Commit: 50889ce0 added policy for a
new service, which was not present in O.  This policy introduced a
new type.  Record it as such.

Bug: 62573845
Test: None, prebuilt change only.
Change-Id: If9cfaff813c47d3b1c8374e8abfb4aedb902d486

Commit: 11bfcc1e added policy for
a new socket which was not present in O.  This socket has a new
type associated with it.  Record the type as a new type so that
compatibility testing will not complain.

Bug: 62573845
Test: None, prebuilt change only.
Change-Id: I375fc9ca0bd201e277a0302d9b34c0da0eb40fbd

Commit 5f573ab2 added policy for
the additions of upstream fs tools.  Make sure the new types are
denoted as such (no object relabeling needs to be done) and that
objects which are relabeled are.

Bug: 35219933
Bug: 62573845
Test: None. Prebuilt change only.
Change-Id: I6515e05ebc60ca08e98029f471cf2861826036fc

am: 46f2dcb1  -s ours

Change-Id: Ide86623fdfb3567df3ca5825a9e5cb5cb9e03b79

am: aa33afc9

Change-Id: I39b6028f7960b13af1fd83cbfa0f7fec4cac1bab

am: b748e652

Change-Id: I4cd3587232e426b2684c77a7cb548b006f6f8647

Test: Policy compiles.
Change-Id: Iaa19c64f6b54423dbfa5ae16d288501ab0e64cbc

am: 5b277641

Change-Id: I01eefcff7299c87e95fa2fb90dd69d7d5c63f40e

am: 6433a09c

Change-Id: I2efd5ff367424b86ea336ad0a4bb56eca368f4f2

am: b41291f5

Change-Id: I8e1151461bdd5a47cc81a9be744a8918bb61560a

am: a6f6295c

Change-Id: I0c54b62288aa73842a9f0dc8fa0f9a5c8e64bc98

Merge "Add SEPolicy for new Java-based Broadcast Radio service." am: 6466092f am: f44267a5 am: 739f7598
am: c6ef555e

Change-Id: Ic93ebe3cc8148eee16334ff57674ed961d00afb5

am: efb5a5ba

Change-Id: Ie2461f25e7ac409837c84d7f467b63d4f23d918f

am: 739f7598

Change-Id: I0e63a008436b860549cdc687276c33df475afa77

am: c8338f26

Change-Id: Id3db0306763ca605dcdf11409f3b591d6ceda312

am: f44267a5

Change-Id: Iea0f7ef8960d89d19451b7a47dc1852155dd3af9

am: 8745ac43

Change-Id: I6816eea55ad110d7aeea43ec3088452b38b7ccc7

avc: granted { search } scontext=u:r:recovery:s0 tcontext=u:object_r:cache_file:s0 tclass=dir
avc: granted { getattr } scontext=u:r:recovery:s0 tcontext=u:object_r:rootfs:s0 tclass=file
avc: granted { read } scontext=u:r:recovery:s0 tcontext=u:object_r:rootfs:s0 tclass=file
avc: granted { read open } scontext=u:r:recovery:s0 tcontext=u:object_r:rootfs:s0 tclass=file
avc: granted { read } scontext=u:r:recovery:s0 tcontext=u:object_r:sysfs:s0 tclass=file
avc: granted { read open } scontext=u:r:recovery:s0 tcontext=u:object_r:sysfs:s0 tclass=file
avc: granted { search } scontext=u:r:recovery:s0 tcontext=u:object_r:tmpfs:s0 tclass=dir

Fixes: 62619253
Test: policy builds, no more "granted" messages in dmesg for recovery.
Merged-In: I3f6d8ceee80307a01a8fd40cb4f8362a9825b1a3
Change-Id: I3f6d8ceee80307a01a8fd40cb4f8362a9825b1a3
(cherry picked from commit ea1d6e7d)

am: 6466092f

Change-Id: I856e01d9d06978dfcaf13fff078430cefbc7a9eb

am: 88e4be54

Change-Id: I064f2becfde44f300ddf9d36802972b35c54e152

When installd clears cached files on external storage, the sdcardfs
kernel filesystem needs to be kept in the loop to release any cached
dentries that it's holding onto.  (Otherwise the underlying disk
space isn't actually released.)

installd can already delete the underlying files directly (via the
media_rw_data_file rules), so this technically isn't expanding its
capabilities.

avc: granted { search } for name="/" dev="tmpfs" ino=6897 scontext=u:r:installd:s0 tcontext=u:object_r:tmpfs:s0 tclass=dir
avc: denied { open } for path="/mnt/runtime/default/emulated/0/Android/data" dev="sdcardfs" ino=589830 scontext=u:r:installd:s0 tcontext=u:object_r:sdcardfs:s0 tclass=dir permissive=1
avc: denied { write } for name="com.google.android.inputmethod.japanese" dev="sdcardfs" ino=590040 scontext=u:r:installd:s0 tcontext=u:object_r:sdcardfs:s0 tclass=dir permissive=0
avc: denied { remove_name } for name="cache_r.m" dev="sdcardfs" ino=589868 scontext=u:r:installd:s0 tcontext=u:object_r:sdcardfs:s0 tclass=dir permissive=0
avc: denied { getattr } for path="/mnt/runtime/default/emulated/0/Android/data/.nomedia" dev="sdcardfs" ino=589831 scontext=u:r:installd:s0 tcontext=u:object_r:sdcardfs:s0 tclass=file permissive=1

Test: cts-tradefed run commandAndExit cts-dev -m CtsAppSecurityHostTestCases -t android.appsecurity.cts.StorageHostTest
Bug: 37486230
Change-Id: Icfd00a9ba379b1f50c48fe85849304cf9859bcb2
(cherry picked from commit 72f4c619)

Logs show that only dumpstate requires access.

avc: granted { read open } for comm="screencap" path="/dev/ion"
dev="tmpfs" ino=14324 scontext=u:r:dumpstate:s0
tcontext=u:object_r:ion_device:s0 tclass=chr_file
avc: granted { ioctl } for comm="screencap" path="/dev/ion" dev="tmpfs"
ino=14324 ioctlcmd=4906 scontext=u:r:dumpstate:s0
tcontext=u:object_r:ion_device:s0 tclass=chr_file

Grant ion permission to dumpstate which uses it for screencap
feature.

Bug: 28760354
Test: build. Check logs.
Change-Id: I6435b7dbf7656669dac5dcfb205cf0aeda93991b

am: 4b7aa909

Change-Id: I222af35247d5fc4d99f2cdeca79f86cd0a815739

am: 685db0b2

Change-Id: I5c4ae29b9623ee04f0409c5f2e4da9fb325a430f

am: 9ce812fb

Change-Id: Ie71e8eb97e3ace63a230fcd70b81961d1a8f4884

am: e39d5c87

Change-Id: Ibdb49f80b11fca40f5c4de7a92780be26b3280eb

Merge "Allow only system_server to read uid_time_in_state" am: 439364d2 am: e96aad09 am: 3ce2c6f8
am: 2f0d0496

Change-Id: I0a3b2c00a083bebdf658cd3695d51ed7af21b1ca

am: 902dbafb

Change-Id: I2b0c214e4e6842c7e9eb56a28d014c814a9c8670

am: 3ce2c6f8

Change-Id: Ic54d118a477d1827952e1c54216ff01838d985d7

am: 1a1cefcc

Change-Id: I93ad1ad5f769f68c856e7a3cfcc0bcd8792633f2

am: e96aad09

Change-Id: I0742836c6b613afeab2dcf6d59c37dd9787dc91a

am: 2af7c84f

Change-Id: Id52f1fd3e79a0a36df42abca24c93b28b277c570

am: 439364d2

Change-Id: I726672b2e3379e2e53d3c6b26482147f11d06d8e

am: 056710b3

Change-Id: Id44e16b03b1b5398bb4fd73bc4950e5da8acd5b7

Logs indicate no usage of these permissions.

Bug: 28760354
Test: check logs.
Change-Id: I3d75aea6afd4e326f705274ab2790e5d0bbdb367