Bug: 62706738
Test: Check that uid_time_in_state can't be read from
the shell without root permissions and that
"dumpsys batterystats --checkin| grep ctf" shows frequency
data (system_server was able to read uid_time_in_state)

Signed-off-by: Andres Oportus <andresoportus@google.com>
Change-Id: Id0780f2464f17d49f06a7bf3158eae7363efb468

Move domain_deprecated into private policy am: 7c34e83f  -s ours am: 53d14822  -s ours am: 4266cc64  -s ours am: 0fe8577d  -s ours
am: 9c49f670  -s ours

Change-Id: I82a9f522b440b1bc3f3ed0b3971729bb0c852024

resolve merge conflicts of 83f8cde4 to stage-aosp-master am: d8d3b5b5 am: 85d7f96a am: 44a2b40c
am: d91c3c06

Change-Id: I360b906b7bf990b32a57737b866bbe98b6883df8

Move domain_deprecated into private policy am: 7c34e83f  -s ours am: 53d14822  -s ours am: 4266cc64  -s ours
am: 0fe8577d  -s ours

Change-Id: I1cd54b748742e0c03930d0a5757eda909db0fe86

am: 44a2b40c

Change-Id: Iba51ca4ad1ab868f9d5a1d4c091ae84cc5a0f84c

am: 4266cc64  -s ours

Change-Id: I41fa9a90f326cde5b552df80a08920de747e9dd3

am: 53d14822  -s ours

Change-Id: If09d826406d8599ee5f286b733059ceede8fa729

am: 85d7f96a

Change-Id: I9225f9ec28763ea8066aec6fedd51d9e542d630f

am: 7c34e83f  -s ours

Change-Id: I5d6653b22a44ef44475065aa076513f05fb31199

am: d8d3b5b5

Change-Id: Ie053a15d7dccc2aec667e186b22082df8029b6f9

Test: build
Change-Id: I8e69b125928c941f639f2a1776f197f353f7453b

This attribute is being actively removed from policy. Since
attributes are not being versioned, partners must not be able to
access and use this attribute. Move it from private and verify in
the logs that rild and tee are not using these permissions.

Bug: 38316109
Test: build and boot Marlin
Test: Verify that rild and tee are not being granted any of these
      permissions.
Merged-In: I31beeb5bdf3885195310b086c1af3432dc6a349b
Change-Id: I31beeb5bdf3885195310b086c1af3432dc6a349b
(cherry picked from commit 76aab82c)

The types need to be exported so userdebug system.img
can still build the policy with a user vendor.img at boot time.
All permissions and attributes for these types are still kept under
conditional userdebug_or_eng macro

Bug: 37433251
Test: Boot sailfish-user build with generic_arm64_ab system.img on
      sailfish and make sure sepolicy compilation succeeds

Change-Id: I98e8428c414546dfc74641700d4846edcf9355b1
Signed-off-by: Sandeep Patil <sspatil@google.com>
(cherry picked from commit 35e308cf)

domain_deprecate: remove system_data_file access am: 2b75437d am: 2cf7fba5 am: 4af76925 am: 9d3d5f6a
am: 5b71b064

Change-Id: I7ce58b290227425fdbe7492a9f2262090df49949

am: 9d3d5f6a

Change-Id: I402fb9f87360a19fb0d03e8a4b720e4f0d33e025

am: 4af76925

Change-Id: I39e47539c1a08372b7918316d3dc4365eb8ebfdd

am: 2cf7fba5

Change-Id: Id8a7e0fd6c2bc4b5fb10ed41ac65d241510755d8

am: 2b75437d

Change-Id: I0b90ed2e870640b6b7524207c2edfc8e5578fc6e

scontext=installd
avc: granted { getattr } for comm="Binder:1153_7" path="/data/user/0"
dev="sda13" ino=1097730 scontext=u:r:installd:s0
tcontext=u:object_r:system_data_file:s0 tclass=lnk_file

scontext=runas
avc: granted { getattr } for comm="run-as" path="/data/user/0"
dev="sda35" ino=942082 scontext=u:r:runas:s0
tcontext=u:object_r:system_data_file:s0 tclass=lnk_file

scontext=vold
avc: granted { getattr } for comm="vold" path="/data/data" dev="sda45"
ino=12 scontext=u:r:vold:s0 tcontext=u:object_r:system_data_file:s0
tclass=lnk_file
avc: granted { read } for comm="secdiscard"
name="3982c444973581d4.spblob" dev="sda45" ino=4620302
scontext=u:r:vold:s0 tcontext=u:object_r:system_data_file:s0
tclass=file

Bug: 28760354
Test: Build
Change-Id: Id16c43090675572af35f1ad9defd4c368abc906b

am: 026038aa

Change-Id: I9ada9e4104b6d7af923a6e692017da829ab99d6d

am: fde0e02a

Change-Id: I514bee79c66642a27d8948452dc0962224060ada

Allow mediacodec/mediaextractor to write to system_server pipes during
ANR dumps.

Addresses the following denials:
avc: denied { write } for comm="mediaextractor" path="pipe:[1177610]" dev="pipefs" ino=1177610 scontext=u:r:mediaextractor:s0 tcontext=u:r:system_server:s0 tclass=fifo_file permissive=0
avc: denied { write } for comm="omx@1.0-service" path="pipe:[1175808]" dev="pipefs" ino=1175808 scontext=u:r:mediacodec:s0 tcontext=u:r:system_server:s0 tclass=fifo_file permissive=0

Bug: http://b/63801592
Test: treehugger
Change-Id: I944b1fa76c70402607ccd903be17dbddeaa73201
(cherry picked from commit 3c9b9197)

crash_dump_fallback: allow writing to system_server pipes. am: 3c9b9197 am: 762a2b85 am: ba10fd49 am: 326ea221
am: a99f3f38

Change-Id: I8e1d6c3cc9086052a9dea14586d63dce20cd58c3

crash_dump_fallback: allow writing to system_server pipes. am: 3c9b9197 am: 762a2b85 am: ba10fd49
am: 326ea221

Change-Id: I47b31734469055ff453ec873b5ac9421d1c08555

am: ba10fd49

Change-Id: I095d29e9319e65c988aeed6a4e916b055857b511

am: 762a2b85

Change-Id: Ie2717178016018b63772e4490fc21e811effe0d8

am: 3c9b9197

Change-Id: If292e297a21af84c35131ed42c2a65658bec2ed9

Allow mediacodec/mediaextractor to write to system_server pipes during
ANR dumps.

Addresses the following denials:
avc: denied { write } for comm="mediaextractor" path="pipe:[1177610]" dev="pipefs" ino=1177610 scontext=u:r:mediaextractor:s0 tcontext=u:r:system_server:s0 tclass=fifo_file permissive=0
avc: denied { write } for comm="omx@1.0-service" path="pipe:[1175808]" dev="pipefs" ino=1175808 scontext=u:r:mediacodec:s0 tcontext=u:r:system_server:s0 tclass=fifo_file permissive=0

Bug: http://b/63801592
Test: treehugger
Change-Id: I944b1fa76c70402607ccd903be17dbddeaa73201

runas: grant access to seapp_contexts files am: dcec3ee9  -s ours am: 0da855ab  -s ours am: 18e75e3a  -s ours
am: faf0504a  -s ours

Change-Id: I8da56e4bda1a86b9631b5936378ad44f4036fec2

am: 18e75e3a  -s ours

Change-Id: I22ef22f0146170e03a02b72f668e62067ad448af

am: 0da855ab  -s ours

Change-Id: Ib03ffbf671ea4e48eb3e1f6fb0045c2bc33570dc

am: dcec3ee9  -s ours

Change-Id: Id04fb68971510d089e4fcd53fa24b77a1e9cd760

To be replaced by commit 1e149967
seapp_context: explicitly label all seapp context files

Test: build policy
Change-Id: I8d30bd1d50b9e4a55f878c25d134907d4458cf59
Merged-In: I0f0e937e56721d458e250d48ce62f80e3694900f

am: 3e6d842d

Change-Id: I42d9ebc6231932c6e5289ad2e9e4301c256f0036

am: 89f215e6

Change-Id: I6126315b398b2f66a5a7d9c98a8d9630c01314a7

Fixes:
neverallow hal_audio domain:{ tcp_socket udp_socket rawip_socket } *;
Warning!  Type or attribute hal_audio used in neverallow undefined in
policy being checked.

hal_audio_client is not used in neverallows and was mistakenly marked
as expandattribute false instead of hal_audio. Fix this.

Bug: 63809360
Test: build policy
Test: cts-tradefed run cts -m CtsSecurityHostTestCases -t \
    android.cts.security.SELinuxNeverallowRulesTest

    No more:
    Warning!  Type or attribute hal_audio used in neverallow
    undefined in policy being checked.

Change-Id: Iedf1b80f669f95537ed201cbdbb0626e7e32be81

Merge "allow system_server to write to cameraserver's /proc/<pid>/timerslack_ns" am: 9f8773b4 am: 00d28684 am: 8926a408
am: d526583f

Change-Id: Id375d476c919186402451edd32b7c119a41d0e35

Merge "allow system_server to write to cameraserver's /proc/<pid>/timerslack_ns" am: 9f8773b4 am: 00d28684
am: 8926a408

Change-Id: I88b8207da595bbae9d7791fc5b1446528b98f9b1