* commit '9f8b5aac':
  Revert "Fix sepolicy-analyze libc++.so loading issue w/CTS."

* commit '0d3bf4be':
  Revert "Fix sepolicy-analyze libc++.so loading issue w/CTS."

This is causing more harm than good. We'll just make these all link
libc++ again and work out the CTS issues if they still exist.

Bug: 19778891

This reverts commit 3812cf58.

Change-Id: Iaea8f6acb147da4275633a760ccb32951db7f8b6

* commit '648a352a':
  Revert "Don't use address sanitizer for selinux tools."

* commit 'f0852340':
  Revert "Don't use address sanitizer for selinux tools."

This is causing more harm than good. We'll just make these all link
libc++ again (another revert) and work out the CTS issues if they still
exist.

Bug: 19778891

This reverts commit a5113a15.

Change-Id: I35a4c93dae4abb66e3525451d5ce01e33a540895

* commit '99707358':
  Don't use address sanitizer for selinux tools.

* commit 'a5113a15':
  Don't use address sanitizer for selinux tools.

Address sanitizer requires using libc++ (apparently). We removed
libc++ from these projects since they were C and the SDK/CTS was not
able to find libc++.

If we're interested in continuing to use ASAN on these tools
(probably), we should turn libc++ back on once we're sure CTS won't
die.

Bug: 19778891
Change-Id: I3c1913171a15396ead73277ec1186fead730f66d

* commit '3d9e31b5':
  Fix sepolicy-analyze libc++.so loading issue w/CTS.

* commit '3812cf58':
  Fix sepolicy-analyze libc++.so loading issue w/CTS.

Addresses the following error when running CTS on master:
junit.framework.AssertionFailedError: The following errors were encountered when validating the SELinuxneverallow rule:
neverallow { appdomain -bluetooth } self:capability *;
/tmp/SELinuxHostTest5593810182495331783.tmp: error while loading shared libraries: libc++.so: cannot open shared object file: No such file or directory

Also indicate that none of the sepolicy tools need c++ std lib.

Bug: 19617220

Change-Id: I713b3cbd1220655413d399c7cd2b0b50459a5485

Change-Id: I93a5410fdf3c26399d57f9568a48238968f61b3a

* commit '65384426':
  Allow shell to read /proc/pid/attr/current for ps -Z.

* commit 'd5892b4c':
  Allow shell to read /proc/pid/attr/current for ps -Z.

Needed since Iff1e601e1268d4d77f64788d733789a2d2cd18cc removed it
from appdomain.

Change-Id: I9fc08b525b9868f0fb703b99b0c0c17ca8b656f9
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

* commit '68cd16ba':
  Remove ability to read all /proc/pid/attr/current entries.

* commit '2cba1ee1':
  Remove ability to read all /proc/pid/attr/current entries.

This was rendered obsolete when SELinuxDomainTest was ported
to SELinuxHostTest and only makes sense if allowing search
to domain:dir and { open read } to domain:file in order to
open the /proc/pid/attr/current files in the first place.
SELinux applies a further :process getattr check when
reading any of the /proc/pid/attr/* files for any process
other than self, which is no longer needed by app domains to
pass CTS.

Change-Id: Iff1e601e1268d4d77f64788d733789a2d2cd18cc
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

* commit 'f836abef':
  neverallow su_exec:file execute

* commit '8bd13687':
  neverallow su_exec:file execute

Executing /system/xbin/su is only supported on userdebug builds
for a limited number of domains. On user builds, it should never
occur.

Add a compile time assertion (neverallow rule) that this is
always true.

Bug: 19647373
Change-Id: I231a438948ea2d47c1951207e117e0fb2728c532

* commit 'a5649f32':
  Revert "allow system_server to set kernel scheduling priority"

* commit '6ece49c3':
  Revert "allow system_server to set kernel scheduling priority"

Assigning mlstrustedsubject to untrusted_app would undermine
the per-user isolation model being enforced via levelFrom=user
in seapp_contexts and the mls constraints.  There is no direct
way to specify a neverallow on attribute assignment, but this
makes use of a particular property of the fork permission to
prevent ever adding mlstrustedsubject to untrusted_app.

A similar restriction for app_data_file and mlstrustedobject
is also important for the same reason, but cannot be expressed
as a neverallow.

Change-Id: I5170cadc55cc614aef0cd5f6491de8f69a4fa2a0
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

There were a few instances where allow rules were appended
after the neverallow rules stanza in the .te file.  Also
there were some regular allow rules inserted into the CTS-specific
rules section of app.te.  Just move the rules as appropriate.
Should be no change in policy.

Change-Id: Iec76f32d4b531d245bbf5dd9f621a71ff5c71f3e
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

* commit '9342d554':
  neverallow untrusted_app as a mlstrustedsubject.

* commit 'cccef6c0':
  Move allow rules before neverallow rules.

* commit 'eaece936':
  neverallow untrusted_app as a mlstrustedsubject.

* commit 'b8caf7fd':
  Move allow rules before neverallow rules.

Add an attribute command to sepolicy-analyze for displaying the list
of types associated with an attribute in a policy.  This is for use
by CTS to check what domains and types are associated with certain
attributes such as mlstrustedsubject and mlstrustedobject.

Change-Id: Ie19361c02feb1ad14ce36862c6aace9e66c422bb
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

* commit '7c0b328a':
  sepolicy-analyze:  Add attribute command.

Add selinux rules to allow file level encryption to work

Change-Id: I1e4bba23e99cf5b2624a7df843688fba6f3c3209

* commit '0233cd80':
  sepolicy-analyze:  Add attribute command.

* commit 'a39ff52a':
  Fix rules for general_property_contexts.

Failed to include base_rules.mk, so this target was not being built.

Change-Id: I2414fa6c3e3e37c74f63c205e3694d1a811c956e
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

* commit 'c9361731':
  Fix rules for general_property_contexts.