am: a4e2aa13

Change-Id: I0af984f16893a9367769549967aea8cb5f30285f

Grant installd the policies to recursively delete
the foreign-dex folder when removing a user. Otherwise
the user cleanup will partially fail and cause a boot loop
when the userId is reused as some later point.

Bug: 29285673
Change-Id: I023f150cffbeb10b6014f48bca9eb0922c2d630a

am: 92e79e22

Change-Id: I120a8a0a73ec37adee5771f7ffcc7be695b4c141

Per "man socket":

  SIOCGSTAMP
  Return a struct timeval with the receive timestamp of the last packet
  passed to the user. This is useful for accurate round trip time
  measurements. See setitimer(2) for a description of struct timeval.
  This ioctl should only be used if the socket option SO_TIMESTAMP is
  not set on the socket. Otherwise, it returns the timestamp of the last
  packet that was received while SO_TIMESTAMP was not set, or it fails
  if no such packet has been received, (i.e., ioctl(2) returns -1 with
  errno set to ENOENT).

Addresses the following denial:

avc: denied { ioctl } for comm=6E6574776F726B5F74687265616420
path="socket:[42934]" dev="sockfs" ino=42934 ioctlcmd=8906
scontext=u:r:untrusted_app:s0:c512,c768
tcontext=u:r:untrusted_app:s0:c512,c768 tclass=udp_socket permissive=0

Bug: 29333189
Change-Id: I916a695fa362cf1cf6759629c7f6101e9f657e7d

am: 43151dd4

Change-Id: I9116f2820891a266ddf163ac28b6f45721d044ad

am: f8f4d3e1

Change-Id: If2975c226b86c11595f5c41a964783f7e9caa171

It no longer needs access to audio and camera

Bug: 22775369
Change-Id: I1de1f0e3504b214d6943733bf60eb83654b71048

Some legitimate functionality currently requires direct sysfs access
that is not otherwise possible via the android APIs.  Specifically,
isochronous USB transfers require this direct access, without which USB
audio applications would noticibly suffer.

Grant read access to the usb files under /sys/devices to prevent this
regression.

Bug: 28417852
Change-Id: I3424bf3498ffa0eb647a54cc962ab8c54f291728

am: c878a025

Change-Id: I386059682c8fbbfec7ad9ad009a296bc4454869c

Addresses:
avc: denied  { find } for service=media.camera pid=1589 uid=1001 scontext=u:r:radio:s0 tcontext=u:object_r:cameraserver_service:s0 tclass=service_manager permissive=0

Bug: 29190415
Change-Id: I77c0337500b8ab2f5d7d3d5982c7416fc39b1522

update_engine can trigger a factory-reset when the update to an older
version or an incompatible version requires it.

Bug: 28700985
TEST=Updated a device with a factory-reset required and the BCB was
written.

(cherry picked from commit 15105ce7)

Change-Id: I7d2efc0e7f164d618cbb3fe190882e4fa8a89bac

Addresses:
avc: denied  { find } for service=media.camera pid=1589 uid=1001 scontext=u:r:radio:s0 tcontext=u:object_r:cameraserver_service:s0 tclass=service_manager permissive=0

Bug: 29190415
Change-Id: I77c0337500b8ab2f5d7d3d5982c7416fc39b1522

am: f31a55c0

Change-Id: Ia9e780d8360c3cb1e43081d6aa053eefefd881ab

This is needed in order to include profile files in bugreports.

Bug: 28610953
Change-Id: I025189a4ac66b936711fdb4e20b10c2b0a7427d1

am: 44c98bb7

* commit '44c98bb7':
  Regression for log.tag properties

Change-Id: I9a386fb3d5f24491b1870d29ad82f545c350f32c

Allow log.tag and persist.log.tag as log_tag_prop

Bug: 28942894
Change-Id: I05766b99b9535a79a39adc55cad004decd52956e

More read rights are required now.

Bug: 25612095
Change-Id: I766b3b56064ca2f265b9d60e532cd22712f95a42

am: bb8a352f

* commit 'bb8a352f':
  Enable profman pretty printing

Change-Id: I4b074239ccd92992330647be359f081570eead1d

Bug: 28748264
Change-Id: I848c448e43d48d245d998ff22547bc67a640ab96

Allow priv_app, uncrypt, update_engine to access the OTA packages at
/data/ota_package (both A/B and non-A/B). GMSCore (priv_app) checks
the existence of the folder, and downloads the package there if present.

Bug: 28944800
Change-Id: I3c0717861fce7f93b33874a99f6a4a55567612a5

am: ed413a82

* commit 'ed413a82':
  sepolicy: broaden system_server access to foreign_dex_data_file.

Change-Id: If6ef21fdca0da453a6bbf2093c2704a3e72c9bcf

am: a34afee0

* commit 'a34afee0':
  Allow shell to set log.tag.* properties

Change-Id: Ic716c9b5b90883c2be5a7ec2a88aa0cfbb31ce5e

Also allow shell to set persist.log.tag.*

Bug: 28942894
Change-Id: Ifdb2c87871f159dd15338db372921297aea3bc6b

The system_server needs to rename these files when an app is upgraded.

bug: 28998083
Change-Id: Idb0c1ae774228faaecc359e4e35603dbb534592a

am: 7005e25e

* commit '7005e25e':
  expose control over unpriv perf access to shell

Change-Id: I2ea512b705a480da5c7818601c584f696c7ba3b7

(Cherry picked from commit 38ac77e4)

This allows the shell user to control whether unprivileged access to
perf events is allowed.

To enable unprivileged access to perf:

    adb shell setprop security.perf_harden 0

To disable it again:

    adb shell setprop security.perf_harden 1

This allows Android to disable this kernel attack surface by default,
while still allowing profiling tools to work automatically. It can also
be manually toggled, but most developers won't ever need to do that if
tools end up incorporating this.

Bug: 29054680

Change-Id: Idcf6a2f6cbb35b405587deced7da1f6749b16a5f

am: a5d07925

* commit 'a5d07925':
  SELinux policy for /data/misc/profman

Change-Id: I323b969ba609518da59880e47d6e13686e1203e8

Bug: 28748264
Change-Id: I872c25666707beb737f3ce7a4f706c0135df7ad5

am: 0e1153ec

* commit '0e1153ec':
  Remove tee_device access from mediaserver

Change-Id: I23490556a7b0b3d9a5038ff2e1b0a6f384f629ec

am: d875ab61

* commit 'd875ab61':
  Allow mediaserver to read preloads_data_file

Change-Id: Ia974cd2351bbebb354273816bc9693eb97a60f41

SetupWizard initiates video playback using MediaPlayer API. Media server
should be able to handle preloads file descriptors

Bug: 28855287
Change-Id: I529dd39b25b852787b3d1708a853980cf382f045

Bug: 22775369
Change-Id: Iae362fcc371bab1455dda733f408f005c7eec3f8