am: 457c08cc

Change-Id: I96e26eb2f86bc3df8e482c677cdbb6e655652c16

am: 25d4a090

Change-Id: I4e9bd171ca88b955d3ae2a7217336a9fa2b103fe

am: 881fe06f

Change-Id: I0868a42de485ac8d94c19f1d6082d12928ed8047

am: 7a463809

Change-Id: Iba80938afccd21f0c3b69626223b35c672358e77

am: f27bba93

Change-Id: I9ec52f2d781223997f84d889b8635ee640e4a7e8

Android uses hidepid=2 to restrict visibility to other /proc entries on
the system. This helps preserve user, application, and system
confidentiality by preventing unauthorized access to application metadata,
and addresses attacks such as
http://www.cs.ucr.edu/~zhiyunq/pub/sec14_android_activity_inference.pdf

Ensure the SELinux (weaker) equivalent is being enforced by adding
neverallow compile time assertions.

TODO: The "shell" user runs as both an Android application, as well as
spawned via adb shell. This was a mistake. We should separate out the
"shell" Android app into it's own SELinux domain. For now, exclude the
shell from this assertion. (The shell Android app is covered by
hidepid=2, so there's no leaking of data, but still, it's over
privileged today and should be cleaned up.

Bug: 23310674
Test: policy compiles. Compile time assertion only.
Change-Id: I0e1a6506b2719aabf7eb8127f046c4ada947ba90

Only seeing this denial in permissive:
allow shell screencap_exec:file getattr;

Bug: 37565047
Test: adb shell screencap w/o root
Test: cts-tradefed run cts-dev --module CtsAadbHostTestCases
Change-Id: I9f31d2067e002e7042646ee38dbfc06687481ac7

am: 7f7c3b82

Change-Id: I8875662b9eeebbf6a10a707da587ccf089926e0a

Add support to the treble_sepolicy_tests suite that explicitly look at
the old and current policy versions, as well as the compatibility file,
to determine if any new types have been added without a compatibility
entry.  This first test catches the most common and likely changes that
could change the type label of an object for which vendor policy may have
needed access.  It also should prove the basis for additional compatibility
checks between old and new policies.

Bug: 36899958
Test: Policy builds and tests pass.
Change-Id: I609c913e6354eb10a04cc1a029ddd9fa0e592a4c

am: aaa94fa9

Change-Id: Ic0242058430331648f447b5793c395748df2f163

Commit: 2490f1ad meant to add
thermalserviced_tmpfs to the new_object list in the mapping file,
but copy-paste error resulted in thermalserviced_exec_tmpfs being
recorded instead.  Fix this.

(cherry-pick of commit: fbacc656)

Bug: 62573845
Test: None. prebuilt change.
Change-Id: Iab4eaef04742187d6397a539aae854651caa9935

am: 0e4e784c

Change-Id: Ibebe94034ae63e2d214475cd7df63bd2f005e7f1

am: e772a5cf

Change-Id: I97c7e988391dfe173fc05c9600afd0e75d5a267a

am: e9b2def7

Change-Id: If3400aa667f70e0567f4bc43a887fb52357657fd

A new API [getNamesForUids] was recently added to the PackageManager
and this API needs to be accessible to native code. However, there
were two constraints:
1) Instead of hand-rolling the binder, we wanted to auto generate
the bindings directly from the AIDL compiler.
2) We didn't want to expose/annotate all 180+ PackageManager APIs
when only a single API is needed.
So, we chose to create a parallel API that can be used explicitly
for native bindings without exposing the entirety of the
PackageManager.

Bug: 62805090
Test: Manual
Test: Create a native application that calls into the new service
Test: See the call works and data and returned
Change-Id: I0d469854eeddfa1a4fd04b5c53b7a71ba3ab1f41

Commit: ec3b6b7e added a new daemon
and corresponding types to sepolicy.  The explicitly declared types
were added to 26.0.ignore.cil to reflect the labeling of new objects,
but another type, thermalserviced_tmpfs was created by macro and was
missed in code review.  Add it as well.

Bug: 62573845
Test: None. prebuilt change.
Change-Id: Ia8968448eea0be889911f46fe255f581659eb548
(cherry picked from commit 2490f1ad)

Add sepolicy for thermalserviced daemon, IThermalService binder
service, IThermalCallback hwservice, and Thermal HAL revision 1.1.

Test: manual: marlin with modified thermal-engine.conf
Bug: 30982366
Change-Id: I207fa0f922a4e658338af91dea28c497781e8fe9
(cherry picked from commit ec3b6b7e)

am: 420be61f

Change-Id: Id550a228fbe37bb4967c06112a58276d2c225e8e

am: 50e798e0

Change-Id: Ic0da09bd0b819c612e53a06bb6d4e85e51f8fcde

* changes:
  Fix CoredomainViolators typo and clean up test option parsing.
  Record hal_wifi_offload_hwservice type for compatibility.

am: 79ebc8aa

Change-Id: If7ffca9680ecbd6ded5e479d88b4dae560f26065

am: 20ad01ed

Change-Id: Id37b20e463c26e603f950a5439db221cc08b6e9a

am: 508db351

Change-Id: I123d86d49b0f17d74d7108f101720101254ea810

am: 4b547a15

Change-Id: Id5b85ec29220cdbc15aab72ddf4dfbd2d4ef2fc7

Fix the following warnings:

system/sepolicy/tools/sepolicy-analyze/neverallow.c:346:9: warning:
Potential leak of memory pointed to by '__s1'
system/sepolicy/tools/sepolicy-analyze/neverallow.c:346:9: warning:
Potential leak of memory pointed to by 'id'
system/sepolicy/tools/sepolicy-analyze/neverallow.c:364:13: warning:
Potential leak of memory pointed to by 'classperms'
system/sepolicy/tools/sepolicy-analyze/neverallow.c:364:13: warning:
Potential leak of memory pointed to by 'node'

Bug: b/27101951
Test:Warnings are gone.
Change-Id: Ib9b2e0b9f19950b4b764d438ee58340e6c022ef5

am: 062b7736

Change-Id: Ic191ef4fafc87529857b1fae90b8609dfa5944d2

am: b057d62e

Change-Id: Ibfcf81f40d7bf50ba8dfb6c9f49f3ae159e4bc20

am: 61d9aaf9

Change-Id: Id4a7b604e7525c5cf78e2bc6788284126fab8f3c

am: 7ceea484

Change-Id: I82200626ae6a84728ce202e8f2ba829b4f3dc889

am: 3e1a8911

Change-Id: I10391f7ee62a151bd09b83fe4522a057aa8ddbfb

am: 0393dafd

Change-Id: Ida00cdf24a809888233ede97a83d42ed5c1a8574

am: 0393dafd

Change-Id: Ib8773a6973da28cfa161fbe34f701c191cab6f80

am: df964950

Change-Id: I5e793a78ad471b27fdc0bb88596ab23f6ac43dc4

type=1400 audit(1501520483.066:14): avc: denied { write } for pid=3330
comm=4173796E635461736B202331 name="property_service" dev="tmpfs"
ino=10749 scontext=u:r:nfc:s0 tcontext=u:object_r:property_socket:s0
tclass=sock_file permissive=0

Test: No sepolicy denials
Bug: 64010793
Change-Id: I8d73e8e19cd4d0a8c61f1f184820c53e5cc2b6d6
(cherry picked from commit df964950)

am: 079a98b8

Change-Id: Iff8db1f3c51c83a86408634e43505f29b337d391

am: 0785a72c

Change-Id: I250ef72980dd7cb6b471abfe4bbe61ae9b199680