am: a2c24197

Change-Id: I126a9e8f6015083515f2c85ac42f0c14f6c47f88

system_server: replace sys_resource with sys_ptrace am: 3d8dde0e am: dddbd2f3 am: 5ee08053 am: 6b3ef921 am: ed21f855 am: 11cf0629
am: 9911fbd7

Change-Id: Id7421d9867030c0bbe1e9b57add37a6e3b1e1a02

am: 69bb06e5

Change-Id: Ia87985dca88d3f5ebf8db51b7a27bc44e6090538

system_server: replace sys_resource with sys_ptrace am: 3d8dde0e am: dddbd2f3 am: 5ee08053 am: 6b3ef921 am: ed21f855
am: 11cf0629

Change-Id: Ibc72bad82047986aea1cbb643463de64a1d2e9d3

am: ca7d90ca

Change-Id: Ibe4770026852338dcfde327857ccffb1fc91a5a0

system_server: replace sys_resource with sys_ptrace am: 3d8dde0e am: dddbd2f3 am: 5ee08053 am: 6b3ef921
am: ed21f855

Change-Id: I629201783c38c41032960e633f2a9f53eeadf8b9

am: de5db3ab

Change-Id: If61aa850ab0f6060ec7a863cc0107f68f1db9400

am: 6b3ef921

Change-Id: Iefc3436c532f5f291345e3d01a1cbe175d69e619

am: 5ee08053

Change-Id: I530872c3d9a8ddf5a03353b27e75ea1043cd2ab2

am: dddbd2f3

Change-Id: I517d7bbd415e28d2ba7719f17c1ddcc7c28f20a0

am: 3d8dde0e

Change-Id: I19cb50ee62d217f025bb7fcf535257dac3b3610e

Commit https://android.googlesource.com/kernel/common/+/f0ce0eee added
CAP_SYS_RESOURCE as a capability check which would allow access to
sensitive /proc/PID files. However, in an SELinux based world, allowing
this access causes CAP_SYS_RESOURCE to duplicate what CAP_SYS_PTRACE
(without :process ptrace) already provides.

Use CAP_SYS_PTRACE instead of CAP_SYS_RESOURCE.

Test: Device boots, functionality remains identical, no sys_resource
denials from system_server.
Bug: 34951864
Bug: 38496951
Change-Id: I04d745b436ad75ee1ebecf0a61c6891858022e34
(cherry picked from commit 44866954)

Test: manual
Bug: 37014702
Change-Id: Id43dc7a8506fe60015c2f82242ba45cf85d3e74b

am: e8cd8fe7

Change-Id: I739f3edb772b497566f0ce3e83505ecdf97b02a7

am: 7eeded9e

Change-Id: I9fc8f229d3f03a3850819664a71edc8d418259d9

Right now, the hwcomposer hidl hal is unable to figure out where
to get the hidl mapper implementation.

It is expected that all graphics composer objects will need this
permission. The interfaces are written to work together with the
"IMapper" being the same-process ("sphal") component and the
"IComposer" interface being the binderized compoenent.

10-09 00:24:38.900   457   457 E SELinux : avc:  denied  { find } for
interface=android.hardware.graphics.mapper::IMapper pid=495
scontext=u:r:hal_graphics_composer_default:s0
tcontext=u:object_r:hal_graphics_mapper_hwservice:s0 tclass=hwservice_manager

Test: boot marlin, denial no longer present.
Bug: 38415912
Change-Id: I1b274be10e115fa7b53fb81e85be8827da05997e

am: 84d81690

Change-Id: Ia1a35f5608169d6c54e27836dbadd75b8f6ec361

am: effa2dad

Change-Id: Ic21e6dcaaa0bbf13b6eb8f3fc82303b227d61d35

Underlying data services setup no longer needs this

Bug: 35757613
Bug: 36085168
Test: GPS, XTRA & avc denial checks
Change-Id: I679ee70f65f34d5a7d1fc1f1fe92af6a92ec92c5

am: 55c7adde  -s ours

Change-Id: I1ac6bc84c0129f46c5ce9cb2c0c1b8a3f8b440df

am: 325bf725

Change-Id: I024229279b62dbd30287c505f20f51e9131b82c5

Update SE Policy to allow calls to and callbacks from Wifi Offload HAL
HIDL binderized service.
Combined cherry pick from d56aa1982d15acfc2408271138dac43f1e5dc987
and 66e27bf5

Bug: 32842314
Test: Unit tests, Mannual test to ensure Wifi can be brought up and
connected to an AP, ensure that Offload HAL service is running and that
that wificond can get the service handle by calling hwservicemanager.

Change-Id: I0fc51a4152f1891c8d88967e75d45ded115e766e

Merge "SELinux changes for Treble Loadable Kernel Module" am: e3be5d6b am: cf611a3b am: eb02b9a0  -s ours
am: 3a80d2fd

Change-Id: I9076d677a9dcdc53bc901c9b6374d729aa5bee7b

am: eb02b9a0  -s ours

Change-Id: I773b392db75e22161c25bc71d1fb09684f150ea5

am: cf611a3b

Change-Id: I4bcad7c62a3b32868cfcd6496f608c5905ab79f7

am: e3be5d6b

Change-Id: I6f3544a3803217bd6380ebb9d7d0b84c403e60c2

am: c1ee74ff

Change-Id: I0fcc76515b3923c542d5d39cd14734dc333c010c

am: ffb8fb1b

Change-Id: I4b4c521d80df2eff191ca3c0dec233f464e279e0

This hidl service provides information about vsync and hotplug
to vendor services which is required by at least some camera
hal implementations.

Test: VtsFwkDisplayServiceV1_0TargetTest
Test: no denials
Bug: 38311538
Change-Id: I64f0321e2832facf987057f0d48940e269d8e2d9

am: 524b0650

Change-Id: I893d97b9a6383ef1914bfbda43606dfaad6554e4

am: a82c3d57

Change-Id: I332b2e50b5057016ad6b530f7660c95bd53af4b7

Currently, some jni libs in /vendor/lib are allowed to be executed
in java process by labelling them as same_process_hal_file. This is
wrong because those jni libs are not in fact same process HALs.

After b/37481404, those jni libs for vendor apks are embedded inside the
apk just like downloaded apks.

In order to make this possible, appdomain is allowed to execute
vendor_app_file. Note that allowing this is not a Treble violation because
vendor_app_file is Java and JNI code only. Native libraries in
/vendor/lib are still prevented from being loaded in apps except for
those are labeled as same_process_hal_file AND are loaded via the
'sphal' namespace.

Bug: 37481404
Test: Phone application does not crash.
Change-Id: Ifaece2f05d0b20e28c4b1c0847f5ea0bb28ade02

am: 35e09523

Change-Id: I728d32563d123fafd7c316f5ea5764a463876757

am: 02a101a6

Change-Id: I0140009cfbf316489db4994b414ac079776ead21