This is an experimental feature only on userdebug and eng build.

Test: play MP4 file. install & uninstall media update apk.
Bug: 67908547
Change-Id: I513cdbfda962f00079e886b7a42f9928e81f6474

so we can dlopen the libraries that are there

Test: build&run

Merged-Id: Ia1fa1fd65295cffe6c8a3d31db53bd3339a71855
Change-Id: Ia1fa1fd65295cffe6c8a3d31db53bd3339a71855

Mediaextractor should only be operating on data passed directly to it.
It shouldn't be attempting to open /data files on it's own.

Add a neverallow statement (compile time assertion + CTS test) to ensure
this is the case.

Bug: 67454004
Test: policy compiles. No runtime impact.
Change-Id: Ie94d4cb9aece7e72fbd13321f339dcf9d44d5d77

These denials are expected and the code has fallbacks to handle this
case.

Test: policy compiles.
Bug: 67454004
Change-Id: I787625494d0a7c9945318428b6fd3f668a8a2564

Bug: 37916906
Test: Builds 'n' boots.
Change-Id: Ia1d86264446ebecc1ca79f32f11354921bc77668
Merged-In: I208ec6a864127a059fb389417a9c6b259d7474cb

bug: 22804304

Change-Id: I7162905d698943d127aa52804396e4765498d028

Needed to allow lower power Play Music of downloaded files.

    05-24 10:12:49.331 24025 24025 W generic : type=1400
          audit(0.0:1259): avc: denied { read } for
          path="/data/data/com.google.android.music/files/music/925.mp3"
          dev="sda35" ino=2179256 scontext=u:r:mediaextractor:s0
          tcontext=u:object_r:app_data_file:s0:c512,c768 tclass=file
          permissive=0

Test: Play Music
Bug: 62059834

Change-Id: I97bdb1d175dba8f7a8ec6cd9084323cfcd3660bd

Permit mediaextractor its own file source for apk and ringtone files.

Previously we fall back to the mediaserver file source.
This does not affect behavior as the fallback works fine; however,
the log messages may cause confusion.

    [73402.683908] type=1400 audit(1491338955.878:121): avc: denied { read }
    for pid=18381 comm="generic"
    path="/data/system_de/0/ringtones/alarm_alert_cache" dev="sda35"
    ino=2490374 scontext=u:r:mediaextractor:s0
    tcontext=u:object_r:ringtone_file:s0 tclass=file permissive=0
    [73402.683932] type=1400 audit(1491338955.884:122): avc: denied { read }
    for pid=18383 comm="generic"
    path="/data/system_de/0/ringtones/ringtone_cache" dev="sda35"
    ino=2490376 scontext=u:r:mediaextractor:s0
    tcontext=u:object_r:ringtone_file:s0 tclass=file permissive=0

Test: Ringtone and CTS
Bug: 37500781

Change-Id: Ie6d8e6d2b7301d00957733f173aeebbe9d0d1998

W Binder:538_2: type=1400 audit(0.0:9): avc: denied { getattr } for path="/data/media/0/Qtc88.mp4" dev="dm-0" ino=678654 scontext=u:r:mediaextractor:s0 tcontext=u:object_r:media_rw_data_file:s0 tclass=file permissive=0

W generic : type=1400 audit(0.0:9): avc: denied { read } for path="/data/media/0/Qtc88.mp4" dev="dm-0" ino=678654 scontext=u:r:mediaextractor:s0 tcontext=u:object_r:media_rw_data_file:s0 tclass=file permissive=0

Test: Photos, Play Music, Play Movies, Youtube
Bug: 29125703
Change-Id: If84ab43b934944abf4c416db751ab6694835df83

Let mediacodec and mediaextractor talk directly to tombstoned to
generate tombstones/ANR traces.

Bug: http://b/35858739
Test: debuggerd -b `pidof media.codec`
Change-Id: I091be946d58907c5aa7a2fe23995597638adc896

Also allow media.extractor to use media.cas for descrambling.

bug: 22804304

Change-Id: Id283b31badecb11011211a776ba9ff5167a9019d

Better document the reasons behind the neverallow for tcp/udp sockets.

Test: policy compiles.
Change-Id: Iee386af3be6fc7495addc9300b5628d0fe61c8e9

Introduce the add_service() macro which wraps up add/find
permissions for the source domain with a neverallow preventing
others from adding it. Only a particular domain should
add a particular service.

Use the add_service() macro to automatically add a neverallow
that prevents other domains from adding the service.

mediadrmserver was adding services labeled mediaserver_service.
Drop the add permission as it should just need the find
permission.

Additionally, the macro adds the { add find } permission which
causes some existing neverallow's to assert. Adjust those
neverallow's so "self" can always find.

Test: compile and run on hikey and emulator. No new denials were
found, and all services, where applicable, seem to be running OK.

Change-Id: Ibbd2a5304edd5f8b877bc86852b0694732be993c
Signed-off-by: William Roberts <william.c.roberts@intel.com>

reflect the change from "mediaanalytics" to "mediametrics"

Also incorporates a broader access to the service -- e.g. anyone.
This reflects that a number of metrics submissions come from application
space and not only from our controlled, trusted media related processes.
The metrics service (in another commit) checks on the source of any
incoming metrics data and limits what is allowed from unprivileged
clients.

Bug: 34615027
Test: clean build, service running and accessible
Change-Id: I657c343ea1faed536c3ee1940f1e7a178e813a42

media framework analytics are gathered in a separate service.
define a context for this new service, allow various
media-related services and libraries to access this new service.

Bug: 30267133
Test: ran media CTS, watched for selinux denials.
Change-Id: I5aa5aaa5aa9e82465b8024f87ed32d6ba4db35ca

Divide policy into public and private components.  This is the first
step in splitting the policy creation for platform and non-platform
policies.  The policy in the public directory will be exported for use
in non-platform policy creation.  Backwards compatibility with it will
be achieved by converting the exported policy into attribute-based
policy when included as part of the non-platform policy and a mapping
file will be maintained to be included with the platform policy that
maps exported attributes of previous versions to the current platform
version.

Eventually we would like to create a clear interface between the
platform and non-platform device components so that the exported policy,
and the need for attributes is minimal.  For now, almost all types and
avrules are left in public.

Test: Tested by building policy and running on device.

Change-Id: Idef796c9ec169259787c3f9d8f423edf4ce27f8c

No "granted" messages for the removed permissions observed in three
months of log audits.

Bug: 28760354
Change-Id: I46b6b79b3a13108020114f3c3555adeac021b0a9

Grant permissions observed.

Bug: 28760354
Change-Id: Ie63cda709319bbf635ef7bffbba3477c2cccc11b

This reverts commit 9c820a11.

Bug: 31364540
Change-Id: I98a34bd32dd835e6795d31a90f16f4ccd691e6e5

This reverts commit 8486f4e6.

Bug: 31364540
Change-Id: I7dee039540864a3244ee6d9fbb200ef177c42465

(cherry picked from commit 8486f4e6)

Grant observed permissions

Addresses:
init
avc:  granted  { use } for  pid=1 comm="init" path="/sys/fs/selinux/null" dev="selinuxfs" ino=22 scontext=u:r:init:s0 tcontext=u:r:kernel:s0 tclass=fd

mediaextractor
avc: granted { getattr } for pid=582 comm="mediaextractor" path="/proc/meminfo" dev="proc" ino=4026535447 scontext=u:r:mediaextractor:s0 tcontext=u:object_r:proc_meminfo:s0 tclass=file
avc: granted { read } for pid=582 comm="mediaextractor" name="meminfo" dev="proc" ino=4026535447 scontext=u:r:mediaextractor:s0 tcontext=u:object_r:proc_meminfo:s0 tclass=file
avc: granted { read open } for pid=582 comm="mediaextractor" path="/proc/meminfo" dev="proc" ino=4026535447 scontext=u:r:mediaextractor:s0 tcontext=u:object_r:proc_meminfo:s0 tclass=file

uncrypt
avc: granted { getattr } for pid=6750 comm="uncrypt" path="/fstab.angler" dev="rootfs" ino=9809 scontext=u:r:uncrypt:s0 tcontext=u:object_r:rootfs:s0 tclass=file
avc: granted { read } for pid=6750 comm="uncrypt" name="fstab.angler" dev="rootfs" ino=9809 scontext=u:r:uncrypt:s0 tcontext=u:object_r:rootfs:s0 tclass=file
avc: granted { read open } for pid=6750 comm="uncrypt" path="/fstab.angler" dev="rootfs" ino=9809 scontext=u:r:uncrypt:s0 tcontext=u:object_r:rootfs:s0 tclass=file

Bug: 28760354
Change-Id: Ibd51473c55d957aa7375de60da67cdc6504802f9

Grant permissions observed.

(cherry picked from commit 9c820a11)

Merged-in: Ifdead51f873eb587556309c48fb84ff1542ae303
Bug: 28760354
Change-Id: Ifdead51f873eb587556309c48fb84ff1542ae303

Grant observed permissions

Addresses:
init
avc:  granted  { use } for  pid=1 comm="init" path="/sys/fs/selinux/null" dev="selinuxfs" ino=22 scontext=u:r:init:s0 tcontext=u:r:kernel:s0 tclass=fd

mediaextractor
avc: granted { getattr } for pid=582 comm="mediaextractor" path="/proc/meminfo" dev="proc" ino=4026535447 scontext=u:r:mediaextractor:s0 tcontext=u:object_r:proc_meminfo:s0 tclass=file
avc: granted { read } for pid=582 comm="mediaextractor" name="meminfo" dev="proc" ino=4026535447 scontext=u:r:mediaextractor:s0 tcontext=u:object_r:proc_meminfo:s0 tclass=file
avc: granted { read open } for pid=582 comm="mediaextractor" path="/proc/meminfo" dev="proc" ino=4026535447 scontext=u:r:mediaextractor:s0 tcontext=u:object_r:proc_meminfo:s0 tclass=file

uncrypt
avc: granted { getattr } for pid=6750 comm="uncrypt" path="/fstab.angler" dev="rootfs" ino=9809 scontext=u:r:uncrypt:s0 tcontext=u:object_r:rootfs:s0 tclass=file
avc: granted { read } for pid=6750 comm="uncrypt" name="fstab.angler" dev="rootfs" ino=9809 scontext=u:r:uncrypt:s0 tcontext=u:object_r:rootfs:s0 tclass=file
avc: granted { read open } for pid=6750 comm="uncrypt" path="/fstab.angler" dev="rootfs" ino=9809 scontext=u:r:uncrypt:s0 tcontext=u:object_r:rootfs:s0 tclass=file

Bug: 28760354
Change-Id: Ibd51473c55d957aa7375de60da67cdc6504802f9

Grant permissions observed.

Bug: 28760354
Change-Id: Ifdead51f873eb587556309c48fb84ff1542ae303

Bug: 28348382
Change-Id: Iaab1430750dfbb997900d3d70993c9fff2a8745d

Change-Id: I0cfc604676dc67701fdd5cdd1c143974d7200d07

Disallow access to all sockets other than unix_stream and unix_dgram

Change-Id: Ie8ff80db7051ce57e56ef0365a4873aacdd5b652

Change-Id: I6f07a36af3ff3cf5ba13322e1910b4455d2adbb7

Bug: 25433265
Change-Id: I6ad288fa25c61e3ac79f592d9a58e27a60f3d9cf

Change-Id: If761e0370bf9731a2856d0de2c6a6af1671143bd