am: da6c88c9

Change-Id: I9b2c1457c7c8cf3a6c8edde11e4dad8883bbf34c

am: 3d12305d

Change-Id: Id45b1a26067b7525feabb029d5c98270d0c5994b

am: 93f99cb1

Change-Id: I877e23910bc424a2026bab1d9669bc6537ea5c31

am: 165c3701

Change-Id: I76b85c42d2a24810de78e56d6f9624eb8df04c90

am: 1ecff6fa

Change-Id: I9e4aefbdc5ec712164cb2946cda4b51a3967c8c3

am: 45afc7a6

Change-Id: I73d31158b87c68fa5b4ee80e33a397bb1be7c010

Whitelist several hals which can be dumped by bugreports. Don't want to
dump more because of the time it takes and also certain hals have
sensitive data which shouldn't be dumped (i.e. keymaster).

Test: dumps work for given hals
Bug: 36414311
Change-Id: Ic0eddfa95fa33abbc983d3b5161e42c240663f22

am: d7b8338e  -s ours

Change-Id: I66d268eb596277171a88377dad0e613a7497e3f4

am: 392c86e9

Change-Id: Id520704ad8a2be81648c33d2d1ef4a865badacd0

am: 4dd14f69

Change-Id: I60c3e0f1441aa4f548b1875e68f49c2047bf74e4

am: 4c013db7

Change-Id: I77c714f588bdc78020af4e7dbf6a89d9e6792ca6

am: d437f0e0

Change-Id: Ib72b4435a8173a213f1ddb3331afc0bebf991029

am: d3ce5dc3

Change-Id: Ifd66a82a429b18f6e0077b042dccef38ddcd636d

Test: no relevant denials on marlin while booting
Test: no relevant denials on angler while booting
Bug: 36278706
Change-Id: Ieba79e1c8fca4f74c63bc63e6dd0bdcf59204ca2

vndservicemanager is the context manager for binder services
that are solely registered and accessed from vendor processes.

Bug: 36052864
Test: vendorservicemanager runs
Merged-In: Ifbf536932678d0ff13d019635fe6347e185ef387
Change-Id: I430f1762eb83825f6cd4be939a69d46a8ddc80ff

Rules in clients of NFC HAL due to the HAL running (or previously
running) in passthrough mode are now targeting hal_nfc. Domains which
are clients of NFC HAL are associated with hal_nfc only the the HAL
runs in passthrough mode. NFC HAL server domains are always associated
with hal_nfc and thus get these rules unconditionally.

This commit also moves the policy of nfc domain to private. The only
thing remaining in the public policy is the existence of this domain.
This is needed because there are references to this domain in public
and vendor policy.

Test: Open a URL in Chrome, NFC-tap Android to another Android and
      observe that the same URL is opened in a web browser on the
      destination device. Do the same reversing the roles of the two
      Androids.
Test: Install an NFC reader app, tap a passive NFC tag with the
      Android and observe that the app is displaying information about
      the tag.
Test: No SELinux denials to do with NFC before and during and after
      the above tests on sailfish, bullhead, and angler.
Bug: 34170079

Change-Id: I29fe43f63d64b286c28eb19a3a9fe4f630612226

am: 8f0abfec

Change-Id: Id2a898b91932fa74389586bb534cb1dba3bfe26c

am: 1c05f800

Change-Id: Icb9150c5828272df8ccfce8a4145df2f3c987c45

am: 63211f8d

Change-Id: If8aa9152a643522fc896b7a412d3fafb19043649

am: e43f5c97

Change-Id: I40ee71a3473e23a29b370cdc8be7cabd8e8245fc

am: e2f8626e

Change-Id: If401e4107787e6620ed31115c45b7d594812dbe5

am: 871e44c4

Change-Id: I1c261dc247b93306c6d1a70dd0014532c84843c5

am: 23bf2d44

Change-Id: Ib9d7b139d7792eedf3c8963cdc12fbe9f194f0f4

am: 3d49330b

Change-Id: I1ceaf1d95f07b8c4635a6055384cf6dcff932d51

am: 6456542f

Change-Id: I353c8d695a5c995f72fe865f27682a05011f8f55

ASAN builds may require additional permissions to launch processes
with ASAN wrappers. In this case, system_server needs permission to
execute /system/bin/sh.

Create with_asan() macro which can be used exclusively on debug
builds. Note this means that ASAN builds with these additional
permission will not pass the security portion of CTS - like any
other debug build.

Addresses:
avc: denied { execute } for name="sh" dev="dm-0" ino=571
scontext=u:r:system_server:s0 tcontext=u:object_r:shell_exec:s0
tclass=file

Test: lunch aosp_marlin-userdebug;
      cd system/sepolicy; mm SANITIZE_TARGET=address;
      Verify permissions granted using with_asan() are granted.
Test: lunch aosp_marlin-userdebug;
      cd system/sepolicy; mm;
      Verify permissions granted using with_asan() are not granted.
Test: lunch aosp_marlin-user;
      cd system/sepolicy; mm SANITIZE_TARGET=address;
      Verify permissions granted using with_asan() are not granted.
Bug: 36138508
Change-Id: I6e39ada4bacd71687a593023f16b45bc16cd7ef8

/proc/interrupts may be dumped by dumpstate HAL if required.

Bug: 36486169
Test: 'adb shell bugreport' on sailfish

Change-Id: Ifc41a516aeea846bc56b86b064bda555b43c58ed
Signed-off-by: Sandeep Patil <sspatil@google.com>

Merge "wpa_supplicant: Remove unnecessary permissions from system_server" am: e1a350a0 am: 79005214
am: 180a6882

Change-Id: Ic5e8018fd106a645d24f52b8502fff3e4c603f7e

am: 79005214

Change-Id: Icf0aefc596f8c3df64be9bc68b4c1f4243059747

am: e1a350a0

Change-Id: Ib2f28bdd5aa8dc1a6641f3f114965ac3ddec17e2

vndservicemanager is the context manager for binder services
that are solely registered and accessed from vendor processes.

Bug: 36052864
Test: vendorservicemanager runs
Change-Id: Ifbf536932678d0ff13d019635fe6347e185ef387

am: acc1701f

Change-Id: I7b732b74d4495c9b6aede9530e7944b5b3e07584