0 tcontext=u:object_r:sysfs_wake_lock:s0 tclass=file
<5>[  127.274556] type=1400 audit(1387494536.080:8): avc:  denied  { open } for  pid=140 comm="vold" name="wake_lock" dev="sysfs" ino=69 scontext=u:r:vold:s0 tcontext=u:object_r:sysfs_wake_lock:s0 tclass=file

fsck logging:

<5>[   44.759122] type=1400 audit(1387489522.460:6): avc:  denied  { search } for  pid=132 comm="vold" name="fscklogs" dev="tmpfs" ino=3216 scontext=u:r:vold:s0 tcontext=u:object_r:fscklogs:s0 tclass=dir
<5>[   28.559964] type=1400 audit(1387495221.265:6): avc:  denied  { write } for  pid=132 comm="vold" name="fscklogs" dev="tmpfs" ino=3216 scontext=u:r:vold:s0 tcontext=u:object_r:fscklogs:s0 tclass=dir
<5>[   28.560081] type=1400 audit(1387495221.265:7): avc:  denied  { add_name } for  pid=132 comm="vold" name="log" scontext=u:r:vold:s0 tcontext=u:object_r:fscklogs:s0 tclass=dir
<5>[   28.560244] type=1400 audit(1387495221.265:8): avc:  denied  { create } for  pid=132 comm="vold" name="log" scontext=u:r:vold:s0 tcontext=u:object_r:fscklogs:s0 tclass=file
<5>[   28.560383] type=1400 audit(1387495221.265:9): avc:  denied  { write open } for  pid=132 comm="vold" name="log" dev="tmpfs" ino=5898 scontext=u:r:vold:s0 tcontext=u:object_r:fscklogs:s0 tclass=file
<5>[   28.582520] type=1400 audit(1387495221.285:10): avc:  denied  { getattr } for  pid=132 comm="vold" path="/dev/fscklogs/log" dev="tmpfs" ino=5898 scontext=u:r:vold:s0 tcontext=u:object_r:fscklogs:s0 tclass=file

Change-Id: I09fbe73c9d4955578c16fece4f3b84269eed78b5

* commit 'ddd5ebf8':
  allow system_server block_suspend

* commit '13e44ec7':
  allow system_server block_suspend

I'm only seeing this denial on one device (manta), but it feels like
it should be part of the generic policy. I don't understand
why it's happening on only one device.

Addresses the following denial:

14.711671   type=1400 audit(1387474628.570:6): avc:  denied  { block_suspend } for  pid=533 comm="InputReader" capability=36  scontext=u:r:system_server:s0 tcontext=u:r:system_server:s0 tclass=capability2

Change-Id: If4b28b6f42ca92c0e2cacfad75c8cbe023b0fa47

Change-Id: I1eba1535d650a09ee7640cb7f3664202be4a0a55
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

* commit '58336fc6':
  Make bluetooth, nfc, radio and shell adb-installable

* commit '815e9813':
  Make bluetooth, nfc, radio and shell adb-installable

bluetooth, nfc, radio and shell are not explicitly declared
in installd.te. This prevents applications in those group
from upgrading by "adb install -r".

You can reproduce the issue by following step:
 1. adb pull /system/priv-app/Shell.apk
 2. adb install -r Shell.apk
 3. install failed with the error log blow

[Error in logcat]
E/installd(  338): couldn't symlink directory '/data/data/com.android.shell/lib' -> '/data/app-lib/com.android.shell-1': Permission denied
E/installd(  338): couldn't symlink directory '/data/data/com.android.shell/lib' -> '/data/app-lib/Shell': Permission denied

[Error in dmesg]
<5>[  112.053301] type=1400 audit(1387412796.071:10): avc:  denied  { create } for  pid=337 comm="installd" name="lib" scontext=u:r:installd:s0 tcontext=u:object_r:shell_data_file:s0 tclass=lnk_file

This operation fails only if the app belongs to any of the
groups specified in the commit title.

Change-Id: I7572df9fb6e471fad34f61137f0eeeda4c82659d

Addreseses the following denials:

<5>[  695.383994] type=1400 audit(1387403898.292:55): avc:  denied  { execute } for  pid=5187 comm="dumpstate" name="ping" dev="mmcblk0p25" ino=213 scontext=u:r:dumpstate:s0 tcontext=u:object_r:ping_exec:s0 tclass=file
<5>[  695.384727] type=1400 audit(1387403898.292:56): avc:  denied  { read open } for  pid=5187 comm="dumpstate" name="ping" dev="mmcblk0p25" ino=213 scontext=u:r:dumpstate:s0 tcontext=u:object_r:ping_exec:s0 tclass=file
<5>[  695.385418] type=1400 audit(1387403898.292:57): avc:  denied  { execute_no_trans } for  pid=5187 comm="dumpstate" path="/system/bin/ping" dev="mmcblk0p25" ino=213 scontext=u:r:dumpstate:s0 tcontext=u:object_r:ping_exec:s0 tclass=file
<5>[  695.391978] type=1400 audit(1387403898.302:58): avc:  denied  { create } for  pid=5187 comm="ping" scontext=u:r:dumpstate:s0 tcontext=u:r:dumpstate:s0 tclass=rawip_socket
<5>[  695.393193] type=1400 audit(1387403898.302:59): avc:  denied  { setopt } for  pid=5187 comm="ping" scontext=u:r:dumpstate:s0 tcontext=u:r:dumpstate:s0 tclass=rawip_socket
<5>[  695.393753] type=1400 audit(1387403898.302:60): avc:  denied  { getopt } for  pid=5187 comm="ping" scontext=u:r:dumpstate:s0 tcontext=u:r:dumpstate:s0 tclass=rawip_socket
<5>[  695.394886] type=1400 audit(1387403898.302:61): avc:  denied  { write } for  pid=5187 comm="ping" scontext=u:r:dumpstate:s0 tcontext=u:r:dumpstate:s0 tclass=rawip_socket
<5>[  695.400693] type=1400 audit(1387403898.312:62): avc:  denied  { read } for  pid=5187 comm="ping" lport=4 scontext=u:r:dumpstate:s0 tcontext=u:r:dumpstate:s0 tclass=rawip_socket

Change-Id: If9a790725ec0ba1ca6cb5c9a8ed85288580940e8

* commit 'b48b52c6':
  Confine shell domain in -user builds only.

* commit 'b423b569':
  Add rules to permit CTS security-related tests to run.

* commit 'b63e485b':
  Confine shell domain in -user builds only.

* commit '59469370':
  Add rules to permit CTS security-related tests to run.