Allow vold, healthd, slideshow, and watchdogd access to /dev/kmsg.
These processes log to the kernel dmesg ring buffer, so they need
write access to that file.

Addresses the following denials:

    avc: denied { write } for pid=134 comm="watchdogd" name="kmsg" dev="tmpfs" ino=9248 scontext=u:r:watchdogd:s0 tcontext=u:object_r:kmsg_device:s0 tclass=chr_file permissive=0
    avc: denied { write } for pid=166 comm="healthd" name="kmsg" dev="tmpfs" ino=9248 scontext=u:r:healthd:s0 tcontext=u:object_r:kmsg_device:s0 tclass=chr_file permissive=0
    avc: denied { write } for pid=180 comm="vold" name="kmsg" dev="tmpfs" ino=9248 scontext=u:r:vold:s0 tcontext=u:object_r:kmsg_device:s0 tclass=chr_file permissive=0

These denials were triggered by the change in
https://android-review.googlesource.com/151209 . Prior to that change,
any code which called klog_init would (unnecessarily) create the
device node themselves, rather than using the already existing device
node.

Drop special /dev/__null__ handling from watchdogd. As of
https://android-review.googlesource.com/148288 , watchdogd no longer
creates it's own /dev/null device, so it's unnecessary for us
to allow for it.

Drop mknod from healthd, slideshow, and watchdogd. healthd and slideshow
only needed mknod to create /dev/__kmsg__, which is now obsolete.
watchdogd only needed mknod to create /dev/__kmsg__ and /dev/__null__,
which again is now obsolete.

Bug: 21242418
Change-Id: If01c8001084575e7441253f0fa8b4179ae33f534

Change-Id: I35be7a7df73325fba921b8a354659b2b2a3e06e7

Prune down unconfined so it doesn't allow process access
to all other domains. Use domain_trans() for transitions to
seclabeled domains.

Change-Id: I8e88a49e588b6b911e1f7172279455838a06091d

Change-Id: I04969ca94d27535b3cdcfad55f092f98592b22f7
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

Change-Id: If2285e927cb886956b3314dd18384145a1ebeaa9
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

This change removes the permissive line from unconfined
domains. Unconfined domains can do (mostly) anything, so moving
these domains into enforcing should be a no-op.

The following domains were deliberately NOT changed:
1) kernel
2) init

In the future, this gives us the ability to tighten up the
rules in unconfined, and have those tightened rules actually
work.

When we're ready to tighten up the rules for these domains,
we can:

1) Remove unconfined_domain and re-add the permissive line.
2) Submit the domain in permissive but NOT unconfined.
3) Remove the permissive line
4) Wait a few days and submit the no-permissive change.

For instance, if we were ready to do this for adb, we'd identify
a list of possible rules which allow adbd to work, re-add
the permissive line, and then upload those changes to AOSP.
After sufficient testing, we'd then move adb to enforcing.
We'd repeat this for each domain until everything is enforcing
and out of unconfined.

Change-Id: If674190de3262969322fb2e93d9a0e734f8b9245

Bug: 8424461
Change-Id: I8f0b01cdb19b4a479d5de842f4e4844aeab00622

This prevents denials from being generated by the base policy.
Over time, these rules will be incrementally tightened to improve
security.

Change-Id: I4be1c987a5d69ac784a56d42fc2c9063c402de11

Bug: 4070557
Change-Id: I027f76cff6df90e9909711cb81fbd17db95233c1

Initial policy for software watchdog daemon
which is started by init.

Change-Id: I042a5b1698bf53ce2e50ea06851c374e5123ee2c
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>