Adds per-app categories to untrusted app domains and their
app data types. Per-app categories are in addition to the
existing per-user categories.

Apps targeting sdk version 28+ will now have the following
characteristics:
Domain: u:r:untrusted_app:s0:c[0-9]+,c[0-9]+,c[0-9],c[0-9]
Data context: u:object_r:app_data_file:s0:c[0-9]+,c[0-9]+,c[0-9],c[0-9]

Whereas apps targeting 27- will look like:
Domain: u:r:untrusted_app_27:s0:c[0-9]+,c[0-9]+
Data context: u:object_r:app_data_file:s0:c[0-9]+,c[0-9]+

To ensure backwards compatibility with previous SDK versions,
the levelFrom=all now enforces categories by dominance instead of
equality. Apps with per-app and per-user categories will continue
to have selinux permissions (but not necessarily unix permissions)
to access app data with only per-user categories, but apps with only
per-user categories will not be able to access the data of apps with
both per-app and per-user categories.

Bug: 63897054
Test: Boot sailfish, run apps, verify no new selinux denials.
Test: cts-tradefed run cts -m CtsSelinuxTargetSdkCurrentTestCases
Test: cts-tradefed run cts -m CtsSelinuxTargetSdk27TestCases
Test: cts-tradefed run cts -m CtsSelinuxTargetSdk25TestCases
Test: adb sideload an OTA and verify that files are correctly labeled.
Change-Id: I64b013874fe87b55f47e817a1279e76ecf86b7c0

am: 1316d5a5

Change-Id: I80994ace09a7f3a3e455733737cc0c00d01c500a

am: 51ba2a75

Change-Id: Iede82b0125cc17df554a3a263d2e9d15d5444965

am: 97753529

Change-Id: I3909035ef1ef9b94049b9cb35066b5a0f19289e9

am: a1633f9d

Change-Id: Ic6d96559c0678c2a17c953a385c0c7c5fbadf86d

am: 1740ddb5

Change-Id: Ic0315c8b659fc226c75f67a3910c2b3efabc1a92

Merge "Improve neverallow error messages and allow disabling them on userdebug builds." am: 0432e19f am: 1128a4e5
am: 7fefed13

Change-Id: I33cad07e844a406af69e934dff7a7b9f2dfc5236

am: bf7d3284

Change-Id: Ia7d99d5c945309f612a53dbc5bab25be7c5ff772

am: ba6cd7b1

Change-Id: I8bbf4dcff1f60df976da404500c9ccf377ea7d65

Merge "Improve neverallow error messages and allow disabling them on userdebug builds." am: 0432e19f
am: 1128a4e5

Change-Id: Id368d7cb6cdbd9a6169b8e10472e82f887bf6788

am: 8fe0a12f

Change-Id: Ic601afe6feddf4c083a004e739d122f78633d0b0

am: 0432e19f

Change-Id: I3714ae2b44086bfaddb89819039b6c8cc575e536

am: 00ab5d86

Change-Id: Ia2db656580086c542a2dd96cbd725686063bcb26

Test: adb shell /vendor/bin/sh
Fixes: 65448858
Change-Id: Ic2c9fa9b7e5bed3e1532f4e545f54a857ea99fc6

We use this attribute to annotate coredomains that execute vendor code
in a Treble-violating way.

Bug: 62041836
Test: sepolicy builds
Change-Id: Ie6052209b3901eaad8496b8fc9681421d7ee3c1c

am: 825a11cd

Change-Id: I20aa80253428760c21129ffde38aac06b935c73a

am: 0003e3d5

Change-Id: I9b40bf692885a09c7303ae22ba765a0098660e18

am: ee268643

Change-Id: I69408d68b23c241e396e303f7b68f34c4f6fb832

This gives the privilege to system apps, platform apps,
ephemeral apps, and privileged apps to receive a
UDP socket from the system server. This is being added
for supporting UDP Encapsulation sockets for IPsec, which
must be provided by the system.

This is an analogous change to a previous change that
permitted these sockets for untrusted_apps:
0f75a62e

Bug: 70389346
Test: IpSecManagerTest, System app verified with SL4A
Change-Id: Iec07e97012e0eab92a95fae9818f80f183325c31

This reverts commit 07dd2c9e.

Reason for revert: albacore build broken

Change-Id: I551b1d8c008f01fb815e42b59d397feb9672b8e6

This patch adds a flag that can be used to ignore neverallow rules.
By adding
SELINUX_IGNORE_NEVERALLOWS := true
into the BoardConfig.mk file, neverallow violations will be ignored
silently.  This flag can only be enabled on userdebug and eng builds.

Users of this flag should be very careful.  Since it does not work on
user builds, it must be disabled to pass CTS, and enabling it for
too long could hide issues that need to be addressed.

As a happy side effect, this patch should also improve the error
messages when violating a neverallow rules.  Specifically, the file
and line number should be correct.

Bug: 70950899
Bug: 33960443
Test: Built walleye-{user,eng} with and without this new option and
a neverallow violation.  Built policy for all targets.

Change-Id: Id0d65123cdd230d6b90faa6bb460d544054bb906

am: 7b271ce4

Change-Id: I01c4b4e966eae6e15f05997c2f1404db70df6f92

am: 9cb71cc9

Change-Id: Ia2337645bebf20575a391d6abd2b5b70659f1787

Label /vendor/etc/selinux/* as vendor_configs_file.

Bug: 62041836
Test: build system/sepolicy
Test: walleye boots
Change-Id: I617a3287860e965c282e9e82b4375ea68dbca785

am: 1d2c3f44

Change-Id: Ic874243cb997d588df01d5099d3c25f14ffd2119

am: 4e15697e  -s ours

Change-Id: I143328c403bb48fa08560bb6b851e312ed1e48f8

am: 145d2d11

Change-Id: I52cd2febe6aaac3a9c65e94f1ee4d0d56513b4d1

am: 193b1ab3

Change-Id: Iee7632fde0be5301347d6f7e41d3b81c5de37c85

Bug: 71861796
Test: no more denials on walleye for shell init scripts
Change-Id: I51eab267c95a915f927b0aaa7db9d678a83093c7

am: 2beb8915

Change-Id: Idfe7ef49572476508ef52391f221029d662ffad8

am: 02dbf4e0

Change-Id: I4977f4c114c304d8a84c081f963644c3b3e4019d

am: 43303c8b

Change-Id: I5e085251c1ccfd8206e421c9b0276a2add385171

Bug: 38206971
Test: test on phone
Change-Id: Id34ab2673c7a16744fba77eb5c176e2e8b474299
Merged-In: Id34ab2673c7a16744fba77eb5c176e2e8b474299