GitLab

Currently, dex2oat runs in the installd sandbox, and has
all the SELinux capabilities that installd does. That's too
excessive.

dex2oat handles untrusted user data, so we want to put it in
it's own tighter sandbox.

Bug: 15358102
Change-Id: I08083b84b9769e24d6dad6dbd12401987cb006be

This will be used to populate rt_tables (a mapping from routing table numbers to
table names) that's read by the iproute2 utilities.

Change-Id: I69deb1a64d5d6647470823405bf0cc55b24b22de

Create a new domain for the one-shot init service flash_recovery.

This domain is initially in permissive_or_unconfined() for
testing. Any SELinux denials won't be enforced for now.

Change-Id: I7146dc154a5c78b6f3b4b6fb5d5855a05a30bfd8

Earlier changes had extended the rules, but some additional changes
are needed.

avc: denied { relabelfrom } for name="vmdl-723825123.tmp"
    dev="mmcblk0p28" ino=162910 scontext=u:r:system_server:s0
    tcontext=u:object_r:apk_data_file:s0 tclass=dir

Bug: 14975160
Change-Id: I875cfc3538d4b098d27c7c7b756d1868a54cc976

The init.rc one-shot services "defaultcrypto" and "encrypt" call
out to the /system/bin/vdc command line to ask vold to perform
encryption operations. Create a new domain for these one-shot
services. Allow the vdc domain to talk to vold.

Change-Id: I73dc2ee4cc265bc16056b27307c254254940fd9f

Some device-specific policies are improperly creating a security
domain for logwrapper, rather than removing the logwrapper
lines from init.device.rc. Don't allow that. Explicitly add an entry
for /system/bin/logwrapper to force it to a system_file. Attempting
to override this will result in the following compile time error:

  obj/ETC/file_contexts_intermediates/file_contexts: Multiple different
  specifications for /system/bin/logwrapper
  (u:object_r:logwrapper_exec:s0 and u:object_r:system_file:s0).

Bug: 15616899
Change-Id: Ia55394247a9fa16e00434d61091fff9d9d4ff125

The following commits added support for runtime resource overlays.

  New command line tool 'idmap'
  * 65a05fd56dbc9fd9c2511a97f49c445a748fb3c5
  Runtime resource overlay, iteration 2
  * 48d22323ce39f9aab003dce74456889b6414af55
  Runtime resource overlay, iteration 2, test cases
  * ad6ed950dbfa152c193dd7e49c369d9e831f1591

During SELinux tightening, support for these runtime resource
overlays was unknowingly broken. Fix it.

This change has been tested by hackbod and she reports that
everything is working after this change. I haven't independently
verified the functionality.

Test cases are available for this by running:
  * python frameworks/base/core/tests/overlaytests/testrunner.py

Change-Id: I1c70484011fd9041bec4ef34f93f7a5509906f40

As of sepolicy commit a16a59e2
(https://android-review.googlesource.com/94580), adf_device
and graphics_device have the exact same security properties.

Merge them into one type to avoid a proliferation of SELinux
types.

Change-Id: Ib1a24f5d880798600e103b9e14934e41abb1ef95

/data/property is only accessible by root and is used by the init
property service for storing persistent property values.  Create
a separate type for it and only allow init to write to the directory
and files within it.  Ensure that we do not allow access to other domains
in future changes or device-specific policy via a neverallow rule.

Change-Id: Iff556b9606c5651c0f1bba902e30b59bdd6f063a
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

Define a domain and appropriate access rules for shared RELRO files
(used for loading the WebView native library). Any app is permitted to
read the files as they are public data, but only the shared_relro
process is permitted to create/update them.

Bug: 13005501
Change-Id: I9d5ba9e9eedb9b8c80fe6f84a3fc85a68553d52e

zygote_secondary talks over a different socket named
/dev/socket/zygote_secondary. Make sure it's properly labeled.

See https://android-review.googlesource.com/89604

Addresses the following denial:

<12>[   48.442004] type=1400 audit(1400801842.179:5): avc:  denied  { write } for  pid=1082 comm="main" name="zygote_secondary" dev="tmpfs" ino=9953 scontext=u:r:system_server:s0 tcontext=u:object_r:socket_device:s0 tclass=sock_file permissive=1

Bug: 13647418
Change-Id: I1ff5f1d614295a5870bb8a3992ad9167e1656c92

app_process is now a symlink to app_process32 or
app_process64, so we have to update the selinux
rules to explicitly refer to them.

See change 5a7ee9ad63d for context.

Change-Id: I7f7a107d79a8f7a3c193f97809e1e737540258f1

(cherry picked from commit 7d51096d4106a441a15741592d9ccdd0bfaca907)

Change-Id: Ib6198e19dbc306521a26fcecfdf6e8424d163fc9

installd creates /data/.layout_version.  Introduce a separate type
for this file (and any other file created by installd under a directory
labeled system_data_file) so that we can allow create/write access by
installd without allowing it to any system data files created by other
processes.  This prevents installd from overwriting other system data
files, and ensure that any files it creates will require explicit
rules in order to access.

Change-Id: Id04e49cd571390d18792949c8b2b13b1ac59c016
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

ADF is a modern replacement for fbdev.

ADF's device nodes (/dev/adf[X]), interface nodes
(/dev/adf-interface[X].[Y]), and overlay engine nodes
(/dev/adf-overlay-engine[X].[Y]) are collectively used in similar
contexts as fbdev nodes.  Vendor HW composers (via SurfaceFlinger) and
healthd will need to send R/W ioctls to these nodes to prepare and
update the display.

Ordinary apps should not talk to ADF directly.

Change-Id: Ic0a76b1e82c0cc1e8f240f219928af1783e79343
Signed-off-by: Greg Hackmann <ghackmann@google.com>

Otherwise it is treated as a regex and matches any character.

Change-Id: I9e23f01b0e104d3ef57993fd1a3d9a5b13201910
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

I9b8e59e3bd7df8a1bf60fa7ffd376a24ba0eb42f added a profiles
subdirectory to /data/dalvik-cache with files that must be
app-writable.  As a result, we have denials such as:
W/Profiler( 3328): type=1400 audit(0.0:199): avc:  denied  { write } for  name="com.google.android.setupwizard" dev="mmcblk0p28" ino=106067 scontext=u:r:untrusted_app:s0 tcontext=u:object_r:dalvikcache_data_file:s0 tclass=file
W/Profiler( 3328): type=1300 audit(0.0:199): arch=40000028 syscall=322 per=800000 success=yes exit=33 a0=ffffff9c a1=b8362708 a2=20002 a3=0 items=1 ppid=194 auid=4294967295 uid=10019 gid=10019 euid=10019 suid=10019 fsuid=10019 egid=10019 sgid=10019 fsgid=10019 tty=(none) ses=4294967295 exe="/system/bin/app_process" subj=u:r:untrusted_app:s0 key=(null)
W/auditd  (  286): type=1307 audit(0.0:199):  cwd="/"
W/auditd  (  286): type=1302 audit(0.0:199): item=0 name="/data/dalvik-cache/profiles/com.google.android.setupwizard" inode=106067 dev=b3:1c mode=0100664 ouid=1012 ogid=50019 rdev=00:00 obj=u:object_r:dalvikcache_data_file:s0

We do not want to allow untrusted app domains to write to the
existing type on other /data/dalvik-cache files as that could be used
for code injection into another app domain, the zygote or the system_server.
So define a new type for this subdirectory.  The restorecon_recursive /data
in init.rc will fix the labeling on devices that already have a profiles
directory created.  For correct labeling on first creation, we also need
a separate change to installd under the same change id.

Bug: 13927667
Change-Id: I4857d031f9e7e60d48b8c72fcb22a81b3a2ebaaa
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

... otherwise zygote 64 won't run in the correct SELinux domain.

Bug: 13647418
Change-Id: Iada2bf26623784535b70647c472f69b735b8f4fc

Change-Id: Ibeeec6637022ee8bc9868e102b3d55e3b0d4762c
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

This change helps with the following denials.
  avc:  denied  { write } for  pid=14157 comm="Thread-88" name="premium_sms_policy.xml" dev="mmcblk0p28" ino=618998 scontext=u:r:radio:s0 tcontext=u:object_r:system_data_file:s0 tclass=file
  avc:  denied  { write } for  pid=14293 comm="Thread-89" name="sms" dev="mmcblk0p28" ino=618952 scontext=u:r:radio:s0 tcontext=u:object_r:system_data_file:s0 tclass=dir

Prior to this patch the directory was labeled as
system_data_file which is a bit too generic. This
directory contains xml files with regexs which
represent premium numbers that are used to warn
the user before sending.

Change-Id: I98288b25aa1546477e05eee9f7622324b013e695
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>

This appears to have been created to allow untrusted_app to
access DownloadProvider cache files without needing to allow
open access to platform_app_data_file.  Now that platform_app_data_file
is gone, there is no benefit to having this type.

Retain a typealias for download_file to app_data_file until
restorecon /data/data support is in place to provide compatibility.

This change depends on:
https://android-review.googlesource.com/#/c/87801/



Change-Id: Iab3c99d7d5448bdaa5c1e03a98fb6163804e1ec4
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

hostapd creates sockets under /data/misc/wifi/hostapd.
Ensure that they are labeled correctly both at runtime
(type_transition) and during the init.rc restorecon_recursive /data
(file_contexts).

Addresses denials such as:
 avc:  denied  { create } for  pid=20476 comm="hostapd" name="wlan0" scontext=u:r:hostapd:s0 tcontext=u:object_r:wifi_data_file:s0 tclass=sock_file
 avc:  denied  { setattr } for  pid=20476 comm="hostapd" name="wlan0" dev="mmcblk0p23" ino=619005 scontext=u:r:hostapd:s0 tcontext=u:object_r:wifi_data_file:s0 tclass=sock_file
 avc:  denied  { unlink } for  pid=20476 comm="hostapd" name="wlan0" dev="mmcblk0p23" ino=619005 scontext=u:r:hostapd:s0 tcontext=u:object_r:wifi_data_file:s0 tclass=sock_file

Change-Id: I80a443faeb6017a9d6cbdb8da9d7416f29a7b85f
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

Label /proc/sysrq-trigger and allow access.
Label /dev/socket/mtpd and allow access.

Resolves denials such as:
avc:  denied  { getattr } for  pid=12114 comm="Binder_2" path="socket:[219779]" dev="sockfs" ino=219779 scontext=u:r:untrusted_app:s0 tcontext=u:r:system_server:s0 tclass=tcp_socket

avc:  denied  { call } for  pid=1007 comm="Binder_8" scontext=u:r:system_server:s0 tcontext=u:r:su:s0 tclass=binder

avc:  denied  { write } for  pid=1024 comm="watchdog" name="sysrq-trigger" dev="proc" ino=4026533682 scontext=u:r:system_server:s0 tcontext=u:object_r:proc:s0 tclass=file

avc:  denied  { write } for  pid=11567 comm="LegacyVpnRunner" name="mtpd" dev="tmpfs" ino=36627 scontext=u:r:system_server:s0 tcontext=u:object_r:socket_device:s0 tclass=sock_file

avc:  denied  { ptrace } for  pid=10924 comm=5369676E616C2043617463686572 scontext=u:r:system_server:s0 tcontext=u:r:system_server:s0 tclass=process

avc:  denied  { sigkill } for  pid=26077 comm="NativeCrashRepo" scontext=u:r:system_server:s0 tcontext=u:r:zygote:s0 tclass=process

avc:  denied  { write } for  pid=1024 comm="android.bg" scontext=u:r:system_server:s0 tcontext=u:r:system_server:s0 tclass=netlink_socket

avc:  denied  { getattr } for  pid=473 comm="FinalizerDaemon" path="socket:[11467]" dev="sockfs" ino=11467 scontext=u:r:system_server:s0 tcontext=u:r:mediaserver:s0 tclass=tcp_socket

avc:  denied  { getattr } for  pid=473 comm="FinalizerDaemon" path="socket:[12076]" dev="sockfs" ino=12076 scontext=u:r:system_server:s0 tcontext=u:r:mediaserv
er:s0 tclass=udp_socket

avc:  denied  { getopt } for  pid=473 comm="FinalizerDaemon" laddr=192.168.159.172 lport=51576 faddr=93.127.173.40 fport=554 scontext=u:r:system_server:s0 tcontext=u:r:mediaserver:s0 tclass=tcp_socket

avc:  denied  { getopt } for  pid=473 comm="FinalizerDaemon" lport=15658 scontext=u:r:system_server:s0 tcontext=u:r:mediaserver:s0 tclass=udp_socket

avc:  denied  { read write } for  pid=21384 comm="rtsp" path="socket:[443742]"
dev="sockfs" ino=443742 scontext=u:r:system_server:s0 tcontext=u:r:mediaserver:s
0 tclass=tcp_socket

avc:  denied  { read write } for  pid=21384 comm="rtsp" path="socket:[444842]" dev="sockfs" ino=444842 scontext=u:r:system_server:s0 tcontext=u:r:mediaserver:s0 tclass=udp_socket

avc:  denied  { setopt } for  pid=1326 comm="Binder_9" lport=16216 scontext=u:r:system_server:s0 tcontext=u:r:mediaserver:s0 tclass=udp_socket

avc:  denied  { setopt } for  pid=1676 comm="Binder_6" laddr=192.168.156.130 lport=51044 faddr=74.125.214.81 fport=554 scontext=u:r:system_server:s0 tcontext=u:r:mediaserver:s0 tclass=tcp_socket

avc:  denied  { getattr } for  pid=10915 comm="system_server" path="/dev/mdm" dev="tmpfs" ino=7484 scontext=u:r:system_server:s0 tcontext=u:object_r:radio_device:s0 tclass=chr_file

avc:  denied  { read } for  pid=10915 comm="system_server" name="mdm" dev="tmpfs" ino=7484 scontext=u:r:system_server:s0 tcontext=u:object_r:radio_device:s0 tclass=chr_file

avc:  denied  { unlink } for  pid=14866 comm="system_server" name="wallpaper" dev="mmcblk0p9" ino=285715 scontext=u:r:system_server:s0 tcontext=u:object_r:wallpaper_file:s0 tclass=file

avc:  denied  { getattr } for  pid=12114 comm="Binder_2" path="socket:[219779]" dev="sockfs" ino=219779 scontext=u:r:untrusted_app:s0 tcontext=u:r:system_server:s0 tclass=tcp_socket

avc:  denied  { getopt } for  pid=32300 comm="Binder_1" laddr=::ffff:127.0.0.1 lport=4939 faddr=::ffff:127.0.0.1 fport=53318 scontext=u:r:untrusted_app:s0 tcontext=u:r:system_server:s0 tclass=tcp_socket

avc:  denied  { read write } for  pid=10840 comm="pool-17-thread-" path="socket:[205990]" dev="sockfs" ino=205990 scontext=u:r:untrusted_app:s0 tcontext=u:r:system_server:s0 tclass=tcp_socket

avc:  denied  { write } for  pid=20817 comm="dumpsys" path="/mnt/shell/emulated/0/aupt-output/bugreport-2014-02-22-11-17-16.txt.tmp" dev="fuse" ino=3100784040 scontext=u:r:system_server:s0 tcontext=u:object_r:sdcard_internal:s0 tclass=file

Change-Id: I481ac26667b487031a5d3317b0a028a027a8e641
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

Change-Id: I620d4aef84a5d4565abb1695db54ce1653612bce
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

Change I6dacdc43bcc1a56e47655e37e825ee6a205eb56b switched
the keystore to using binder instead of a socket, so this
socket type and rules have been unused for a while.  The type
was only ever assigned to a /dev/socket socket file (tmpfs) so
there is no issue with removing the type (no persistent files
will have this xattr value).

Change-Id: Id584233c58f6276774c3432ea76878aca28d6280
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

Change-Id: I0a06fa32a46e515671b4e9a6f68e1a3f8b2c21a8
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

Add initial support for uncrypt, started via the
pre-recovery service in init.rc. On an encrypted device,
uncrypt reads an OTA zip file on /data, opens the underlying
block device, and writes the unencrypted blocks on top of the
encrypted blocks. This allows recovery, which can't normally
read encrypted partitions, to reconstruct the OTA image and apply
the update as normal.

Add an exception to the neverallow rule for sys_rawio. This is
needed to support writing to the raw block device.

Add an exception to the neverallow rule for unlabeled block devices.
The underlying block device for /data varies between devices
within the same family (for example, "flo" vs "deb"), and the existing
per-device file_context labeling isn't sufficient to cover these
differences. Until I can resolve this problem, allow access to any
block devices.

Bug: 13083922
Change-Id: I7cd4c3493c151e682866fe4645c488b464322379

/data/data subdirectories are labeled by installd at creation time
based on seapp_contexts, not based on file_contexts, so we do not
need the /data/data/.* entry, and the wallpaper file was moved from
under com.android.settings/files to /data/system/users/N long ago so we can
delete the old entry for it.

Change-Id: I32af6813ff284e8fe9fd4867df482a642c728755
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

Change-Id: I4cd33a296de0d0597aa6166aa1be48f1b0b52129

* Allow writes to /proc/PID/oom_score_adj
* Allow writes to /sys/module/lowmemorykiller/*

Addresses the following denials:
<5>[    3.825371] type=1400 audit(9781555.430:5): avc:  denied  { write } for  pid=176 comm="lmkd" name="minfree" dev="sysfs" ino=6056 scontext=u:r:lmkd:s0 tcontext=u:object_r:sysfs:s0 tclass=file
<5>[   48.874747] type=1400 audit(9781600.639:16): avc:  denied  { search } for  pid=176 comm="lmkd" name="896" dev="proc" ino=9589 scontext=u:r:lmkd:s0 tcontext=u:r:system_server:s0 tclass=dir
<5>[   48.874889] type=1400 audit(9781600.639:17): avc:  denied  { dac_override } for  pid=176 comm="lmkd" capability=1  scontext=u:r:lmkd:s0 tcontext=u:r:lmkd:s0 tclass=capability
<5>[   48.874982] type=1400 audit(9781600.639:18): avc:  denied  { write } for  pid=176 comm="lmkd" name="oom_score_adj" dev="proc" ino=8942 scontext=u:r:lmkd:s0 tcontext=u:r:system_server:s0 tclass=file
<5>[   48.875075] type=1400 audit(9781600.639:19): avc:  denied  { open } for  pid=176 comm="lmkd" name="oom_score_adj" dev="proc" ino=8942 scontext=u:r:lmkd:s0 tcontext=u:r:system_server:s0 tclass=file
<5>[   49.409231] type=1400 audit(9781601.169:20): avc:  denied  { write } for  pid=176 comm="lmkd" name="minfree" dev="sysfs" ino=6056 scontext=u:r:lmkd:s0 tcontext=u:object_r:sysfs:s0 tclass=file
<5>[  209.081990] type=1400 audit(9781760.839:24): avc:  denied  { search } for  pid=176 comm="lmkd" name="1556" dev="proc" ino=10961 scontext=u:r:lmkd:s0 tcontext=u:r:platform_app:s0 tclass=dir
<5>[  209.082240] type=1400 audit(9781760.839:25): avc:  denied  { write } for  pid=176 comm="lmkd" name="oom_score_adj" dev="proc" ino=11654 scontext=u:r:lmkd:s0 tcontext=u:r:platform_app:s0 tclass=file
<5>[  209.082498] type=1400 audit(9781760.839:26): avc:  denied  { open } for  pid=176 comm="lmkd" name="oom_score_adj" dev="proc" ino=11654 scontext=u:r:lmkd:s0 tcontext=u:r:platform_app:s0 tclass=file
<5>[  209.119673] type=1400 audit(9781760.879:27): avc:  denied  { search } for  pid=176 comm="lmkd" name="1577" dev="proc" ino=12708 scontext=u:r:lmkd:s0 tcontext=u:r:release_app:s0 tclass=dir
<5>[  209.119937] type=1400 audit(9781760.879:28): avc:  denied  { write } for  pid=176 comm="lmkd" name="oom_score_adj" dev="proc" ino=11657 scontext=u:r:lmkd:s0 tcontext=u:r:release_app:s0 tclass=file
<5>[  209.120105] type=1400 audit(9781760.879:29): avc:  denied  { open } for  pid=176 comm="lmkd" name="oom_score_adj" dev="proc" ino=11657 scontext=u:r:lmkd:s0 tcontext=u:r:release_app:s0 tclass=file
<5>[  209.235597] type=1400 audit(9781760.999:30): avc:  denied  { search } for  pid=176 comm="lmkd" name="1600" dev="proc" ino=11659 scontext=u:r:lmkd:s0 tcontext=u:r:shared_app:s0 tclass=dir
<5>[  209.235798] type=1400 audit(9781760.999:31): avc:  denied  { write } for  pid=176 comm="lmkd" name="oom_score_adj" dev="proc" ino=11667 scontext=u:r:lmkd:s0 tcontext=u:r:shared_app:s0 tclass=file
<5>[  209.236006] type=1400 audit(9781760.999:32): avc:  denied  { open } for  pid=176 comm="lmkd" name="oom_score_adj" dev="proc" ino=11667 scontext=u:r:lmkd:s0 tcontext=u:r:shared_app:s0 tclass=file
<5>[  214.297283] type=1400 audit(9781766.059:64): avc:  denied  { write } for  pid=176 comm="lmkd" name="oom_score_adj" dev="proc" ino=11211 scontext=u:r:lmkd:s0 tcontext=u:r:untrusted_app:s0 tclass=file
<5>[  214.297415] type=1400 audit(9781766.059:65): avc:  denied  { open } for  pid=176 comm="lmkd" name="oom_score_adj" dev="proc" ino=11211 scontext=u:r:lmkd:s0 tcontext=u:r:untrusted_app:s0 tclass=file
<5>[  214.355060] type=1400 audit(9781766.119:66): avc:  denied  { write } for  pid=176 comm="lmkd" name="oom_score_adj" dev="proc" ino=12907 scontext=u:r:lmkd:s0 tcontext=u:r:system_app:s0 tclass=file
<5>[  214.355236] type=1400 audit(9781766.119:67): avc:  denied  { open } for  pid=176 comm="lmkd" name="oom_score_adj" dev="proc" ino=12907 scontext=u:r:lmkd:s0 tcontext=u:r:system_app:s0 tclass=file
<5>[  214.516920] type=1400 audit(9781766.279:68): avc:  denied  { search } for  pid=176 comm="lmkd" name="1907" dev="proc" ino=11742 scontext=u:r:lmkd:s0 tcontext=u:r:media_app:s0 tclass=dir
<5>[  214.678861] type=1400 audit(9781766.439:69): avc:  denied  { write } for  pid=176 comm="lmkd" name="oom_score_adj" dev="proc" ino=12915 scontext=u:r:lmkd:s0 tcontext=u:r:media_app:s0 tclass=file
<5>[  214.678992] type=1400 audit(9781766.439:70): avc:  denied  { open } for  pid=176 comm="lmkd" name="oom_score_adj" dev="proc" ino=12915 scontext=u:r:lmkd:s0 tcontext=u:r:media_app:s0 tclass=file
<5>[  214.708284] type=1400 audit(9781766.469:71): avc:  denied  { search } for  pid=176 comm="lmkd" name="1765" dev="proc" ino=12851 scontext=u:r:lmkd:s0 tcontext=u:r:shared_app:s0 tclass=dir
<5>[  214.708435] type=1400 audit(9781766.469:72): avc:  denied  { write } for  pid=176 comm="lmkd" name="oom_score_adj" dev="proc" ino=12870 scontext=u:r:lmkd:s0 tcontext=u:r:shared_app:s0 tclass=file
<5>[  214.708648] type=1400 audit(9781766.469:73): avc:  denied  { open } for  pid=176 comm="lmkd" name="oom_score_adj" dev="proc" ino=12870 scontext=u:r:lmkd:s0 tcontext=u:r:shared_app:s0 tclass=file

Change-Id: Ie3c1ab8ce9e77742d0cc3c73f40010afd018ccd4

This new type will allow us to write finer-grained
policy concerning asec containers. Some files of
these containers need to be world readable.

Change-Id: Iefee74214d664acd262edecbb4f981d633ff96ce
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>

So that we do not relabel them on a restorecon -R /data.

Change-Id: I8dd915d9bb80067339621b905ea2b4ea0fa8d71e
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

This will ensure that any sockets created in this directory
will default to wpa_socket unless a type_transition is defined.
Define a type transition for system_server to keep its separate
system_wpa_socket type assigned for its socket.  Allow wpa
to create and unlink sockets in the directory.  We leave the
already existing rules for wifi_data_file in place for compatibility
with existing devices that have wifi_data_file on /data/misc/wifi/sockets.

Change-Id: I9e35cc93abf89ce3594860aa3193f84a3b42ea6e
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

- Add write_logd, read_logd and control_logd macros added along
  with contexts for user space logd.
- Specify above on domain wide, or service-by-service basis
- Add logd rules.
- deprecate access_logcat as unused.
- 'allow <domain> zygote:unix_dgram_socket write;' rule added to
  deal with fd inheritance. ToDo: investigate means to allow
  references to close, and reopen in context of application
  or call setsockcreatecon() to label them in child context.

Change-Id: I35dbb9d5122c5ed9b8c8f128abf24a871d6b26d8

Re-purpose the existing bluetooth_socket type, originally
for /dev/socket/bluetooth used by bluetoothd in the old
bluetooth stack, for sockets created by bluedroid under
/data/misc/bluedroid, and allow mediaserver to connect
to such sockets.  This is required for playing audio
on paired BT devices.

Based on b/12417855.

Change-Id: I24ecdf407d066e7c4939ed2a0edb97222a1879f6
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

These are all symlinks. The restorecon in /sys doesn't follow
symlinks, so these lines have absolutely no effect, and just
serve to confuse people.

Remove them.

Change-Id: I24373fa0308ec700011ed19b1ce29a491d1feff3

powervr_device is obsoleted by the more general gpu_device.
akm_device and accelerometer_device are obsoleted by the more
general sensors_device.

We could also drop the file_contexts entries altogether and
take them to device-specific policy (in this case, they all
came from crespo, so that is obsolete for master).

Change-Id: I63cef43b0d66bc99b80b64655416cc050f443e7d
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

/data/mediadrm is appearing on devices but is
receiving the system_data_file type. Use the
media_data_file label to help classify these files.
This new label will help with the following denials.
with exisiting allow rules for mediaserver are already
in place.

type=1400 msg=audit(1389139139.551:308): avc:  denied  { open } for  pid=179 comm="mediaserver" name="ay64.dat" dev="mmcblk0p23" ino=136819 scontext=u:r:mediaserver:s0 tcontext=u:object_r:system_data_file:s0 tclass=file
type=1400 msg=audit(1389139140.783:309): avc:  denied  { read } for  pid=179 comm="mediaserver" name="IDM1013" dev="mmcblk0p23" ino=136818 scontext=u:r:mediaserver:s0 tcontext=u:object_r:system_data_file:s0 tclass=dir
type=1400 msg=audit(1389139140.783:310): avc:  denied  { open } for  pid=179 comm="mediaserver" name="IDM1013" dev="mmcblk0p23" ino=136818 scontext=u:r:mediaserver:s0 tcontext=u:object_r:system_data_file:s0 tclass=dir

Change-Id: I84ac78517fdbb0264cf07379120a62675505fc95
Signed-off-by: rpcraig <rpcraig@tycho.ncsc.mil>

They serve no purpose; these directories/files are normally accessible
in the same way as the rest of /system.  Also one of them has the wrong
attributes (data_file_type), thereby making it writable by some domains,
and under current policy, shell and apps cannot do ls -l /etc/ppp /etc/dhcpcd.

Change-Id: I0c1baa434fe78373684f4eaab40a41fddf2bdd79
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

ping in Android no longer requires any additional privileges beyond
the caller.  Drop the ping domain and executable file type entirely.

Also add net_domain() to shell domain so that it can create and
use network sockets.

Change-Id: If51734abe572aecf8f510f1a55782159222e5a67
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>