Finalize Wi-Fi RTT service name per API review.

Note: CL 1 of 2 - adding new entry here, will remove
old entry in next CL.

Bug: 65108607
Test: integration tests
Change-Id: I065ce9d570510180fa8c8f09e1025ac795706405

This reverts commit b40eb255.

Change-Id: I04d9e76152ed11ada4cabcc79bb4eec827f8abef

Bug: 64131637
Test: Manual
Change-Id: I0170c5eb465aa663582e3974348380a8f0c9b27f

1) fc_sort is not needed as there is no reason to sort system
   properties, so this is removed and replaced with a simply copy
2) Use the new property_info_checker instead of checkfc for
   validating property information.  This supports exact match
   properties and will be extended to verify property schemas in the
   future.

Bug: 36001741
Test: verify bullhead's property contexts correct
Test: verify faulty property contexts result in failures
Change-Id: Id9bbf401f385206e6907449a510e3111424ce59e

After offline discussions, we decided that this was the proper
exception to the neverallow rule.

Test: Built policy.

Change-Id: Ic1603bfdd803151ccfb79f90195b83b616acc873

This fixes failing vts drm tests

bug:67675811

Test:vts-tradefed run commandAndExit vts -m VtsHalDrmV1_0Target
Change-Id: I2f7e1c97e8c70fc312ca3c2c901f0a9607b05e83

Test: Boot the device
Change-Id: Ia468941e78803edebe311c73f424a41ac1faeaee

zygote->webview_zygote.

Forgot to ammend local change.

Test: webview_zygote denials are gone.
Change-Id: I02869812feafd127b39e567c28e7278133770e97

Commit erroneously 55039509 removed init's read access to
/sys/devices/virtual/block/zram*. Restore access.

Test: cat /proc/meminfo
    ...
    SwapTotal:        524284 kB
    SwapFree:         524284 kB
    ...
Bug: 71510938

Change-Id: I20268168caa541a7dafa1e32339641095e1e524b

For consistency with zygote, allow webview_zygote to list directories
in /system.

Test: Boot Taimen. Verify webiew_zygote denials during boot.
Bug: 70857705
Change-Id: I27eb18c377a5240d7430abf301c1c3af61704d59

The system server is responsible for providing the network traffic
stats to Apps and services. Allow it to directly reading the eBPF maps
that stored these information can make the process of getting traffic
stats simplier.

Test: No selinux rule violation of system server reading netd bpf object
Bug: 30950746
Change-Id: I6d9438d1ed7c9bab45a708f5d2a85eb22f5e8170

Add the new classes for eBPF map and program to limit the access to eBPF
object. Add corresponding rules to allow netd module initialize bpf
programs and maps, use the program and read/wirte to eBPF maps.

Test: no bpf sepolicy violations when device boot
Change-Id: I63c35cd60f1972d4fb36ef2408da8d5f2246f7fd

Some necessary sepolicy rule changes for init process to create directory,
mount cgroupv2 module and mount bpf filesystem. Also allow netd to create
and pin bpf object as files and read it back from file under the
directory where bpf filesystem is mounted.

Test: bpf maps show up under /sys/fs/bpf/
Change-Id: I579d04f60d7e20bd800d970cd28cd39fda9d20a0

Bug: 63908748
Test: Able to boot
Change-Id: I14d8856d7aac7be9d1f26ecf5bfff69ea5ee9607

Add policy for the perfprofd binder service.

For now, only allow su to talk to it.

Test: m
Change-Id: I690f75460bf513cb326314cce633fa25453515d6

These are device specific.

Bug: 70846424
Test: bugreport
Change-Id: Ic22c972f1b09988a8eccf0823dd0d87fc0c0a1f7

This will allow system_server to perfom path resolution on paths like:
/sys/devices/soc/800f000.qcom,spmi/spmi-0/spmi0-00/800f000.qcom,spmi:qcom,pm8998@0:qcom,pm8998_rtc/rtc

Fixes this denial:
avc: denied { search } for pid=947 comm=system_server
name=800f000.qcom,spmi dev=sysfs ino=19891
scontext=u:r:system_server:s0 tcontext=u:object_r:sysfs_msm_subsys:s0
tclass=dir permissive=0 b/68003344

Bug: 68003344
Test: walleye boots without the denial above.
Change-Id: Ib282395124c7f2f554681fcc713b9afe189f441c

Removing legacy rules. system_server now depends on Lights HAL (which
has its own domain) instead of /sys/class/leds.

Bug: 70846424
Test: sailfish boots; screen, flashlight work fine.

Change-Id: I6f116a599cab26ae71e45f462b33328bc8d43db5

Test: Built the policy for many devices.
Change-Id: Ic61023dc2d597865504d1a4bc955bd1bc973f83c

Vendor-specific app domains depend on the rules in app.te so they
must reside in public policy.

Bug: 70517907
Test: build
Change-Id: If45557a5732a06f78c752779a8182e053beb25a2
Merged-In: If45557a5732a06f78c752779a8182e053beb25a2
(cherry picked from commit 1f4cab8b)

CrossProfileAppsService allows apps to do limited cross profile
operations, like checking the caller package is installed in
the specified user. It is similar to LauncherAppsService in some sense.

Merged-In: I26e383a57c32c4dc9b779752b20000b283a5bfdc
Change-Id: I26e383a57c32c4dc9b779752b20000b283a5bfdc
Fix: 67765768
Test: Built with ag/3063260. Can boot and verified those APIs are working.
(cherry picked from commit 6536c9e0)

Removes open, read, setattr permissions to sysfs_type.
Adds explicit permissions to:
sysfs_dt_firmware_android
sysfs_vibrator
sysfs_wake_lock

Bug: 65643247
Test: walleye boots without denials to sysfs_type.
Change-Id: I2e344831655c2c8e8e48b07ecce6a2704f2a206a

Bug: 63757906
Test: manual testing conducted
Change-Id: Id03413ce82b5646d4bceddc59e16c7d5ee5bc193

we are aiming to improve logging performance by having wifi hal
directly write to the flash.

Wifi hal need to be able to create, write, and delete files in
a directory. This will be restricted to userdebug and eng builds only.

Bug: 70170285
Test: compile, run on device
Change-Id: Id0cd317411f4c393d7529aa31b501046d7350edb