am: a34afee0

* commit 'a34afee0':
  Allow shell to set log.tag.* properties

Change-Id: Id898bf9b62dc87cf884021150d29eefb4f703042

Also allow shell to set persist.log.tag.*

Bug: 28942894
Change-Id: Ifdb2c87871f159dd15338db372921297aea3bc6b

am: 7005e25e

* commit '7005e25e':
  expose control over unpriv perf access to shell

Change-Id: Ic14de78aab253b9e59135adde8d6ece536434624

Change-Id: I35015c89b3b036816665deccc5e20cd2e90ca208

(Cherry picked from commit 38ac77e4)

This allows the shell user to control whether unprivileged access to
perf events is allowed.

To enable unprivileged access to perf:

    adb shell setprop security.perf_harden 0

To disable it again:

    adb shell setprop security.perf_harden 1

This allows Android to disable this kernel attack surface by default,
while still allowing profiling tools to work automatically. It can also
be manually toggled, but most developers won't ever need to do that if
tools end up incorporating this.

Bug: 29054680

Change-Id: Idcf6a2f6cbb35b405587deced7da1f6749b16a5f

am: 38ac77e4

* commit '38ac77e4':
  expose control over unpriv perf access to shell

Change-Id: I3fb4eb3edfcf68ce678e8cf1566a29e70d6cf1c3

am: a5d07925

* commit 'a5d07925':
  SELinux policy for /data/misc/profman

Change-Id: I1329afb3191abaa1b08ce9a706228a02a0c53a47

Bug: 28748264
Change-Id: I872c25666707beb737f3ce7a4f706c0135df7ad5

This allows the shell user to control whether unprivileged access to
perf events is allowed.

To enable unprivileged access to perf:

    adb shell setprop security.perf_harden 0

To disable it again:

    adb shell setprop security.perf_harden 1

This allows Android to disable this kernel attack surface by default,
while still allowing profiling tools to work automatically. It can also
be manually toggled, but most developers won't ever need to do that if
tools end up incorporating this.

Bug: 29054680

Change-Id: Idcf6a2f6cbb35b405587deced7da1f6749b16a5f

am: 0e1153ec

* commit '0e1153ec':
  Remove tee_device access from mediaserver

Change-Id: I38716b448cd4a2429797bba1c420558fb7b5a64e

am: d875ab61

* commit 'd875ab61':
  Allow mediaserver to read preloads_data_file

Change-Id: Ib34a273c717498542d8dd197f9a2f20e674d3ce9

SetupWizard initiates video playback using MediaPlayer API. Media server
should be able to handle preloads file descriptors

Bug: 28855287
Change-Id: I529dd39b25b852787b3d1708a853980cf382f045

Bug: 22775369
Change-Id: Iae362fcc371bab1455dda733f408f005c7eec3f8

am: 49ac2a3d

* commit '49ac2a3d':
  SELinux policies for /data/preloads directory

Change-Id: Ib928cda316ef31f361ad09ef29b264eb9df754d5

A new directory is created in user data partition that contains preloaded
content such as a retail mode demo video and pre-loaded APKs.

The new directory is writable/deletable by system server. It can only be
readable (including directory list) by privileged or platform apps

Bug: 28855287
Change-Id: I3816cd3a1ed5b9a030965698a66265057214f037

am: d5bfe93e

* commit 'd5bfe93e':
  Fix rild policy to accomodate minijail

Change-Id: Id65ff798b13903242446c27406cda10f3e02dd99

am: e3327427

* commit 'e3327427':
  Fix rild policy to accomodate minijail

Change-Id: I6d4e487c07f9de821d11ebee8988fa6f79ff1b27

Fix denials related to lack of setgid and setpcap priviledges.
These were introduced when minijail was used to do sandboxing.

Bug: 28178548
Change-Id: I85fd4abbe55258de61d20d827baf59bbca0679e7
Test: rild no longer crash loops

am: 13bdd39c

* commit '13bdd39c':
  sepolicy: broaden system_server access to foreign_dex_data_file{dir}.

Change-Id: I9e41715e443f233275252c6a4cb5cce904c45f9c

am: a8f65aa1

* commit 'a8f65aa1':
  Add keys to prerequisites of mac_permissions.xml

Change-Id: I9b6f11e61f31ec6c11ec35283eff4936b66497f9

am: d1eb0ede

* commit 'd1eb0ede':
  Add keys to prerequisites of mac_permissions.xml

Change-Id: Iaaee3bfdb9d44bb1fd63f08a1c3f12c52ec9cefe

The system_server needs to clear these markers along with other app
data that it's responsible for clearing.

bug: 28510916
Change-Id: If9ba8b5b372cccefffd03ffddc51acac8e0b4649

am: ebb3dc9e

* commit 'ebb3dc9e':
  Fix misc-macro-parentheses warnings.

Change-Id: Id9658183b6cec0e5725c800d8939e57bf181c9e4

am: d62aa0b1

* commit 'd62aa0b1':
  Fix misc-macro-parentheses warnings.

Change-Id: I0bdc69d777044b2119cfc2677c28841b4314efc7

am: ad7a0ad2

* commit 'ad7a0ad2':
  sepolicy: add support for devices without cache partition

Change-Id: I0a81cd1aafb01cd722e5cf452cd8dd2e3b136bd4

Adds the rules for /data/cache used for devices which do
not have a cache partition.

Bug: 28747374
Change-Id: I7c749e7692c9b8eab02029bbae5a3c78585030da

am: 26e675c6

* commit '26e675c6':
  sepolicy: add support for new tracefs

Change-Id: I8983a35deeb30f97c64ae86edefd0cc2760749ec

am: 50c2909f

* commit '50c2909f':
  Sepolicy: Allow debuggerd to dump backtraces of Bluetooth
  Sepolicy: Refactor long lines for debuggerd backtraces

Change-Id: I0d3f68a422a4d8b14148343983f1d6a8a85ac268

* changes:
  Sepolicy: Allow debuggerd to dump backtraces of Bluetooth
  Sepolicy: Refactor long lines for debuggerd backtraces

Since kernel 4.1 ftrace is supported as a new separate filesystem. It
gets automatically mounted by the kernel under the old path
/sys/kernel/debug/tracing. Because it lives now on a separate device
some sepolicy rules need to be updated. This patch is doing that. Most
of the rules are created based on a conversation happened on the SELinux
Android mailing list:

http://comments.gmane.org/gmane.comp.security.seandroid/2799



Note, that this also needs 3a343a1 from the 4.4 branch in kernel/common.
Also note that when tracefs is auto mounted by the kernel, the kernel
does not use the "mode" parameter specified to mount debugfs for
tracefs. So an extra line like

   chmod 0755 /sys/kernel/debug/tracing

is necessary in init.${ro.hardware}.rc after debugfs was mounted.

Signed-off-by: Christian Poetzsch <christian.potzsch@imgtec.com>

(cherry picked from commit 4dafa72a)

Change-Id: I75738c756b49da4ac109ae442ee37c1e2844ff0a

am: 0b26e99b

* commit '0b26e99b':
  sepolicy: add support for new tracefs

Change-Id: I9189f98cb7cff87c412c7b3e09030c723b70abd7

am: 4dafa72a

* commit '4dafa72a':
  sepolicy: add support for new tracefs

Change-Id: If0a800d94d573a6178c43315b931b8b74406d0ff

Since kernel 4.1 ftrace is supported as a new separate filesystem. It
gets automatically mounted by the kernel under the old path
/sys/kernel/debug/tracing. Because it lives now on a separate device
some sepolicy rules need to be updated. This patch is doing that. Most
of the rules are created based on a conversation happened on the SELinux
Android mailing list:

http://comments.gmane.org/gmane.comp.security.seandroid/2799



Note, that this also needs 3a343a1 from the 4.4 branch in kernel/common.
Also note that when tracefs is auto mounted by the kernel, the kernel
does not use the "mode" parameter specified to mount debugfs for
tracefs. So an extra line like

   chmod 0755 /sys/kernel/debug/tracing

is necessary in init.${ro.hardware}.rc after debugfs was mounted.

Change-Id: I60fb7a90e24628e0370c3bca57644451fce5646d
Signed-off-by: Christian Poetzsch <christian.potzsch@imgtec.com>

Bug: 27954979
Change-Id: Ia0403e2dc2726523a41742e23beff29b47274392

am: 1a5fcecc

* commit '1a5fcecc':
  DO NOT MERGE. Remove isolated_app's ability to read sysfs.

Change-Id: I145b5ecc3ea1ce1c1515842b689e5129d4cc7fe2