The app_* syntax was a legacy of the original approach of looking up
the username returned by getpwuid() and the original username encoding
scheme by bionic.  With the recent changes to move away from this approach,
there is no reason to retain that syntax.  Instead, just use _app to match
app UIDs and _isolated to match isolated service UIDs.  The underscore
prefix is to signify that these are not real usernames and to avoid
conflicts with any system usernames.

Requires a corresponding change to libselinux.

Change-Id: Ic388a12c1c9d3e47386c8849db607140ef8a3d75
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

Used when an app service is declared with android:isolatedProcess="true".
Place such processes in a separate domain, and further isolate them
from each other via categories.

Change-Id: I1d64f8278f0619eedb448f9a741f1d2c31985325
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

The policy version suffix support was carried over from conventional
Linux distributions, where we needed to support simultaneous installation
of multiple kernels and policies.  This isn't required for Android, so
get rid of it and thereby simplify the policy pathname.

We still default to generating a specific policy version (the highest
one supported by the emulator kernel), but this can be overridden
by setting POLICYVERS on the make command-line or in the environment.

Requires a corresponding change to libselinux.

Change-Id: I40c88e13e8063ea37c2b9ab5b3ff8b0aa595402a
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

* changes:
  Fix for segfault/jmp depends on unitialized variable
  Fix check_seapp segfault and undefined linking err

When realloc creates the first block of memory, it must
be initialized to NULL for the following strcat functions
to operate correctly.

Change-Id: I98fc14e1b19de5aa205354d16e54445293430d8e

When LINK_SEPOL_STATIC was not defined, symbol
log_warning was trying to be resolved by the linker.
That symbol was not defined as it should have been
log_warn and not log_warning.

When a key would be validated in key_map_validate(), an
unchecked key, like user, could cuase a segfault when
the se_key was getting free'd no matter what at the end
of the function, even if no se_key was alloc'd.

Change-Id: If334ba7350e6d2ad1fa9bed142bb2fabe7caa057

Change-Id: I87f81a632ed61f284f2fe09726f5c4529d36f252

Change-Id: If4deccfe740c8de6b88929a0d0439667c3ea340d

Change-Id: If3ed9998033378de5b47472315444f5b8bd4743e

Change-Id: I62ce62475f4a17d278243cc96db773872b2dc89c

Change-Id: I4f0576a47ca2e99bca719bf321349c7d7d05cd3c

Change-Id: I4f522869eeaa6f84771e4ee2328f65296dcc29db

Change-Id: I614caa520e218f8f148eef641fed2301571da8e1

Provides support for overriding seapp_contexts declerations
in per device seapp_contexts files.

Change-Id: I23a0ffa1d24f1ce57825b168f29a2e885d3e1c51

Initial policy for Point-to-Point tunneling and
tunneling manager services.

Change-Id: Ia292607cbd06514a8ac3b0ad49eaefcdce12ef16

This patchset covers the /mnt/asec variety only.

This was moved from external/mac-policy.git