When the toolbox domain was introduced, we allowed all domains to exec it
to avoid breakage.  However, only domains that were previously allowed the
ability to exec /system files would have been able to do this prior to the
introduction of the toolbox domain.  Remove the rule from domain.te and add
rules to all domains that are already allowed execute_no_trans to system_file.
Requires coordination with device-specific policy changes with the same Change-Id.

Change-Id: Ie46209f0412f9914857dc3d7c6b0917b7031aae5
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

/data/local/tmp access was neverallowed in
https://android-review.googlesource.com/168051

Remove the allow rules for surfaceflinger.

Change-Id: Ic4fb3a646df158baa5a56de72ffc63fe9405531a

Change-Id: I630ba0178439c935d08062892990d43a3cc1239e
Signed-off-by: William Roberts <william.c.roberts@linux.intel.com>

Bug: http://b/15193147
Change-Id: Icde6cba4947ae17b92a7ddbd61a40f9ace839ed4

As suggested in the comments on
https://android-review.googlesource.com/#/c/141560/


drop BOARD_SEPOLICY_UNION and simplify the build_policy logic.
Union all files found under BOARD_SEPOLICY_DIRS.

Change-Id: I4214893c999c23631f5456cb1b8edd59771ef13b
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

* commit 'ace2942c':
  mako: label boot block device

Bug: 19534538
Change-Id: I0e309e2de0c9b0f44dc99408c0bf77c25c3518ec

* commit 'b3615721':
  Allow init to rm /dev/diag

* commit '02a28238':
  remove useless attempt to chmod /system/bin/ip

* commit '0e7ddd0a':
  remove /dev/diag node

/system is mounted read-only. It's impossible for init to modify
the permissions on /system/bin/ip.

Change-Id: Iea21412f4729e446a6e34677a4399f4b671d3c9f

Commit 69e1ad83
(AOSP cherrypick 3ac5654c) ensures
that /dev/diag is always removed on boot. Allow for it in
SELinux policy.

Addresses the following denial:

  audit(1422745424.741:5): avc:  denied  { unlink } for  pid=1 comm="init" name="diag" dev="tmpfs" ino=8302 scontext=u:r:init:s0 tcontext=u:object_r:diag_device:s0 tclass=chr_file

Change-Id: If20ae7eb64356c06e94873dec89fc1ca576fe74a

(cherrypicked from commit 69e1ad83)

Bug: 18203257
Change-Id: I7b9a2bdf0df6511317d59aa13fc187ab38795481

* commit '85d929d6':
  Fix "implicit declaration of function 'strerror'".

Change-Id: I9838226683077d7cecf568a9cec2a2bc98d1e37e

* commit 'c707b1d7':
  Camera: Add support to not queue all buffers up front

Camera HAL needs to call cancel_buffer on min_undequeued_buffers
preview buffers up front. That means not all preview buffers should
be queued into camera driver. This change adds the support.

Bug: 18630337
Change-Id: I794b0dcafa03ebfaddf4c68b66b09c74bbb206d0

* commit '5c6d74bb':
  camera: Fix setting of HDR mode

In HDR mode, number of JPEG callbacks is set to 2, whereas it's set
to 1 in non-HDR mode. When switching between different camera modes
(camera, photosphere, panorama), make sure HDR mode is set correctly.

Bug: 18692917
Change-Id: I82056fc4d7e605f94bde9f126754d7f3536b2114

* commit '5590086e':
  netmgrd: give explicit read access to /proc/net

We plan to remove /proc/net access from domain.te in a future
change. Make sure netmgrd doesn't depend on the rules in domain.te.

Bug: 9496886
Change-Id: I0f373cd02156c438243074b06b8fb7d8a3b69054

* commit 'f4c4ecd6':
  Remove obsolete dalvik.gc.type-precise

Bug: 18895001

(cherry picked from commit 496da827)

Change-Id: If44229824f853a875ad4867eabd1712de6c95bd5

Bug: 18895001
Change-Id: Iea2ccbfd853c5f982d7792d79cc1df789dcbd91c

* commit '4d383c60':
  Fix clang -Wc++11-narrowing warnings.

* commit '163b25f2':
  Cleanup Obsolete LOCAL_PRELINK_MODULE.