am: 75877b24

Change-Id: Ic8688a5f7835ec689d47b1aad7d3e95424e28625

am: d85cd20d

Change-Id: I3dbea2d195d5dd8fa27e6c702c5772b2d5b0825b

am: 8f022478

Change-Id: Id2bf23854f29d453e8e280a50e6b2fee308e6db2

am: d1eb4564

Change-Id: Ic7a0b8ad7469778a2cf5ef2673de493fe34eabd9

am: 7bb3d92a

Change-Id: I77e60157551af8e13bb4fb45da86aae86347f084

am: 6f443b87

Change-Id: I46dc0e9a5350dca7861fc81f0cf00d698c57ec0b

am: ff5784f3

Change-Id: Ieb6e5cc4711add33fbd7b276bbbd362f249fb51e

am: 5b4f15e1

Change-Id: Ic7c0de32ac3970c000062bc35bb0c50254510b3a

Bug: 34135607
Test: hals work
Change-Id: I6a1f87438bb5b540fce900e9ec5df07d3f4f6bd4

am: 8a708481

Change-Id: I66cffed7a0cc322715ca5461653250fb71190adb

am: fdace232

Change-Id: I1bf9fc75321e57e9cf4c75b2fb46b66adfa1b720

am: a240947e

Change-Id: I508c25c5ea4c9e2c2b459e6247fdffd6412a2da6

am: daeb5e01

Change-Id: If2e1e939980f6c3c4c9aaf765b4418f11aef4084

am: e15d68a4

Change-Id: I11671a0c185b22a68b7e3be4da955598dda8a57b

am: f44c0dd7

Change-Id: Ic08c60058c959cd247849c43e76b5ea9971e3f5a

am: 530b8f52

Change-Id: Ide555826450bfc6872af89f3f5c3be27018fd7d9

am: 4cae28d4

Change-Id: Ie22e0c2a1c84188666a38dba21129e7547d83fbc

Bug: 35210697
Test: manual
Change-Id: I0e1e8923851f668d5fe6c210f411a8e4ff0470c7

Don't audit directory writes to sysfs since they cannot succees
and therefore cannot be a security issue

Bug: 35303861
Test: Make sure denial is no longer shown
Change-Id: I1f31d35aa01e28e3eb7371b1a75fc4090ea40464

On boot, Android runs restorecon on a number of virtual directories,
such as /sys and /sys/kernel/debug, to ensure that the SELinux labels
are correct. To avoid causing excessive boot time delays, the restorecon
code aggressively prunes directories, to avoid recursing down directory
trees which will never have a matching SELinux label.

See:
* https://android-review.googlesource.com/93401
* https://android-review.googlesource.com/109103

The key to this optimization is avoiding unnecessarily broad regular
expressions in file_contexts. If an overly broad regex exists, the tree
pruning code is ineffective, and the restorecon ends up visiting lots of
unnecessary directories.

The directory /sys/kernel/debug/tracing contains approximately 4500
files normally, and on debuggable builds, this number can jump to over
9000 files when the processing from wifi-events.rc occurs. For
comparison, the entire /sys/kernel/debug tree (excluding
/sys/kernel/debug/tracing) only contains approximately 8000 files. The
regular expression "/sys/kernel(/debug)?/tracing/(.*)?" ends up matching
a significant number of files, which impacts boot performance.

Instead of using an overly broad regex, refine the regex so only the
files needed have an entry in file_contexts. This list of files is
essentially a duplicate of the entries in
frameworks/native/cmds/atrace/atrace.rc .

This change reduces the restorecon_recursive call for /sys/kernel/debug
from approximately 260ms to 40ms, a boot time reduction of approximately
220ms.

Bug: 35248779
Test: device boots, no SELinux denials, faster boot.
Change-Id: I70f8af102762ec0180546b05fcf014c097135f3e

am: bb19a753

Change-Id: I4814247299fc156954116c8116e2d8ad3d2f5577

am: 05984847

Change-Id: Ib897f3fcc8471c1f40b85650ee6c997f2da0d9de

am: 137923a1

Change-Id: I5748e38ffdbefa08b66132080c934c44c5d02327

am: 6ebcfe47

Change-Id: I6999a1aaf79a559e0477166523ee71cfbfeb3a1b

Use the default filesystem label from genfs_contexts for the directory
/sys/kernel/debug/tracing and /sys/kernel/tracing, instead of explicitly
attempting to relabel it.

There are three cases we need to consider:

1) Old-style tracing functionality is on debugfs
2) tracing functionality is on tracefs, but mounted under debugfs
3) tracefs is mounted at /sys/kernel/tracing

For #1, the label on /sys/kernel/debug/tracing will be debugfs, and all
processes are allowed debugfs:dir search, so having the label be debugfs
instead of debugfs_tracing will not result in any permission change.

For #2, the label on /sys/kernel/debug/tracing will be debugfs_tracing,
which is the same as it is today. The empty directory
/sys/kernel/tracing wlll retain the sysfs label, avoiding the denial
below.

For #3, /sys/kernel/debug/tracing won't exist, and /sys/kernel/tracing
will have the debugfs_tracing label, where processes are allowed search
access.

Addresses the following denial:

avc:  denied  { associate } for  pid=1 comm="init" name="tracing"
dev="sysfs" ino=95 scontext=u:object_r:debugfs_tracing:s0
tcontext=u:object_r:sysfs:s0 tclass=filesystem permissive=0

Bug: 31856701
Bug: 35197529
Test: no denials on boot
Change-Id: I7233ea92c6987b8edfce9c2f1d77eb25c7df820f

Bug: 31399200
Test: Compiles
Change-Id: Ifb347a985df5deb85426a54c435c4a9c0248cb57

am: 5109eaa3

Change-Id: Idf104fab794d14a67a45e8dc4dbfe9524bfb2729

am: 43886cd4

Change-Id: I5af0c402f20be0337b25c92ad04abcfe7268e239

am: 90c9b826

Change-Id: Ifb3071a93642b52bf38ec05270b28aa3d273ce27

am: 3651bae6

Change-Id: Idbda0045c91888051350d77765d17f85d12d4046

There is only a single systemapi at the moment that is callable, and it is
protected by a signature/preinstalled permission.

(cherry picked from commit I778864afc9d02f8b2bfcf6b92a9f975ee87c4724)

Bug: 35059826,33297721
Test: manually on a marlin
Change-Id: I3789ce8238f5a52ead8f466dfa3045fbcef1958e

Merge "surfaceflinger: grant access to vr_manager_service" am: e6ff034a am: 11f4f118 am: ac00a6a6
am: 52278ee0

Change-Id: Ie07bca204b60d6e1ef00265c83bb9c60f4d19b08

am: ac00a6a6

Change-Id: Ief3aed51353ce080ba0ac80ff0ab9c63a69495b7

am: 11f4f118

Change-Id: I66e7514bcccc8ba419df94bfb36c69eaf0ec8f5c

am: e6ff034a

Change-Id: I0cadd202cfa6f898df7ef4f8c128a91b4ff31675