This reverts commit 5bf94caf.

Remove this temporary workaround.

Bug: 63147833
Test: Build policy

Observed audited access to rootfs moved to individual domains in
commit a12aad45

Bug: 28760354
Test: build
Change-Id: Ie5e991d66668e70df69f21334032be6d574bf5c8

Ueventd needs write access to all files in /sys to generate uevents.

Bug: 63147833
Test: build. Verify no ueventd denials in the logs.
Change-Id: I89d33aab158dd192e761f14eff8afa1c71594bca

This change did not make it into core sepolicy in time for O.
The revert allows devices to define these selinux policies in
vendor-specific sepolicy instead of core sepolicy. It is
necessary because:

1. It is too late to change property_contexts in O.
2. Adding the netd_stable_secret prop to vendor sepolicy results
   in a duplicate definition error at compile time.
3. Defining a new vendor-specific context (such as
   net_stable_secret_vendor_prop) and applying it to
   persist.netd.stable_secret results in the device not booting
   due to attempting to apply two different contexts to the same
   property.

Lack of the sepolicy no longer breaks wifi connectivity now that
IpManager no longer considers failure to set the stable secret to
be a fatal error.

Once all interested devices have adopted the vendor sepolicy,
this policy can safely be reinstated by reverting said vendor
sepolicies in internal master.

This reverts commit abb1ba65.

Bug: 17613910
Test: bullhead builds, boots, connects to wifi
Change-Id: Idffcf78491171c54bca9f93cb920eab9b1c47709

Grant audited permissions collected in logs.

tcontext=platform_app
avc: granted { getattr } for comm=496E666C6174657254687265616420
path="/" dev="dm-0" ino=2 scontext=u:r:platform_app:s0:c512,c768
tcontext=u:object_r:rootfs:s0 tclass=dir

tcontext=system_app
avc: granted { getattr } for comm="android:ui" path="/" dev="dm-0"
scontext=u:r:system_app:s0 tcontext=u:object_r:rootfs:s0 tclass=dir
avc: granted { getattr } for comm="android:ui" path="/" dev="dm-0"
scontext=u:r:system_app:s0 tcontext=u:object_r:rootfs:s0 tclass=dir

tcontext=update_engine
avc: granted { getattr } for comm="update_engine" path="/" dev="dm-0"
ino=2 scontext=u:r:update_engine:s0 tcontext=u:object_r:rootfs:s0
tclass=dir
avc: granted { getattr } for comm="update_engine" path="/fstab.foo"
dev="dm-0" ino=25 scontext=u:r:update_engine:s0
tcontext=u:object_r:rootfs:s0 tclass=file
avc: granted { read open } for comm="update_engine" path="/fstab.foo"
dev="dm-0" ino=25 scontext=u:r:update_engine:s0
tcontext=u:object_r:rootfs:s0 tclass=file

Bug: 28760354
Test: build
Change-Id: I6135eea1d10b903a4a7e69da468097f495484665

Logs indicate that all processes that require read access
have already been granted it.

Bug: 28760354
Test: build policy
Merged-In: I5826c45f54af32e3d4296df904c8523bb5df5e62
Change-Id: I5826c45f54af32e3d4296df904c8523bb5df5e62

Address the "granted" permissions observed in the logs including:

tcontext=uncrypt
avc: granted { search } for comm="uncrypt" name="/" dev="mmcblk0p40"
ino=2 scontext=u:r:uncrypt:s0 tcontext=u:object_r:cache_file:s0
tclass=dir

tcontext=install_recovery
avc: granted { search } for comm="applypatch" name="saved.file"
scontext=u:r:install_recovery:s0 tcontext=u:object_r:cache_file:s0
tclass=dir
avc: granted { read } for comm="applypatch" name="saved.file"
dev="mmcblk0p6" ino=14 scontext=u:r:install_recovery:s0
tcontext=u:object_r:cache_file:s0 tclass=file
avc: granted { getattr } for comm="applypatch" path="/cache/saved.file"
dev="mmcblk0p6" ino=14 scontext=u:r:install_recovery:s0
tcontext=u:object_r:cache_file:s0 tclass=file

tcontext=update_engine
avc: granted { search } for comm="update_engine" name="cache"
dev="sda35" ino=1409025 scontext=u:r:update_engine:s0
tcontext=u:object_r:cache_file:s0 tclass=dir"
avc: granted { read } for comm="update_engine" name="update.zip"
dev="sda35" ino=1409037 scontext=u:r:update_engine:s0
tcontext=u:object_r:cache_file:s0:c512,c768 tclass=file
avc: granted { read } for comm="update_engine" name="cache" dev="dm-0"
ino=16 scontext=u:r:update_engine:s0 tcontext=u:object_r:cache_file:s0
tclass=lnk_file

Bug: 28760354
Test: build policy.
Merged-In: Ia13fe47268df904bd4f815c429a0acac961aed1e
Change-Id: Ia13fe47268df904bd4f815c429a0acac961aed1e

This CL was accidentally reverted a second time by commit:
cb5129f9.  Submit it for the third,
and final, time.

Bug: 62102757
Test: Builds and boots.

Address the "granted" permissions observed in the logs including:

tcontext=uncrypt
avc: granted { search } for comm="uncrypt" name="/" dev="mmcblk0p40"
ino=2 scontext=u:r:uncrypt:s0 tcontext=u:object_r:cache_file:s0
tclass=dir

tcontext=install_recovery
avc: granted { search } for comm="applypatch" name="saved.file"
scontext=u:r:install_recovery:s0 tcontext=u:object_r:cache_file:s0
tclass=dir
avc: granted { read } for comm="applypatch" name="saved.file"
dev="mmcblk0p6" ino=14 scontext=u:r:install_recovery:s0
tcontext=u:object_r:cache_file:s0 tclass=file
avc: granted { getattr } for comm="applypatch" path="/cache/saved.file"
dev="mmcblk0p6" ino=14 scontext=u:r:install_recovery:s0
tcontext=u:object_r:cache_file:s0 tclass=file

tcontext=update_engine
avc: granted { search } for comm="update_engine" name="cache"
dev="sda35" ino=1409025 scontext=u:r:update_engine:s0
tcontext=u:object_r:cache_file:s0 tclass=dir"
avc: granted { read } for comm="update_engine" name="update.zip"
dev="sda35" ino=1409037 scontext=u:r:update_engine:s0
tcontext=u:object_r:cache_file:s0:c512,c768 tclass=file
avc: granted { read } for comm="update_engine" name="cache" dev="dm-0"
ino=16 scontext=u:r:update_engine:s0 tcontext=u:object_r:cache_file:s0
tclass=lnk_file

Bug: 28760354
Test: build policy.

Change-Id: Ia13fe47268df904bd4f815c429a0acac961aed1e
(cherry picked from commit 5fd60597d7d04c1861e7d8f3938384efb0384386)

This change did not make it into core sepolicy in time for O.
The revert allows devices to define these selinux policies in
vendor-specific sepolicy instead of core sepolicy. It is
necessary because:

1. It is too late to change property_contexts in O.
2. Adding the netd_stable_secret prop to vendor sepolicy results
   in a duplicate definition error at compile time.
3. Defining a new vendor-specific context (such as
   net_stable_secret_vendor_prop) and applying it to
   persist.netd.stable_secret results in the device not booting
   due to attempting to apply two different contexts to the same
   property.

Lack of the sepolicy no longer breaks wifi connectivity now that
IpManager no longer considers failure to set the stable secret to
be a fatal error.

Once all interested devices have adopted the vendor sepolicy,
this policy can safely be reinstated by reverting said vendor
sepolicies in internal master.

This reverts commit abb1ba65.

Bug: 17613910
Test: bullhead builds, boots, connects to wifi
Change-Id: Idffcf78491171c54bca9f93cb920eab9b1c47709

Logs indicate that all processes that require access already have it.

Bug: 28760354
Test: build
Merged-In: I3dfa16bf4fba7f653c5f8525e8c565e9e24334a8
Change-Id: I3dfa16bf4fba7f653c5f8525e8c565e9e24334a8

Clean up "granted" logspam. Grant the observered audited permissions
including:

tcontext=cache_file
avc: granted { getattr } for comm="df" path="/cache" dev="mmcblk0p9"
ino=2 scontext=u:r:dumpstate:s0 tcontext=u:object_r:cache_file:s0
tclass=dir
avc: granted { search } for comm="Binder:8559_2" name="cache"
dev="sda13" ino=1654785 scontext=u:r:dumpstate:s0
tcontext=u:object_r:cache_file:s0 tclass=dir
avc: granted { read } for comm="Binder:8559_2" name="cache" dev="dm-0"
ino=23 scontext=u:r:dumpstate:s0 tcontext=u:object_r:cache_file:s0
tclass=lnk_file

tcontext=proc
avc: granted { getattr } for comm="Binder:14529_2"
path="/proc/sys/fs/pipe-max-size" dev="proc" ino=247742
scontext=u:r:dumpstate:s0 tcontext=u:object_r:proc:s0
tclass=file
avc: granted { read } for comm="Binder:22671_2" name="cmdline"
dev="proc" ino=4026532100 scontext=u:r:dumpstate:s0
tcontext=u:object_r:proc:s0 tclass=file
avc: granted { read open } for comm="dumpstate"
path="/proc/sys/fs/pipe-max-size" dev="proc" ino=105621
scontext=u:r:dumpstate:s0 tcontext=u:object_r:proc:s0
tclass=file

tcontext=sysfs
avc: granted { read open } for comm="Binder:14459_2"
path="/sys/devices/virtual/block/md0/stat" dev="sysfs" ino=51101
scontext=u:r:dumpstate:s0 tcontext=u:object_r:sysfs:s0 tclass=file
avc: granted { read open } for comm="Binder:21377_2"
path="/sys/devices/soc/1da4000.ufshc/host0/target0:0:0/0:0:0:1/block/sdb/sdb1"
dev="sysfs" ino=40888 scontext=u:r:dumpstate:s0
tcontext=u:object_r:sysfs:s0 tclass=dir
avc: granted { getattr } for comm="dumpstate" dev="sysfs" ino=40456
scontext=u:r:dumpstate:s0 tcontext=u:object_r:sysfs:s0 tclass=file

tcontext=proc_meminfo
avc: granted { read } for comm="top" name="meminfo" dev="proc"
ino=4026532106 scontext=u:r:dumpstate:s0
tcontext=u:object_r:proc_meminfo:s0 tclass=file
avc: granted { read open } for comm="top" path="/proc/meminfo"
dev="proc" ino=4026532106 scontext=u:r:dumpstate:s0
tcontext=u:object_r:proc_meminfo:s0 tclass=file

tcontext=rootfs
avc: granted { getattr } for comm="df" path="/" dev="dm-0" ino=2
scontext=u:r:dumpstate:s0 tcontext=u:object_r:rootfs:s0 tclass=dir
avc: granted { getattr } for comm="ip" path="/vendor" dev="rootfs"
ino=99 scontext=u:r:dumpstate:s0 tcontext=u:object_r:rootfs:s0
tclass=lnk_file

tcontext=selinuxfs
avc: granted { getattr } for comm="df" path="/sys/fs/selinux"
dev="selinuxfs" ino=1 scontext=u:r:dumpstate:s0
tcontext=u:object_r:selinuxfs:s0 tclass=dir

tcontext=system_file
avc: granted { read open } for comm="dumpstate" path="/system/lib64/hw"
dev="dm-0" ino=1947 scontext=u:r:dumpstate:s0
tcontext=u:object_r:system_file:s0 tclass=dir

tcontext=system_data_file
avc: granted { read } for comm="ip" path="/data/misc/net/rt_tables"
dev="sda10" ino=1458261 scontext=u:r:dumpstate:s0
tcontext=u:object_r:system_data_file:s0 tclass=file
avc: granted { getattr } for comm="ip" path="/data/misc/net/rt_tables"
scontext=u:r:dumpstate:s0 tcontext=u:object_r:system_data_file:s0
tclass=file

Bug: 28760354
Test: Build policy
Change-Id: Iae69f710d6b6dc6158cf6bb6ff61168c8df11263

Addresses:
avc: granted { read } for name="pipe-max-size" dev="proc" ino=470942 scontext=u:r:dumpstate:s0 tcontext=u:object_r:proc:s0 tclass=file
avc: granted { read open } for path="/proc/sys/fs/pipe-max-size" dev="proc" ino=470942 scontext=u:r:dumpstate:s0 tcontext=u:object_r:proc:s0 tclass=file

Test: build policy
Change-Id: I7d8721c73c4f3c51b3885a97c697510e61d1221b
(cherry picked from commit f44002b3)

Address "granted" audit messages for dumpstate use of df.

avc: granted { getattr } for comm="df" path="/mnt" dev="tmpfs"
scontext=u:r:dumpstate:s0 tcontext=u:object_r:tmpfs:s0
tclass=dir
avc: granted { search } for comm="df" name="/" dev="tmpfs"
scontext=u:r:dumpstate:s0 tcontext=u:object_r:tmpfs:s0
tclass=dir

Bug: 28760354
Test: Build, check logs.
Change-Id: I920948a5f0bce1b4bd2f15779730df8b3b1fea5a

Change fb889f23 "Force expand all hal_* attributes" annotated all
hal_* attributes to be expanded to their associated types. However
some of these attributes are used in CTS for neverallow checking.
Mark these attributes to be preserved.

In addition, remove the hacky workaround introduced in oc-dev
for b/62658302 where extraneous neverallow rules were introduced
to prevent unused or negated attributes from being auto-expanded
from policy.

Bug: 62658302
Bug: 63135903
Test: cts-tradefed run cts -m CtsSecurityHostTestCases -t \
    android.cts.security.SELinuxNeverallowRulesTest

    armeabi-v7a CtsSecurityHostTestCases completed in 4s.
    501 passed, 0 failed, 0 not executed
Merged-In: I989def70a16f66e7a18bef1191510793fbe9cb8c
Change-Id: I989def70a16f66e7a18bef1191510793fbe9cb8c

Change fb889f23 "Force expand all hal_* attributes" annotated all
hal_* attributes to be expanded to their associated types. However
some of these attributes are used in CTS for neverallow checking.
Mark these attributes to be preserved.

In addition, remove the hacky workaround introduced in oc-dev
for b/62658302 where extraneous neverallow rules were introduced
to prevent unused or negated attributes from being auto-expanded
from policy.

Bug: 62658302
Bug: 63135903
Test: cts-tradefed run cts -m CtsSecurityHostTestCases -t \
    android.cts.security.SELinuxNeverallowRulesTest

    armeabi-v7a CtsSecurityHostTestCases completed in 4s.
    501 passed, 0 failed, 0 not executed
Change-Id: I989def70a16f66e7a18bef1191510793fbe9cb8c

This reverts commit 7e577318.

avc: granted { search } scontext=u:r:recovery:s0 tcontext=u:object_r:cache_file:s0 tclass=dir
avc: granted { getattr } scontext=u:r:recovery:s0 tcontext=u:object_r:rootfs:s0 tclass=file
avc: granted { read } scontext=u:r:recovery:s0 tcontext=u:object_r:rootfs:s0 tclass=file
avc: granted { read open } scontext=u:r:recovery:s0 tcontext=u:object_r:rootfs:s0 tclass=file
avc: granted { read } scontext=u:r:recovery:s0 tcontext=u:object_r:sysfs:s0 tclass=file
avc: granted { read open } scontext=u:r:recovery:s0 tcontext=u:object_r:sysfs:s0 tclass=file
avc: granted { search } scontext=u:r:recovery:s0 tcontext=u:object_r:tmpfs:s0 tclass=dir

Fixes: 62619253
Test: policy builds, no more "granted" messages in dmesg for recovery.
Merged-In: I3f6d8ceee80307a01a8fd40cb4f8362a9825b1a3
Change-Id: I3f6d8ceee80307a01a8fd40cb4f8362a9825b1a3
(cherry picked from commit ea1d6e7d)

When installd clears cached files on external storage, the sdcardfs
kernel filesystem needs to be kept in the loop to release any cached
dentries that it's holding onto.  (Otherwise the underlying disk
space isn't actually released.)

installd can already delete the underlying files directly (via the
media_rw_data_file rules), so this technically isn't expanding its
capabilities.

avc: granted { search } for name="/" dev="tmpfs" ino=6897 scontext=u:r:installd:s0 tcontext=u:object_r:tmpfs:s0 tclass=dir
avc: denied { open } for path="/mnt/runtime/default/emulated/0/Android/data" dev="sdcardfs" ino=589830 scontext=u:r:installd:s0 tcontext=u:object_r:sdcardfs:s0 tclass=dir permissive=1
avc: denied { write } for name="com.google.android.inputmethod.japanese" dev="sdcardfs" ino=590040 scontext=u:r:installd:s0 tcontext=u:object_r:sdcardfs:s0 tclass=dir permissive=0
avc: denied { remove_name } for name="cache_r.m" dev="sdcardfs" ino=589868 scontext=u:r:installd:s0 tcontext=u:object_r:sdcardfs:s0 tclass=dir permissive=0
avc: denied { getattr } for path="/mnt/runtime/default/emulated/0/Android/data/.nomedia" dev="sdcardfs" ino=589831 scontext=u:r:installd:s0 tcontext=u:object_r:sdcardfs:s0 tclass=file permissive=1

Test: cts-tradefed run commandAndExit cts-dev -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.StorageHostTest
Bug: 37486230
Change-Id: Icfd00a9ba379b1f50c48fe85849304cf9859bcb2
(cherry picked from commit 72f4c619)

Logs show that only dumpstate requires access.

avc: granted { read open } for comm="screencap" path="/dev/ion"
dev="tmpfs" ino=14324 scontext=u:r:dumpstate:s0
tcontext=u:object_r:ion_device:s0 tclass=chr_file
avc: granted { ioctl } for comm="screencap" path="/dev/ion" dev="tmpfs"
ino=14324 ioctlcmd=4906 scontext=u:r:dumpstate:s0
tcontext=u:object_r:ion_device:s0 tclass=chr_file

Grant ion permission to dumpstate which uses it for screencap
feature.

Bug: 28760354
Test: build. Check logs.
Change-Id: I6435b7dbf7656669dac5dcfb205cf0aeda93991b

Logs indicate no usage of these permissions.

Bug: 28760354
Test: check logs.
Change-Id: I3d75aea6afd4e326f705274ab2790e5d0bbdb367

Logs indicate apps, system_server, and runas are the only
domains that require this permission.

Bug: 28760354
Test: check logs.
Change-Id: I93dc53ec2d892bb91c0cd6f5d7e9cbf76b9bcd9f

Bug: 62706738
Bug: 34133340
Test: Check that uid_time_in_state can't be read from
the shell without root permissions and that
"dumpsys batterystats --checkin| grep ctf" shows frequency
data (system_server was able to read uid_time_in_state)

Change-Id: Ic6a54da4ebcc9e10b0e3af8f14a45d7408e8686e
(cherry picked from commit 4dc88795)

Bug: b/36863239
Test: manual
Change-Id: I7e929926efbb1570ea9723ef3810a511c71dc11a
(cherry picked from commit 38f0928f)

avc: denied { read write } scontext=u:r:ipacm:s0
tcontext=u:r:system_server:s0 tclass=netlink_netfilter_socket
avc: denied { setopt } scontext=u:r:ipacm:s0
tcontext=u:r:system_server:s0 tclass=netlink_netfilter_socket
avc: denied { getattr } scontext=u:r:ipacm:s0
tcontext=u:r:system_server:s0 tclass=netlink_netfilter_socket
avc: denied { create } for scontext=u:r:system_server:s0
tcontext=u:r:system_server:s0 tclass=netlink_netfilter_socket

Bug: 29337859
Bug: 32163131
Test: adb shell getenforce
Enforcing
adb shell dumpsys connectivity tethering
Tethering:
  ...
  Log:
    ...
    06-28 11:46:58.841 - SET master tether settings: ON
    06-28 11:46:58.857 - [OffloadController] tethering offload started
And logs show some signs of happiness:
    06-28 11:46:58.853   816   947 I IPAHALService: IPACM was provided two FDs (18, 19)
    06-28 11:46:58.853  1200  1571 I zygote64: Looking for service android.hardware.tetheroffload.control@1.0::IOffloadControl/default
Change-Id: I0c63bd2de334b4ca40e54efb9df4ed4904667e21

This is a revert of http://ag/741434

Bug: 38259874
Test: manually, using ConfirmCredential sample app.
Change-Id: I0cbb955110935de605cb90e26a6a1d851a93a4b8

rc-style powerctl has beem removed. Accordingly, asan_extract now
needs access to sys.powerctl directly.

(orginally commit: 82672089)

Bug: 36458146
Bug: 38241921
Test: Builds and boots.
Change-Id: I7d6e583f5e98b671986a2071abf157c86e288a10

This reinstates the selinux changes for the timezone service that
were reverted on oc-dr1-dev and undesirably merged down to master.

This reverts commit 96c619c8.

Test: make
Bug: 31008728
Change-Id: Ief2129c409de09b2782881a6556d918af59badd9

This was marked deprecated in 2014 and removed in 2015, let's remove
the sepolicy now too.

(Originally submitted in commit: 8c60f74d)

Bug: 38242876
Test: Builds and boots.

Change-Id: I4caa0dbf77956fcbc61a07897242b951c275b502

Add /dev/kmsg_debug on userdebug devices, to allow crash_dump to log
crashes to dmesg when logd isn't up yet (or is the one crashing).

(Originally commited in a015186f)
Bug: 36574794
Bug: 62101480
Test: Builds and boots.
Change-Id: I249e11291c58fee77098dec3fd3271ea23363ac9

Su runs in permissive mode and denials should be suppressed.

avc: denied { getattr } for scontext=u:r:su:s0
tcontext=u:object_r:pdx_display_client_endpoint_socket:s0
tclass=unix_stream_socket permissive=1
avc: denied { getattr } for scontext=u:r:su:s0
tcontext=u:object_r:pdx_display_manager_endpoint_socket:s0
tclass=unix_stream_socket permissive=1
avc: denied { getattr } for scontext=u:r:su:s0
tcontext=u:object_r:pdx_display_vsync_endpoint_socket:s0
tclass=unix_stream_socket permissive=1
avc: denied { getattr } for scontext=u:r:su:s0
tcontext=u:object_r:pdx_bufferhub_client_endpoint_socket:s0
tclass=unix_stream_socket permissive=1
avc: denied { getattr } for scontext=u:r:su:s0
tcontext=u:object_r:pdx_performance_client_endpoint_socket:s0
tclass=unix_stream_socket permissive=1

Bug: 35197529
Test: policy builds
Change-Id: Ia643c6e776e5e5bd473d857d523c3be91d32c40a

Linux kernel commit da69a5306ab9 ("selinux: support distinctions among all
network address families") triggers a build error if a new address family
is added without defining a corresponding SELinux security class.  As a
result, the smc_socket class was added to the kernel to resolve a build
failure as part of merge commit 3051bf36c25d that introduced AF_SMC circa
Linux 4.11.  Define this security class and its access vector, add
it to the socket_class_set macro, and exclude it from webview_zygote
like other socket classes.

Test:  Policy builds

Change-Id: Idbb8139bb09c6d1c47f1a76bd10f4ce1e9d939cb
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

Due to the massively increased number of attributes in SELinux policy
as part of the treble changes, we have had to remove attributes from
policy for performance reasons.  Unfortunately, some attributes are
required to be in policy to ensure that our neverallow rules are being
properly enforced.  Usually this is not a problem, since neverallow rules
indicate that an attribute should be kept, but this is not currently the
case when the attribute is part of a negation in a group.

This is particularly problematic with treble since some attributes may
exist for HALs that have no implementation, and thus no types.  In
particular, this has caused an issue with the neverallows added in our
macros.  Add an extraneous neverallow rule to each of those auto-generated
neverallow rules to make sure that they are not removed from policy, until
the policy compiler is fixed to avoid this.  Also add corresponding rules
for other types which have been removed due to no corresponding rules.

Bug: 62658302
Bug: 62999603
Test: Build Marlin policy.
Test: verify attribute exists in policy using sepolicy-analyze.
    sepolicy-analyze $OUT/vendor/etc/selinux/precompiled_sepolicy \
    attribute hal_tetheroffload_server
Test: CTS neverallow tests pass.
    cts-tradefed run cts -m CtsSecurityHostTestCases -t \
    android.cts.security.SELinuxNeverallowRulesTest
Change-Id: I62596ba8198ffdcbb4315df639a834e4becaf249

Test: build policy
Change-Id: If13838e8da6e3fe14bb5c7c7ade6f8ac0d5d1982

When adopting SD cards, vold partitions and formats those devices;
this had been working fine with the older make_ext4fs utility, but
newer devices are switching over to mke2fs, which has a different
SELinux label.

avc: denied { execute } for name="mke2fs" dev="dm-0" ino=456 scontext=u:r:vold:s0 tcontext=u:object_r:e2fs_exec:s0 tclass=file permissive=1
avc: denied { read open } for path="/system/bin/mke2fs" dev="dm-0" ino=456 scontext=u:r:vold:s0 tcontext=u:object_r:e2fs_exec:s0 tclass=file permissive=1
avc: denied { execute_no_trans } for path="/system/bin/mke2fs" dev="dm-0" ino=456 scontext=u:r:vold:s0 tcontext=u:object_r:e2fs_exec:s0 tclass=file permissive=1
avc: denied { getattr } for path="/system/bin/mke2fs" dev="dm-0" ino=456 scontext=u:r:vold:s0 tcontext=u:object_r:e2fs_exec:s0 tclass=file permissive=1

Test: cts-tradefed run commandAndExit cts-dev --abi armeabi-v7a -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.AdoptableHostTest
Bug: 36757864, 37436961
Change-Id: Ifb96dfca076ea58650eb32f89e850f20ae2ac102

avc:  denied  { find } for
interface=android.hardware.configstore::ISurfaceFlingerConfigs
scontext=u:r:system_server:s0
tcontext=u:object_r:hal_configstore_ISurfaceFlingerConfigs:s0
tclass=hwservice_manager permissive=0

Bug: 35197529
Test: Device boots without this denial
Change-Id: Ia43bc5879e03a1f2056e373b17cc6533636f98b1

NOTE: This change is marked dnma because we don't want it on
oc-dr1-dev-plus-aosp or any other downstream branch. Moreover,
oc-dr1-dev-plus-aosp is the only outgoing merger from oc-dr1-dev for
this project.

This reverts commit 11bfcc1e.

Bug: 62908344
Test: make
Change-Id: Ide61829cf99f15777c46f657a0e140d594f88243

Bug: b/36863239
Test: manual
Change-Id: I7e929926efbb1570ea9723ef3810a511c71dc11a

This reverts commit 3e307a4d.

Test: Builds - neverallow change only.
Bug: 62806062
Change-Id: Id3aa1b425cf48fc8586890c9850a74594584922d

The tetheroffload hal must be able to use network sockets as part of
its job.

Bug: 62870833
Test: neverallow-only change builds.
Change-Id: I630b36340796a5ecb5db08e732b0978dd82835c7