am: 3b8163bf

Change-Id: I7399449691e69bdb9ce5d5fd16aa6cb45fd7da9e

am: 76d77fd5

Change-Id: I87ce89ce4642116264624288bf367a9ec3087034

am: 29f2e953

Change-Id: Icdce6dc5026da58beee8f218008d09dd39878f39

am: b842836f

Change-Id: If6c0db7fb4838140347a68c39dec9f10b4c298d7

Bug: 65643247
Test: device boots without denials from bootanim to sysfs and cgroup.
Change-Id: Icf8c45906cb83e1b0a60737d67ae584b9d1b34aa

Bug: 65643247
Test: device boots without denials from rild to proc.
Change-Id: I142a228347ef07266cb612e99c90fb5ec187988a

am: 19a06cb0

Change-Id: I7b3098ef83b4aab591d94d68a38af20610b83820

am: 9ee232a8

Change-Id: Ic6943aeb67277cbf50d9353bb089aadfd89197b8

am: 4c159eb9

Change-Id: Ic826a808c51cbef2865047be245600491f170c1b

am: 7bb31061

Change-Id: I235d0cfa039241c2df830392c1736c60718d5d53

am: 869cecec

Change-Id: Iebe863a82dfdc886aef689ed6ad4566977fe551a

am: b1affc90

Change-Id: Ic2e99549c985f896f73b9fc6f59508e7d2c4c34b

Bug: 65643247
Test: device boots without denials from bootstat to proc.
Change-Id: Ie31a0488239dbb1614fbcce07540d23afa805b0e

Bug: 65643247
Test: device boots without denials from bootanim to proc.
Change-Id: I0454a2bd4489d7816d82a299f5bc199d6a299ec0

am: 0d4b5539  -s ours

Change-Id: I4856aff6e363c5aa94bb02aeb11b63032bc71d3b

am: 6ba6705c

Change-Id: I3c61feaac2a38a92fa42a29d79f7e8b4eab38642

am: c8ef107a  -s ours

Change-Id: I781386a8ae37105a5f8c494b0471f6625a84cf0b

Test: after cherry-pick - it builds
Merged-In: I57c0150a52c13f1ce21f9ae2147e3814aad0fb7e
Change-Id: I7da8160a95e09946d283bd849628bd5392410353

Bug: 62945293
Test: instrumentation, VTS
Change-Id: I7e896b64bf0ee907af21d08f6b78561fadc7f0e3

Change-Id: I88e2887b0691ce3c5018578556abf7c420fe5a1b

Bug: 63600413
Test: VTS, instrumentation, audit2allow
Test: after cherry-pick - it builds
Change-Id: I57c0150a52c13f1ce21f9ae2147e3814aad0fb7e
(cherry picked from commit 567b947d)

am: 82fe6916

Change-Id: I609f746b1760209005ff9171eaadf648977d9401

am: cfdbaf33

Change-Id: I2206c2e99dbfc3c1efd5beee3b73c744187f7c32

am: 67ec37a3

Change-Id: Ic221e8a29daf603a17bbf26506f5bbacc2c68337

am: 397b07b3

Change-Id: I59221e03d3cdbbaa4fb416605ba66e9243afb5b9

Add series of neverallow rules to restrict components from reading or
writing bootloader_boot_reason_prop, system_boot_reason_prop and
last_boot_reason_prop to trusted set of domains.

The policy is that bootloader_boot_reason_prop (ro.boot.bootreason)
has a compliance issue due to the sheer momentum of near unparseable
content as filed by the wide variety (8000 different devices at last
count) bootloaders and is only to be accessible to a series of
responsible system components.  It can be inaccurate as it provides
no means to evaluate a shutdown, likely reporting "cold" (from
initial power up) or the more generic "reboot".

The last_boot_reason_prop (persist.sys.boot.reason) contains
inaccurate information as it is only valid after a controlled reboot
or shutdown.  The value can linger around after less controlled
scenarios.  Since the information could be false, we do not want to
support it as an open API, so we again block access to only
responsible components.

The system_boot_reason_prop (sys.boot.reason) is a canonical boot
reason that takes into account parsing bootloader_boot_reason_prop,
boot_loader_boot_reason_prop and other system and HAL generated hints
to determine a parseable and most accurate reason for the last time
the system was rebooted.

For now the policy for system_boot_reason_prop is to audit users of
the API, and on a need to know basis via device additions to the
selinux rules.  If vendors need their components to access the boot
reason, they need to comply first with CTS tests and spirit with
regards to controlled reboot messaging and in turn read the
system_boot_reason_prop for the canonical information.  It will
contain validated content derived from bootloader_boot_reason_prop
in the scenarios that count.

The controlled reboot APIs include:
- android_reboot(ANDROID_RB_<TYPE>, int flag, const char* reason)
- PowerManagerService.lowLevelShutdown(String reason);
- PowerManagerService.lowLevelReboot(String reason);
- ShutdownThread.shutdown(context, String reason, boolean confirm);
- ShutdownThread.reboot(context, String reason, boolean confirm);
- PowerManager.shutdown(boolean confirm, String reason, boolean wait);
- PowerManager.reboot(String reason);

Any others (including the direct linux reboot syscall) create
problems for generating an accurate canonical boot reason.

Test: compile
Bug: 63736262
Bug: 65686279
Change-Id: I2e5e55bbea1c383c06472eb2989237cfeb852030

am: 5d06d481

Change-Id: If91ded9903cd4448c393a2c1effc70028d8da64b

am: e1ff551f  -s ours

Change-Id: I9b4407986c04a9261d9b2215d0b1abfcd5921486

am: 48284512

Change-Id: I3096c5d0871872de5484f862f9f9878d6a8fce13

am: d1a9a2f4  -s ours

Change-Id: Ifa7aee2d178fe4187f59e4a5b35e2643f0e69459

* changes:
  Allow sensor hal to use wakelock
  Allow sensor to use gralloc handle and access ion device

labeled /proc/kmsg as proc_kmsg, changed logd's access from proc to
proc_kmsg, and added a compat mapping.

Bug: 65643247
Test: device boots without selinux denials to the newly introduced proc_kmsg
Test: logd-unit-tests passes

Merged-In: I92c9f5694289eb6a94c4d90f14e2de4d46b5228e
Change-Id: I92c9f5694289eb6a94c4d90f14e2de4d46b5228e
(partial CP of commit 528da6fe)

Added permission related to use of wake lock. Wakelock in sensor
HAL is used to gurantee delivery of wake up sensor events before
system go back to sleep.

Bug: 63995095
Test: QCOM and nanohub sensor hal are able to acquire wakelock
      successfuly.

Change-Id: Id4ac3552e18a1cad252017e3dc9ab3d4be8d4ab9

Allow sensor hal to sue gralloc handle and access ion device
so that sensor direct report feature can function correctly when
HardwareBuffer shared memory is used.

Test: SensorDirectReportTest passes without setenforce 0

Change-Id: I2068f6f4a8ac15da40126892e1326e0b90a6576f
Merged-In: I2068f6f4a8ac15da40126892e1326e0b90a6576f