am: dd579f9c

* commit 'dd579f9c':
  Allow shell to set log.tag.* properties

Change-Id: Ia91078ee69563148a778be66a3af7884b137d82b

am: a34afee0

* commit 'a34afee0':
  Allow shell to set log.tag.* properties

Change-Id: Ic716c9b5b90883c2be5a7ec2a88aa0cfbb31ce5e

Also allow shell to set persist.log.tag.*

Bug: 28942894
Change-Id: Ifdb2c87871f159dd15338db372921297aea3bc6b

Merge "expose control over unpriv perf access to shell am: 7005e25e am: c66f13af" into nyc-mr1-dev-plus-aosp

am: c66f13af

* commit 'c66f13af':
  expose control over unpriv perf access to shell

Change-Id: I3654c8352ec79c7f4ad6d58adaf7798aed16af42

am: c1350181

* commit 'c1350181':
  expose control over unpriv perf access to shell

Change-Id: Ic81044579ac69efc5c7aef3a34248c6bdfa917d5

am: 7005e25e

* commit '7005e25e':
  expose control over unpriv perf access to shell

Change-Id: Ic14de78aab253b9e59135adde8d6ece536434624

am: 7005e25e

* commit '7005e25e':
  expose control over unpriv perf access to shell

Change-Id: I2ea512b705a480da5c7818601c584f696c7ba3b7

am: 1fcd8095

* commit '1fcd8095':
  expose control over unpriv perf access to shell

Change-Id: I96514ce5be1df668e86d745084a2a025adfdae28

Change-Id: I35015c89b3b036816665deccc5e20cd2e90ca208

(Cherry picked from commit 38ac77e4)

This allows the shell user to control whether unprivileged access to
perf events is allowed.

To enable unprivileged access to perf:

    adb shell setprop security.perf_harden 0

To disable it again:

    adb shell setprop security.perf_harden 1

This allows Android to disable this kernel attack surface by default,
while still allowing profiling tools to work automatically. It can also
be manually toggled, but most developers won't ever need to do that if
tools end up incorporating this.

Bug: 29054680

Change-Id: Idcf6a2f6cbb35b405587deced7da1f6749b16a5f

am: 38ac77e4

* commit '38ac77e4':
  expose control over unpriv perf access to shell

Change-Id: I3fb4eb3edfcf68ce678e8cf1566a29e70d6cf1c3

am: 90b00895

* commit '90b00895':

Change-Id: Icf7020f3af736ace01ab6e63c0a6be1a01397a07

am: b8097f05

* commit 'b8097f05':
  SELinux policy for /data/misc/profman

Change-Id: Ic2060d7a1caeb8c25c99f1dd369e80decb154ab5

am: a5d07925

* commit 'a5d07925':
  SELinux policy for /data/misc/profman

Change-Id: I1329afb3191abaa1b08ce9a706228a02a0c53a47

am: a5d07925

* commit 'a5d07925':
  SELinux policy for /data/misc/profman

Change-Id: I323b969ba609518da59880e47d6e13686e1203e8

Bug: 28748264
Change-Id: I872c25666707beb737f3ce7a4f706c0135df7ad5

This allows the shell user to control whether unprivileged access to
perf events is allowed.

To enable unprivileged access to perf:

    adb shell setprop security.perf_harden 0

To disable it again:

    adb shell setprop security.perf_harden 1

This allows Android to disable this kernel attack surface by default,
while still allowing profiling tools to work automatically. It can also
be manually toggled, but most developers won't ever need to do that if
tools end up incorporating this.

Bug: 29054680

Change-Id: Idcf6a2f6cbb35b405587deced7da1f6749b16a5f

am: d06a58d3

* commit 'd06a58d3':

Change-Id: I27074c3da5a9d75ea7268da72c90c443efaf2ed4

am: 93330770

* commit '93330770':
  Remove tee_device access from mediaserver

Change-Id: I845fc682c4fb86acb9acef700c0aed7415cee6e9

am: 0e1153ec

* commit '0e1153ec':
  Remove tee_device access from mediaserver

Change-Id: I23490556a7b0b3d9a5038ff2e1b0a6f384f629ec

am: 0e1153ec

* commit '0e1153ec':
  Remove tee_device access from mediaserver

Change-Id: I38716b448cd4a2429797bba1c420558fb7b5a64e

am: cffd143e

* commit 'cffd143e':

Change-Id: I1695e3c40a817aa9e3e107107a9982278049eff9

am: a40df202

* commit 'a40df202':
  Allow mediaserver to read preloads_data_file

Change-Id: Ia02ce6effd43f7e92590553dedb0be81ffcb36a9

am: d875ab61

* commit 'd875ab61':
  Allow mediaserver to read preloads_data_file

Change-Id: Ia974cd2351bbebb354273816bc9693eb97a60f41

am: d875ab61

* commit 'd875ab61':
  Allow mediaserver to read preloads_data_file

Change-Id: Ib34a273c717498542d8dd197f9a2f20e674d3ce9

SetupWizard initiates video playback using MediaPlayer API. Media server
should be able to handle preloads file descriptors

Bug: 28855287
Change-Id: I529dd39b25b852787b3d1708a853980cf382f045

Bug: 22775369
Change-Id: Iae362fcc371bab1455dda733f408f005c7eec3f8

am: e90f1586

* commit 'e90f1586':

Change-Id: I20836f7e680506fa6c61669c1ac9e30efb903115

am: 72f0fbb2

* commit '72f0fbb2':
  SELinux policies for /data/preloads directory

Change-Id: I0eb0aacd3bd5134077ef2bfbc9e5f418044043ab

am: 49ac2a3d

* commit '49ac2a3d':
  SELinux policies for /data/preloads directory

Change-Id: I3ce72279ba0a054527e860b8287c1a39e8d4fcfe

am: 49ac2a3d

* commit '49ac2a3d':
  SELinux policies for /data/preloads directory

Change-Id: Ib928cda316ef31f361ad09ef29b264eb9df754d5

A new directory is created in user data partition that contains preloaded
content such as a retail mode demo video and pre-loaded APKs.

The new directory is writable/deletable by system server. It can only be
readable (including directory list) by privileged or platform apps

Bug: 28855287
Change-Id: I3816cd3a1ed5b9a030965698a66265057214f037

am: ef502625

* commit 'ef502625':
  Fix rild policy to accomodate minijail

Change-Id: Ibd04bd5f94cbdd56107c8b3916cf31a0e52ced7b

am: d5bfe93e

* commit 'd5bfe93e':
  Fix rild policy to accomodate minijail

Change-Id: Id65ff798b13903242446c27406cda10f3e02dd99

am: e3327427

* commit 'e3327427':
  Fix rild policy to accomodate minijail

Change-Id: I6d4e487c07f9de821d11ebee8988fa6f79ff1b27

Fix denials related to lack of setgid and setpcap priviledges.
These were introduced when minijail was used to do sandboxing.

Bug: 28178548
Change-Id: I85fd4abbe55258de61d20d827baf59bbca0679e7
Test: rild no longer crash loops

am: 0bc35bd3

* commit '0bc35bd3':

Change-Id: Icd913a45dc2b66a50c7b75c86b512fdb63b99f8b