Bug: 63669128
Test: Checked for avc denail messages.
Change-Id: I057b3cf9ccc945cb943b9cf60fc9cd6c023eddda
Merged-In: I057b3cf9ccc945cb943b9cf60fc9cd6c023eddda

Bug: 70846424
Test: neverallow not tripped
Change-Id: I9e351ee906162a594930b5ab300facb5fe807f13

Test: charger mode correctly shuts off when unplugged

Change-Id: I06a7ffad67beb9f6d9642c4f53c35067b0dc2b3d
Fixes: 71328882

Bug: 72154054
Test: tested with walleye
Change-Id: I35271c6044946c4ec639409c914d54247cfb9f79

Bug: 65643247
Test: builds, the change doesn't affect runtime behavior.

Change-Id: I621a8006db7074f124cb16a12662c768bb31e465

avc: denied { read } scontext=u:r:priv_app:s0:c512,c768
tcontext=u:object_r:proc_version:s0 tclass=file
avc: denied { read } scontext=u:r:priv_app:s0:c512,c768
tcontext=u:object_r:wifi_prop:s0 tclass=file
avc: denied { read } scontext=u:r:priv_app:s0:c512,c768
tcontext=u:object_r:net_dns_prop:s0 tclass=file

Bug: 72151306
Test: build
Change-Id: I4b658ccd128746356f635ca7955385a89609eea1

Since /odm is an extension of /vendor, its default property contexts
should be consistent with ones of /vendor.

Bug: 36796459
Test: tested on wahoo devices
Change-Id: Ia67ebe81e9c7102aab35a34f14738ed9a24811d3

Add a new set of sepolicy for the process that only netd use to load
and run ebpf programs. It is the only process that can load eBPF
programs into the kernel and is only used to do that. Add some
neverallow rules regarding which processes have access to bpf objects.

Test: program successfully loaded and pinned at sys/fs/bpf after device
boot. No selinux violation for bpfloader
Bug: 30950746

Change-Id: Ia6bb1afda29ae0749bdc368e2dfc5faa12e81b2f

CpuFrequency.java seems to be the only thing that depends on
/sys/devices/system/cpu in system_server. And according to
b/68988722#comment15, that dependency is not exercised.

Bug: 68988722
Test: walleye boots without denials to sysfs_devices_system_cpu
Change-Id: If777b716bf74188581327b7f5aa709f5d88aad2d

Bug: 62041836
Test: sailfish sepolicy builds

Change-Id: Iad865fea852ab134dd848688e8870bc71f99788d

Test: adb bugreport
Bug: 71483452
Change-Id: Ibd98702c1f757f17ada61a906ae4e0ec750aac79

There is a race condition between when /data is mounted
and when processes attempt to access it. Attempting to access
/data before it's mounted causes an selinux denial. Attribute
these denials to a bug.

07-04 23:48:53.646   503   503 I auditd  : type=1400 audit(0.0:7): avc:
denied { search } for comm="surfaceflinger" name="/" dev="sda35" ino=2
scontext=u:r:surfaceflinger:s0 tcontext=u:object_r:unlabeled:s0
tclass=dir permissive=0
07-15 17:41:18.100   582   582 I auditd  : type=1400 audit(0.0:4): avc:
denied { search } for comm="BootAnimation" name="/" dev="sda35" ino=2
scontext=u:r:bootanim:s0 tcontext=u:object_r:unlabeled:s0 tclass=dir
permissive=0

Bug: 68864350
Test: build
Change-Id: I07f751d54b854bdc72f3e5166442a5e21b3a9bf5

Bug: 68388678
Test: storaged-unit-tests
Change-Id: Iea1ba0131a389dc4396ff3ebe2cdf68dbd688c8a

Duplicate property names are supported now for prefix and exact
matching.

Bug: 38146102
Test: tested on walleye with PRODUCT_COMPATIBLE_PROPERTY=true
Change-Id: Ifd9d32eaece7370d69f121e88d5541f7a2e34458

The NeuralNetworks runtime is a library that communicates with
NeuralNetworks HIDL services and is linked by applications. To enable
the NN runtime to use these services, applications must have explicit
sepolicy permissions to find the NN services and communicate across
binder.

This CL relaxes neverallow rules for hal_neuralnetworks_*.

Because it is affecting pre-existing neverallow rules, this CL requires
a CTS rebuild.

Bug: 70340780
Test: mm
Test: ran neuralnetworks vts and cts binaries
Change-Id: I84f73ac77486681f91d1f8687268c0fa22a7ba0b
(cherry picked from commit 598870bebc4bb34542df81799b46f3cdcfb6723b)

Test: adb shell /vendor/bin/sh
Fixes: 65448858
Change-Id: Ic2c9fa9b7e5bed3e1532f4e545f54a857ea99fc6

We use this attribute to annotate coredomains that execute vendor code
in a Treble-violating way.

Bug: 62041836
Test: sepolicy builds
Change-Id: Ie6052209b3901eaad8496b8fc9681421d7ee3c1c

This gives the privilege to system apps, platform apps,
ephemeral apps, and privileged apps to receive a
UDP socket from the system server. This is being added
for supporting UDP Encapsulation sockets for IPsec, which
must be provided by the system.

This is an analogous change to a previous change that
permitted these sockets for untrusted_apps:
0f75a62e

Bug: 70389346
Test: IpSecManagerTest, System app verified with SL4A
Change-Id: Iec07e97012e0eab92a95fae9818f80f183325c31

Give rights to call dropbox via binder.

Test: m
Test: manual
Change-Id: I968c432a27bc8fbe677a2dd03671908d555f9df6

This patch adds a flag that can be used to ignore neverallow rules.
By adding
SELINUX_IGNORE_NEVERALLOWS := true
into the BoardConfig.mk file, neverallow violations will be ignored
silently.  This flag can only be enabled on userdebug and eng builds.

Users of this flag should be very careful.  Since it does not work on
user builds, it must be disabled to pass CTS, and enabling it for
too long could hide issues that need to be addressed.

As a happy side effect, this patch should also improve the error
messages when violating a neverallow rules.  Specifically, the file
and line number should be correct.

Bug: 70950899
Bug: 33960443
Test: Built walleye-{user,eng} with and without this new option and
a neverallow violation.  Built policy for all targets.

Change-Id: Id0d65123cdd230d6b90faa6bb460d544054bb906

Label /vendor/etc/selinux/* as vendor_configs_file.

Bug: 62041836
Test: build system/sepolicy
Test: walleye boots
Change-Id: I617a3287860e965c282e9e82b4375ea68dbca785

Bug: 71861796
Test: no more denials on walleye for shell init scripts
Change-Id: I51eab267c95a915f927b0aaa7db9d678a83093c7