Per https://android-review.googlesource.com/185392 , ctl.* properties
are not represented as files in the filesystem. So there's no need
to grant read access to them, since it's pointless.

Remove core_property_type from these properties, which has the net
effect of removing read access to these non-existent files.

Change-Id: Ic1ca574668a3511c335a7036a2bb7993ff02c1e3

Instead of allowing global read access to all properties,
only allow read access to the properties which are part of
core SELinux policy. Device-specific policies are no longer
readable by default and need to be granted in device-specific
policy.

Grant read-access to any property where the person has write
access. In most cases, anyone who wants to write a property
needs read access to that property.

Change-Id: I2bd24583067b79f31b3bb0940b4c07fc33d09918

This reverts commit 2ea23a6e.

Change-Id: I5e9efa56d74ab22030611cab515e050e0bb77aca

am: e8b176ed

* commit 'e8b176ed':
  Allow update_verifier to access bootctrl_block_device.

am: 71fd337f

* commit '71fd337f':
  Change /dev/ion from read-only to read-write

Even though /dev/ion can allocate memory when opened in read-only mode,
some processes seem to unnecessarily open it in read-write mode.
This doesn't seem to be harmful, and was originally allowed in
domain_deprecated. Re-allow it.

Bug: 25965160
Change-Id: Icaf948be89a8f2805e9b6a22633fa05b69988e4f

am: 9a3d490e

* commit '9a3d490e':
  Migrate to upstream policy version 30

am: 99c78bf2

* commit '99c78bf2':
  shell.te: Restore /proc/net access

Grant untrusted_app and isolated_app unpriv_sock_perms, neverallow
priv_sock_perms to disallow access to MAC address and ESSID.

Change-Id: Idac3b657a153e7d7fdc647ff34b876a325d759b3

The removal of domain_deprecated from the shell user in
https://android-review.googlesource.com/184260 removed /proc/net access.
Restore it.

Bug: 26075092
Change-Id: Iac21a1ec4b9e769c068bfdcdeeef8a7dbc93c593

Bug: 26039641
Change-Id: Ifd96b105f054b67f881529db3fe94718cab4a0f4

am: 44826cb5

* commit '44826cb5':
  Add initial debugfs labeling support and label /sys/kernel/debug/tracing/trace_marker

Add initial support for labeling files on /sys/kernel/debug.
The kernel support was added in https://android-review.googlesource.com/122130
but the userspace portion of the change was never completed until now.

Start labeling the file /sys/kernel/debug/tracing/trace_marker . This
is the trace_marker file, which is written to by almost all processes
in Android. Allow global write access to this file.

This change should be submitted at the same time as the system/core
commit with the same Change-Id as this patch.

Change-Id: Id1d6a9ad6d0759d6de839458890e8cb24685db6d

am: 5e8402df

* commit '5e8402df':
  adbd: allow ddms screen capture to work again

The removal of domain_deprecated broke ddms screen capturing
functionality.

Steps to reproduce:

1) Run "ddms"
2) Select your device
3) Go to the Device > Screen Capture menu
4) Attempt to take a screenshot

Addresses the following denials:

  avc: denied { read } for pid=2728 comm="screencap" name="ion" dev="tmpfs" ino=7255 scontext=u:r:adbd:s0 tcontext=u:object_r:ion_device:s0 tclass=chr_file permissive=1
  avc: denied { open } for pid=2728 comm="screencap" name="ion" dev="tmpfs" ino=7255 scontext=u:r:adbd:s0 tcontext=u:object_r:ion_device:s0 tclass=chr_file permissive=1
  avc: denied { ioctl } for pid=2728 comm="screencap" path="/dev/ion" dev="tmpfs" ino=7255 ioctlcmd=4905 scontext=u:r:adbd:s0 tcontext=u:object_r:ion_device:s0 tclass=chr_file permissive=1
  avc: denied { read } for pid=5261 comm="screencap" name="egl" dev="dm-1" ino=210 scontext=u:r:adbd:s0 tcontext=u:object_r:system_file:s0 tclass=dir permissive=0
  avc: denied { read } for pid=5261 comm="screencap" name="egl" dev="dm-1" ino=210 scontext=u:r:adbd:s0 tcontext=u:object_r:system_file:s0 tclass=dir permissive=0

Bug: 26023462
Change-Id: Ie77c65900de56756d5c9b99dcda1e20664151ed2

am: b899f4fc

* commit 'b899f4fc':
  adbd: allow "adb pull /sdcard/"

The removal of domain_deprecated broke the ability for adbd to
pull files from /sdcard. Re-allow it.

Addresses the following denials:

  avc: denied { search } for pid=2753 comm=73657276696365203530 name="/" dev="tmpfs" ino=6242 scontext=u:r:adbd:s0 tcontext=u:object_r:tmpfs:s0 tclass=dir permissive=0
  avc: denied { getattr } for pid=2755 comm=73657276696365203431 path="/sdcard" dev="rootfs" ino=5472 scontext=u:r:adbd:s0 tcontext=u:object_r:rootfs:s0 tclass=lnk_file permissive=0

Change-Id: I70257933f554abd008932c7f122dd0151f464b05

am: 83fd8a54

* commit '83fd8a54':
  Increase communication surface between dumpstate and Shell:

- Add a new 'dumpstate' context for system properties. This context
  will be used to share state between dumpstate and Shell. For example,
  as dumpstate progresses, it will update a system property, which Shell
  will use to display the progress in the UI as a system
  notification. The user could also rename the bugreport file, in which
  case Shell would use another system property to communicate such
  change to dumpstate.
- Allow Shell to call 'ctl.bugreport stop' so the same system
  notification can be used to stop dumpstate.

BUG: 25794470

Change-Id: I74b80bda07292a91358f2eea9eb8444caabc5895

am: f6a0b144

* commit 'f6a0b144':
  rild: Remove toolbox_exec perms

am: 29b9532a

* commit '29b9532a':
  shell.te: Allow read access to system_file

Certain tests depend on the ability to examine directories
in /system. Allow it to the shell user.

Addresses the following denials:

  avc: denied { read } for name="egl" dev="dm-1" ino=104 scontext=u:r:shell:s0 tcontext=u:object_r:system_file:s0 tclass=dir permissive=0

Bug: 26020967
Bug: 26023420
Change-Id: I509d921e159e99164c85fae9e8b2982a47573d14

Confirmed via audit logs that it is not required.

Change-Id: I01d4b7ec15d4c852a9f28daf0b40ab4bce930125

am: 98c3f997

* commit '98c3f997':
  Further restrict access to tun_device

Remove bluetooth's access to tun_device. Auditallow rule demonstrates
that it's not used.

Strengthen the neverallow on opening tun_device to include all Apps.

Bug: 24744295
Change-Id: Iba85ba016b1e24c6c12d5b33e46fe8232908aac1

am: 6fa6bdb6

* commit '6fa6bdb6':
  Support fine grain read access control for properties

Properties are now broken up from a single /dev/__properties__ file into
multiple files, one per property label.  This commit provides the
mechanism to control read access to each of these files and therefore
sets of properties.

This allows full access for all domains to each of these new property
files to match the current permissions of /dev/__properties__.  Future
commits will restrict the access.

Bug: 21852512

Change-Id: Ie9e43968acc7ac3b88e354a0bdfac75b8a710094

am: ad22e867

* commit 'ad22e867':
  shell.te: allow pulling the currently running SELinux policy

Allow pulling the currently running SELinux policy for CTS.

Change-Id: I82ec03724a8e5773b3b693c4f39cc7b5c3ae4516

am: 1d58b2fd

* commit '1d58b2fd':
  Allow priv_apps to stat files on the system partition

Allows safetynet to scan the system partition which is made up of
files labeled system_file (already allowed) and/or files with the
exec_type attribute.

Bug: 25821333
Change-Id: I9c1c9c11bc568138aa115ba83238ce7475fbc5e4

am: a0757c4d

* commit 'a0757c4d':
  bootanim: Remove domain_deprecated

Remove domain_deprecated from bootanim. This removes some unnecessarily
permissive rules.

As part of this, re-allow access to cgroups, proc and sysfs, removed as
a result of removing domain_deprecated.

Bug: 25433265
Change-Id: I58658712666c719c8f5a39fe2076c4f6d166616c