am: b28ef526

Change-Id: I6b327525171e96f110df56156455ef6cdd296fb7

Renderscript drivers are loaded from /vendor/lib64 by following the
/system/vendor symlink. This change fixes a couple of things.
- Allows all domains access to follow the symlink
- Restores app domain permissions for /vendor for non-treble devices
- Allow app domains to peek into /vendor/lib64, but NOT grant 'execute'
  permissions for everything. Since RS drivers can be loaded into any
  process, their vendor implementation and dependencies have been
  marked as 'same process HALs' already.

Bug: 37169158
Test: Tested on sailfish (Treble) & Angler (non-treble)
      ./cts-tradefed run cts -m CtsRenderscriptTestCases \
      --skip-device-info --skip-preconditions --skip-connectivity-check \
      --abi arm64-v8a
      Result: Tests Passed: 743 Tests Failed: 0

Change-Id: I36f5523381428629126fc196f615063fc7a50b8e
Signed-off-by: Sandeep Patil <sspatil@google.com>

am: ba23c8fa

Change-Id: I9170ebe99c6fc5357ff3c92cb47476b85545b8d6

The concept of VNDK-stable set is gone because they no longer need to be
stable across several Android releases. Instead, they are just small set
of system libraries (other than Low-Level NDK) that can be used by
same-process HALs. They need to be stable only during an Android release
as other VNDK libraries. However, since they are eligible for double
loading, we still need to distinguish those libs from other VNDK
libraries. So we give them a name vndk-sp, which means VNDK designed for
same-process HALs.

Bug: 37139956
Test: booting successful with vndk-sp libs in /vendor/lib(64)?/vndk-sp
Change-Id: I892c4514deb3c6c8006e3659bed1ad3363420732

am: d0e9cb05

Change-Id: Iac4a9cc2ac78ba9b72a4bb72ff81f9fd98b34d4b

Add read rights for du.

Bug: 30832951
Test: m
Change-Id: I1186ff995684844e9c6092b5ae65c19172fefbbe

am: 86123070

Change-Id: I92cf85d8c6cd05bd76ab9745546ac8051535d2ca

am: 72126e1b

Change-Id: I58972c23929e81f27d28eff0dd66f21240311b7e

The sepolicy version takes SDK_INT.<minor> format. Make sure our
'current' policy version reflects the format and make it '100000.0'.
This ensures any vendor.img compiled with this will never work with
a production framework image either.

Make version_policy replace the '.' in version by '_' so secilc is
happy too.

This unblocks libvintf from giving out a runtme API to check vendor's
sepolicy version. The PLAT_PUBLIC_SEPOLICY_CURRENT_VERSION will
eventually be picked up from the build system.

Bug: 35217573
Test: Build and boot sailfish.
      Boot sailfish with sepolicy compilation on device.
Signed-off-by: Sandeep Patil <sspatil@google.com>

Change-Id: Ic8b6687c4e71227bf9090018999149cd9e11d63b

am: df720941

Change-Id: I4590b07ef09247aaf632a09f3247c2314d2a1a63

CTS includes general_sepolicy.conf built from this project. CTS then
tests this file's neverallow rules against the policy of the device
under test. Prior to this commit, neverallow rules which must be
enforced only for Treble devices we not included into
general_sepolicy.conf. As a result, these rules were not enforced for
Treble devices.

This commit fixes the issue as follows. Because CTS includes only one
policy, the policy now contains also the rules which are only for
Treble devices. To enable CTS to distinguish rules needed for all
devices from rules needed only on Treble devices, the latter rules are
contained in sections delimited with BEGIN_TREBLE_ONLY and
END_TREBLE_ONLY comments.

This commit also removes the unnecessary sepolicy.general target. This
target is not used anywhere and is causing trouble because it is
verifying neverallows of the policy meant to be used by CTS. This
policy can no longer be verified with checkpolicy without
conditionally including or excluding Treble-only neverallows.

Test: mmm system/sepolicy
Test: Device boots -- no new denials
Bug: 37082262
Change-Id: I15172a7efd9374543ba521e17aead1bdda7451bf

am: b9bd6708

Change-Id: Ie76de5da8e9a370e2f744d158ead93bbc1d0a508

am: 82696dd1

Change-Id: Ib04932a421523eb50c2e40bf24000ae58ac7a535

am: 8ee64187

Change-Id: I6c035c3e696531297ff8a3c09045acf6d2c98cd0

am: 462cf398

Change-Id: I12d310b90e6863a56c1fc269ce237e93864d88f8

am: ee97662f

Change-Id: I6e2eba3f0081494508b015f6bd785085638f1cee

darwin's getopt() doesn't like putting arguments
in the wrong order.

Test: Mac/Linux builds
Change-Id: If632e9077c1b5714f91c5adaa04afb4963d9b0f5

am: f497d0b7

Change-Id: I8b75d668cbc30b81731aed7421327a3f2f4b19a8

We should give appdomain the access to the /vendor/framework directory
since the jar in the directory is not dexopt-ed.AFAIK, jars which are
not in the bootclasspath are not dexopt-ed by default.

Bug: b/37129319
Test: built and confirmed that embms.apk not crashed

Change-Id: Ic2b1eef472f2fba53e26403dde8ad9ede8105a03

* changes:
  Allow 'su' domain access to vndbinder.
  Modify checkfc to check (vnd|hw)service_manager_type.

am: 77154b39

Change-Id: Ia6c653fcab261084d6dcbb3d3ec8e3311fdf4fca

am: 84b3879a

Change-Id: I64c0a4e8ae9978fe8b809e21ae8b3e9b0b3feb98

am: 04ef57bf

Change-Id: I906f85514efb4301ac0bafaf140deba7be76cdee

Vndk-stable libs are system libs that are used by same process HALs.
Since same process HALs can be loaded to any process, so are vndk-stable
libs.

Bug: 37138502
Test: none, because the directory is currently empty and thus this is
no-op. sailfish builds and boots.

Change-Id: I67a2c8c2e4c3517aa30b4a97dc80dc2800e47b5a

For example, for listing vndbinder services
using 'adb shell service -v list'

Test: adb shell service -v list
Bug: 36987120
Change-Id: Ibf3050710720ae4c920bc4807c9a90ba43717f3b

added checkfc options 'l' and 'v' to verify hwservice_manager_type
and vndservice_manager_type on service context files, respectively.

The checkfc call to verify the new hwservice_contexts files will
be added together with hwservicemanager ACL CLs later.

Bug: 34454312
Bug: 36052864
Test: device boots, works
Change-Id: Ie3b56da30be47c95a6b05d1bc5e5805acb809783

am: 42424f13

Change-Id: Id9375a6dc3688408e306bdc051fec4d8754d07eb

am: ed3458c2

Change-Id: I47746d594572760d25b569fb877351c4f1ea1628

am: f79d1904

Change-Id: I7bda1cd1af603adc5fbf142c66bdf5b6b146ad7f

am: df679fdb

Change-Id: I4f0d343f42d8bc5c97b2a7c129c63c8e7c50cd3d

am: 9075699a

Change-Id: If3e3e246b7ef5ed0142bc7b180d4d7cfb559ea03

am: 1b5f81a2

Change-Id: Ic9e87837f68ac31cfedd735bd20a44cdf029c79e

* changes:
  sepolicy: fix comments around 'domain' access to search in /vendor
  sepolicy: remove redudant rule for symlinks in /vendor/app
  sepolicy: restrict access for /vendor/framework.
  sepolicy: restrict /vendor/overlay from most coredomains
  sepolicy: restrict /vendor/app from most coredomains