Bug: 35328775
Test: works in both binderized and passthrough modes
Change-Id: I1f827b4983e5e67c516e4488ad3497dd62db7e20

am: 3a69312a

Change-Id: I8dca2b0af319d9e59548e00c5ee9f33ed390d19c

am: 7c35e243

Change-Id: I2de5f421ef7ecbb2954098615e31cefe3c88cff7

am: 6f94c1d5

Change-Id: I3b2ec5c9160d0f5e51ba37e3c3488d779ae50cfd

am: e8fdd805

Change-Id: I1acef5124c5188f947f6e974908223fd13c0103e

am: 255e0ed3

Change-Id: I0eb8cbb506a3b8e8510c57deaf4d32dca60b07a6

am: 8d48aa79

Change-Id: Ie2439899bf2c369f2f57c6d6b5f55b153917dab2

am: 9df0fa86

Change-Id: If712c577c03066bb4bdc0c2a4a77e18ef1fbe1c2

am: 697ec733

Change-Id: Id2967fd71dfcd2576bc13416d8685e6602be2810

am: eb036bd0

Change-Id: Ic19d976701e42857a3ae3adaf08178ee4da1dc8c

Bug: 35708449
Test: AS screen capture
Change-Id: I53f1604e1ee9c9b32c6932f1b8944708f5012e5f

am: f1e9f7eb

Change-Id: Ie0ac6de4e1c31e6b6001708b3325ca01eba90a32

am: c91e0f30

Change-Id: I4f66c40c456130e611b2ee0d22090a8d77f7400c

am: 3355de13

Change-Id: Ie92969ebd52785433e7c71de85ff374bb9c800ac

Bug: 35721166
Test: Run update_engine_unittest as system user in enforcing mode.
Change-Id: I9cd63b19e6eed3e1291d36d4c342ecf725407232

The camera HAL1 will need to pass/receive FD from various
related processes (app/surfaceflinger/medaiserver)

Change-Id: Ia6a6efdddc6e3e92c71211bd28a83eaf2ebd1948

am: 451d9e58

Change-Id: I1edc5f8685a99b83514fa009976c7fc7e4ab4aaf

am: aa901620

Change-Id: Ib52a216c3fafac1034a44cfa088e02d84fdd29e4

am: d1f579d5

Change-Id: If5f93f17592d329886e75959963cd8dea1a17006

am: b8fcc2ce

Change-Id: I1d0e8b41a1092c6f9f2218700a02de30e9629b25

am: c24962c4

Change-Id: I83abd9596828acab7c8231c1716e0b05f67fa271

am: 78918953

Change-Id: I15c993aa298ec3d48e90d8bd4f2e6889681ceaf2

am: 9d6237a8

Change-Id: Ia369d26adeb07495beaf406055f6a4689acd54ab

am: 066bc07e

Change-Id: I41f363fcec5c248d8867cc540b854e6221d5799c

am: 723364f1

Change-Id: Icc344f5c6537e394e4888ddc369d9cf3ee2c4c5d

Previously, we'd restricted WifiService's use of
the kernel's tracing feature to just userdebug_or_eng
builds.

This restriction was in place because the feature
had not yet been reviewed from a privacy perspective.
Now that the feature has passed privacy review, enable
the feature on all builds.

Note that other safeguards remain in place (on all
builds):
- The set of events to be monitored is configured by
  init, rather than WifiService (part of system_server).
  This privilege separation prevents a compromised
  system_server from tracing additional information.
- The trace events are kept only in RAM, until/unless
  WifiService receives a dump request. (This would happen,
  for example, in the case of adb dumpsys, or generating
  a bugreport.)

Bug: 35679234
Test: manual (see below)

Manual test details:
- flash device
- connect device to a wifi network
$ adb shell dumpsys wifi | grep rdev_connect
  [should see at least one matching line]

Change-Id: I85070054857d75177d0bcdeb9b2c95bfd7e3b6bc

am: 5e625a4c

Change-Id: Ia4ae4a8580aaa320a26fab6ea237a03bf17d75be

am: 7753ef7a

Change-Id: Ia6189f4bc4c8c20befc86518e59773f13b8b8688

am: ebbbe6dd

Change-Id: I6d32a98d8dda385cdf536cce38de47db5250fb2c

Test: Basic telephony sanity
Bug: 35672432
Change-Id: I7d17cc7efda9902013c21d508cefc77baccc06a8

Label /proc/sys/vm/mmap_rnd_bits so it is only readable and writable by
init. This also tightens the neverallow restrictions for proc_security.

Bug: 33563834
Test: run cts -m CtsPermissionTestCases -t \
      android.permission.cts.FileSystemPermissionTest#testProcfsMmapRndBitsExistsAndSane

Change-Id: Ie7af39ddbf23806d4ffa35e7b19d30fec7b6d410

Apps definitely need access to ion ioctls. Remove audit statement.

Test: build marlin
Bug: 35715385
Change-Id: I777d3e9a88065a5f711315a7da6d63587744b408

am: 409bcf8c

Change-Id: I755e1d81dbd5abeb8ca7aeb3967474e0b73e2629

am: 797163db

Change-Id: Ifbdf3e912c7128cb79ca3714d4951b186babc7c8