Bug: 26902605
Change-Id: Ica825cf2af74f5624cf4091544bd24bb5482dbe7
(cherry picked from commit 9c168711)

Remove from unpriv_socket_ioctls but grant each user of unpriv_socket_ioctls
use of unpriv_tty_ioctls

Bug: 26990688
Change-Id: I998e09091de5a7234ad0049758d5dad0b35722f7

RecoverySystemService is separated from PowerManagerService as a
dedicated system service to handle recovery related requests (such as
invoking uncrypt to uncrypt an OTA package on /data or to set up /
clear the bootloader control block (i.e. /misc) and etc).

The matching CL in frameworks/base is in:
  Change-Id: Ic606fcf5b31c54ce54f0ab12c1768fef0fa64560.

Bug: 26830925
Change-Id: Iee0583c458f784bfa422d0f7af5d1f2681d9609e
(cherry picked from commit 65b5fde9)

Bug: 26719109
Bug: 26563023

Change-Id: Ie0ca764467c874c061752cbbc73e1bacead9b995

Bug 25454162

Change-Id: I3cd299ce28bf6235605265c47762969851845b78

Bug: 27221797
Change-Id: Ie490eac5e7581ce21ca5377c3b46b48c647a335b

Bug: 26945055
Change-Id: I5745d02be9889f6a0e02de12bd8d8f2808de9ce0

Give dex2oat/patchoat link rights in /data/ota to produce a patched
image.

Give zygote rights to relabel links. Also give the zygote rights to
unlink, which is required when relabeling fails (to clean up the
dalvik-cache).

Bug: 25612095
Change-Id: I28bfb9cbeabe93b1f68ada9bcaf29f4f60028c2f

This is needed to kill sockets using the new SOCK_DESTROY
operation instead of using SIOCKILLADDR.

Bug: 26976388

(cherry picked from commit b38e2790)

Change-Id: Id80c6278f19f9fd20fe8d4fca72f84bff9249ed8

Part of media security hardening

This is an intermediate step toward moving
mediadrm to a new service separate from mediaserver.
This first step allows mediadrmservice to run based
on the system property media.mediadrmservice.enable
so it can be selectively enabled on devices that
support using native_handles for secure buffers.

bug: 22990512
Change-Id: I2208c1e87a6bd8d5bfaed06b1fdcb0509c11cff2

scheduling_policy_service is needed for high speed video recording.

Bug: 26982110
Change-Id: I377516c9d86d68e7024a67d04742baa841ff8907

Add rule to address dir search violation for video_device

bug:27115708
Change-Id: I14bad283af1ddda725e41d0100a09e6066519846

Access to proc is being removed but there are still some consumers.  Add
an auditallow to identify them and adjust labels appropriately before
removal.

Change-Id: I853b79bf0f22a71ea5c6c48641422c2daf247df5

Bug: 27065131
Change-Id: I15c058eb46981ea3e03eccb4da132055ecae7efb

Large numbers of denials have been collected.  Remove from logging until
further action is taken to address existing denials and remove sysfs
access from additional appdomains.

(cherry-pick from commit: 0b80f4dc)

Change-Id: I11b9b159702fb2d50d4352f9cd8b68503d07222a

Remove the .data=NULL assignments that were pushing the
static keymap mapping horizontal.

(cherry picked from commit 29adea51)

Change-Id: I2e6e78930ac8d1d8b9bd61d9dedb59f4859ea13c
Signed-off-by: William Roberts <william.c.roberts@intel.com>

Data type tracking is no longer needed now that per
key validation routines are supported.

(cherry picked from commit c92dae98)

Change-Id: I2f1d0d5b1713e0477996479b0f279a58f43f15c7
Signed-off-by: William Roberts <william.c.roberts@intel.com>

Input validation was hard-coded into a validation routine
that would check against type and key names in a scattered,
order dependent conditional code block.

This makes it harder than it should be to add new key value
pairs and types into checkseapp.

To correct this, we add a validation callback into the
static mapping. If the validation callback is set, the
existing validation routine will call this for input
validation. On failure, a validation specific error message
is returned to be displayed.

(cherry picked from commit 696a66ba)

Change-Id: I92cf1cdf4ddbcfae19168b621f47169a3cf551ac
Signed-off-by: William Roberts <william.c.roberts@intel.com>

Change the final error message to be consistent with the others.

From:
Error: reading /home/wcrobert/workspace/aosp/external/sepolicy/seapp_contexts, line 82, name domain, value system_server

To:
Error: Reading file: "/home/wcrobert/workspace/aosp/external/sepolicy/seapp_contexts" line: 82 name: "domain" value: "system_server"

(cherry picked from commit efebf97e)

Change-Id: Idf791d28fbba95fbeed8b9ccec9a296eea33afb9
Signed-off-by: William Roberts <william.c.roberts@intel.com>

(cherry picked from commit 25528cf4)

Change-Id: Ic4dc59650ca849b950cb145fedafdf4fc250f009
Signed-off-by: William Roberts <william.c.roberts@intel.com>

Address the following denial from 3rd party voice interaction test:
SELinux : avc:  denied  { find } for service=voiceinteraction pid=30281 uid=10139 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:voiceinteraction_service:s0 tclass=service_manager permissive=0

Bug: 27105570
Change-Id: Ib87d364673cbc883df017bcda7fe1e854a76654f

Remove all permissions not observed during testing.

Remove domain_deprecated.

Bug: 26982110
Change-Id: I33f1887c95bdf378c945319494378225b41db215

update_engine needs to access bootctrl_block_device to get and set the slot to boot.
avc: denied { write } for name="mmcblk0boot1" dev="tmpfs" ino=1266 scontext=u:r:update_engine:s0 tcontext=u:object_r:bootctrl_block_device:s0 tclass=blk_file
avc: denied { open } for path="/dev/block/mmcblk0boot1" dev="tmpfs" ino=1266 scontext=u:r:update_engine:s0 tcontext=u:object_r:bootctrl_block_device:s0 tclass=blk_file

Also track the name change of the native binder service.
avc:  denied  { add } for service=android.os.UpdateEngineService pid=210 uid=0 scontext=u:r:update_engine:s0 tcontext=u:object_r:default_android_service:s0 tclass=service_manager

Bug: 27106053
Change-Id: Idbfef18578489db33fead0721e8f26d63db5ce09
(cherry picked from commit 3ec34ceb)

The zygote is reponsible for moving ART A/B OTA artifacts over to
the regular dalvik-cache.

Bug: 25612095
Change-Id: I838d9ec6ee5a0f0af5f379a4696abda69cea51ca

Bug: 22775369

Change-Id: Ic6abe3d0e18ba6f7554d027e0ec05fd19011709b

untrusted_apps could be allowed to create/unlink files in world
accessible /data locations. These applications could create
files in a way that would need cap dac_override to remove from
the system when they are uninstalled and/or leave orphaned
data behind.

Keep untrusted_app file creation to sandbox, sdcard and media
locations.

Signed-off-by: William Roberts <william.c.roberts@intel.com>

(cherry picked from commit bd0768cc)

Change-Id: Ideb275f696606882d8a5d8fdedb48545a34de887