This reverts commit 9899568f.

Reason for revert: Reports of high numbers of SELinux denials
showing up on the SELinux dashboard.

Bug: 110043362
Change-Id: Id8fc260c47ffd269ac2f15ff7dab668c959e3ab0

What changed:
- Removed cgroup access from untrusted and priv apps.
- Settings app writes to /dev/stune/foreground/tasks, so system_app domain
retains access to cgroup.
- libcutils exports API to /dev/{cpuset, stune}/*. This API seems to be used
abundantly in native code. So added a blanket allow rule for (coredomain - apps)
to access cgroups.
- For now, only audit cgroup access from vendor domains. Ultimately, we want to
either constrain vendor access to individual domains or, even better, remove
vendor access and have platform manage cgroups exclusively.

Bug: 110043362
Test: adb shell setprop ro.config.per_app_memcg true, device correctly populates
/dev/memcg on a per app basis on a device that supports that.
Test: aosp_sailfish, wahoo boot without cgroup denials
Change-Id: I9e441b26792f1edb1663c660bcff422ec7a6332b

Test: policy compiles
Change-Id: I855ce7c706ebf11de8376b9f97b706d97419db4b

Test: policy compiles.
Change-Id: Icda25a34ce61c28fa2399a1f1f44c9ef7ba44745

Sort file by ioctl name. This will make it hopefully easier to find
entries.

Alternatives considered: sorting file by ioctl value. This has the
advantage that it's easier to map an SELinux ioctlcmd= avc message into
a variable name, but would otherwise make this file harder to read.

Test: policy compiles.
Change-Id: I09b1dd4c055446f73185b90c4de5f3cdd98eb4b7

1. "Add sepolicy labeling of wifi.concurrent.interface" in property_contexts.
wlan1 interface is added first in Pie OS. And wlan1 interface has getIfaceName
by property_get in wifi_chip.cpp.
(/hardware/interface/wifi/1.2/default/wifi_chip.cpp)
But, there is no sepolicy about this interface. wlan0 and p2p0 is definitely specified.
So, if we try to use wlan1, native sepolicy violation occurs.
This is why this labeling is necessary.

2. wlan1: Property labeling same with wlan0 or p2p0.
wifi.interface u:object_r:exported_default_prop:s0 exact string

Test: Basic Sanity - Verified tethering by using wlan1
Bug: 117302656

Change-Id: I24194bca7176e1927164228e6571870531a9bc56
Signed-off-by: Jinhee Jo <jinhee0207.jo@lge.com>

Bug: 117440207
Bug: 111890351
Test: manual
Change-Id: Ie218dec3e4f0f5dbade6d1c4d28b259909664056

This daemon is very locked down. Only system_server can access it.

Bug: 72170747
Change-Id: I7b72b9191cb192be96001d84d067c28292c9688f

We plan on migrating MetricsLogger to write to statsd socket. So we need to
allow zygote, which writes to logd using MetricsLogger, to also be able
to statsd. We also re-locate some sepolicies to write to statsd socket
in their respective policy definitions.

Bug: 110537511
Test: no failure/violations observed
Change-Id: I21fd352a25ed946516f9a45ac3b5e9bf97b059bc

Bug: 117178352
Test: no denials to /system/asan.options on asan walleye
Change-Id: I6042693afb926a22a3e2be79bd2a7ba062806143

Part of an effort to remove Treble-specifics in the way be build
sepolicy.

Fixes: 64541653
Test: m selinux_policy for aosp_arm64
Change-Id: I9e42c720018674e7d3a6c47e01995401c4e748a7

A default set of options are available, but can override in a fstab
overlay entry with upperdir=, lowerdir= to the same mount point,
workdir=.  The default is a valid /mnt/scratch/overlay/
or /cache/overlay/ directory, with .../<mount_point>/upper and
.../<mount_point>/work, associated with each system partition
<mount_point>.

Test: manual
Bug: 109821005
Change-Id: I5662c01fad17d105665be065f6dcd7c3fdc40d95

Addresses this denial:
avc: denied { read } for comm="rild" name="u:object_r:system_prop:s0"
dev="tmpfs" ino=15811 scontext=u:r:rild:s0 tcontext=u:object_r:system_prop:s0
tclass=file permissive=0

Fixes: 77960261
Test: m selinux_policy
Change-Id: I341675a4cfc0acbb7ea98e2ed4bdb7f69afe09f7

Test: Run script and find unescaped periods.
Change-Id: I35a4366aa576d5c6036d0dcfb068ca4e0f27fff9

This property is GMS-specific. It should be set from either /system or /product.
After this change ro.com.google.clientidbase will have default_prop type and
will only be settable from an .rc file.

This property now must be set from system or product images. In case of a
system-only OTA, the old vendor.img might attempt set this property. This will
trigger a denial which is innocuous since the new system.img will correctly set
the property.

Bug: 117348096
Test: walleye can still set ro.com.google.clientidbase
Change-Id: Id0873baecacb4168415b1598c35af1ecbb411e17

This fixes a build breakage.

Test: Build policy.
Change-Id: Id5209a2bd6446ac6dd744b7426f540bc1a8641ed

Bug: 111215474
Test: boots
Change-Id: Ib8cabeb64a8b4ec9f592d870bd0af611a2720cc7

system_file_type is an attribute assigned to all files on the /system
partition. Add a compile time test to ensure that the attribute is
assigned to all the relevant types.

Test: code compiles.
Change-Id: I7d69a04a4f04f6269cc408f25527b948756cc079

python3 is not required on host machines.

Bug: 117260689
Test: m selinux_policy
Change-Id: Iea31eadcb3f09ffadca82dd1862cf5538259c710

apexd is a new daemon for managing APEX packages installed
on the device. It hosts a single binder service, "apexservice".

Bug: 112455435
Test: builds, binder service can be registered,
      apexes can be accessed, verified and mounted
Change-Id: I634ad100f10b2edcd9a9c0df0d33896fa5d4ed97

Allows checkpoint commands to check A/B update status

Test: vdc checkpoint startCheckpoint -1
Bug: 111020314
Change-Id: I086db548d55176bf88211001c7c1eecb8c50689e

Isolated apps provide a very strict security guarantee, including the
inability to create networking sockets like TCP / UDP sockets. Add an
SELinux neverallow assertion to test for this and prevent regressions.

Test: policy compiles.
Change-Id: I2618abb17375707eb1048e89faa46f57d33e1df4

New maintenance scheme for mapping files:
Say, V is the current SELinux platform version, then at any point in time we
only maintain (V->V-1) mapping. (V->V-n) map is constructed from top (V->V-n+1)
and bottom (V-n+1->V-n) without changes to previously maintained mapping files.

Caveats:
- 26.0.cil doesn't technically represent 27.0->26.0 map, but rather
current->26.0. We'll fully migrate to the scheme with future releases.

Bug: 67510052
Test: adding new public type only requires changing the latest compat map
Change-Id: Iab5564e887ef2c8004cb493505dd56c6220c61f8

Test: m selinux_policy
Change-Id: I6a8ff2200c82b6ecdc1404bc7cf186f439950a30

Map proc_qtaguid_ctrl to qtaguid_proc, not qtaguid_device.
Map proc_slabinfo to proc in the correct place.

Test: m selinux_policy
Change-Id: I37c9dfe40bd20924215856b5d4ff7d9b3cbd0417

Remove these files from proc_net_type. Domains that need access must
have permission explicitly granted. Neverallow app access except the
shell domain.

Bug: 114475727
Test: atest CtsLibcoreOjTestCases
Test: netstat, lsof
Test: adb bugreport
Change-Id: I2304e3e98c0d637af78a361569466aa2fbe79fa0