am: 55c7adde  -s ours

Change-Id: I1ac6bc84c0129f46c5ce9cb2c0c1b8a3f8b440df

am: 325bf725

Change-Id: I024229279b62dbd30287c505f20f51e9131b82c5

Update SE Policy to allow calls to and callbacks from Wifi Offload HAL
HIDL binderized service.
Combined cherry pick from d56aa1982d15acfc2408271138dac43f1e5dc987
and 66e27bf5

Bug: 32842314
Test: Unit tests, Mannual test to ensure Wifi can be brought up and
connected to an AP, ensure that Offload HAL service is running and that
that wificond can get the service handle by calling hwservicemanager.

Change-Id: I0fc51a4152f1891c8d88967e75d45ded115e766e

Merge "SELinux changes for Treble Loadable Kernel Module" am: e3be5d6b am: cf611a3b am: eb02b9a0  -s ours
am: 3a80d2fd

Change-Id: I9076d677a9dcdc53bc901c9b6374d729aa5bee7b

am: eb02b9a0  -s ours

Change-Id: I773b392db75e22161c25bc71d1fb09684f150ea5

am: cf611a3b

Change-Id: I4bcad7c62a3b32868cfcd6496f608c5905ab79f7

am: e3be5d6b

Change-Id: I6f3544a3803217bd6380ebb9d7d0b84c403e60c2

am: c1ee74ff

Change-Id: I0fcc76515b3923c542d5d39cd14734dc333c010c

am: ffb8fb1b

Change-Id: I4b4c521d80df2eff191ca3c0dec233f464e279e0

This hidl service provides information about vsync and hotplug
to vendor services which is required by at least some camera
hal implementations.

Test: VtsFwkDisplayServiceV1_0TargetTest
Test: no denials
Bug: 38311538
Change-Id: I64f0321e2832facf987057f0d48940e269d8e2d9

am: 524b0650

Change-Id: I893d97b9a6383ef1914bfbda43606dfaad6554e4

am: a82c3d57

Change-Id: I332b2e50b5057016ad6b530f7660c95bd53af4b7

Currently, some jni libs in /vendor/lib are allowed to be executed
in java process by labelling them as same_process_hal_file. This is
wrong because those jni libs are not in fact same process HALs.

After b/37481404, those jni libs for vendor apks are embedded inside the
apk just like downloaded apks.

In order to make this possible, appdomain is allowed to execute
vendor_app_file. Note that allowing this is not a Treble violation because
vendor_app_file is Java and JNI code only. Native libraries in
/vendor/lib are still prevented from being loaded in apps except for
those are labeled as same_process_hal_file AND are loaded via the
'sphal' namespace.

Bug: 37481404
Test: Phone application does not crash.
Change-Id: Ifaece2f05d0b20e28c4b1c0847f5ea0bb28ade02

am: 35e09523

Change-Id: I728d32563d123fafd7c316f5ea5764a463876757

am: 02a101a6

Change-Id: I0140009cfbf316489db4994b414ac079776ead21

am: 270e70be

Change-Id: Iaf1c21761a7daa9a73b88434d543a9306e0cbe61

am: 125a5a0c

Change-Id: I3b9bd0d3790523045db45bb1cb4a439220b7ede0

am: 36ad79b0  -s ours

Change-Id: I9c32de4e471ccbe29dd9f81b0215fbbbf4f944d4

am: ac4498fa  -s ours

Change-Id: Id9f254a4b6a15b6763a3fe5f6c0f62d7b10f3ec8

am: 21e6ab12

Change-Id: Ia07eb71f1c8cdd7329bdfb3315e9b2e3337b2ee0

am: f2760f79

Change-Id: Iac53bd00513b53476d9156440fd4937afcf0bd54

Disallowing other HALs access to video_device does not appear to be
enforceable.

(cherry picked from commit c26dd18a)

Bug: 37669506
Test: build policy. Neverallow rules are build time test and do not
      impact the policy binary.
Change-Id: Iea401de08a63f3261a461f67b85113a9d838e88a

am: ed4841ce

Change-Id: I04a5cd25af698a06101d202e2815bf5f3f39856e

am: 0f406a7a

Change-Id: I39ba184fe5b89a6cace60a4ea31f42e3e9940fce

This attribute is being actively removed from policy. Since
attributes are not being versioned, partners must not be able to
access and use this attribute. Move it from private and verify in
the logs that rild and tee are not using these permissions.

Bug: 38316109
Test: build and boot Marlin
Test: Verify that rild and tee are not being granted any of these
      permissions.
Change-Id: I31beeb5bdf3885195310b086c1af3432dc6a349b

am: ffb5b3f9

Change-Id: I53aac064a2743064be1bff1087eeda445d3abbf9

am: a06236a0  -s ours

Change-Id: I78b6f59d35d5510f91bc3fb64818b13d50148850

am: 1a6fabea

Change-Id: I3b1a74f387cbf7388feb17f87f749964816df302

am: c4055f0d

Change-Id: I4f307d49476c1e84d8dd17d02f383d7c10a959fc

This is a partial revert of commit 82672089.
The previous commit removed a public type, which is a version-incompatible
change to the SELinux vendor API.  Since the 2017 devices are meant to be
launching with the previous version, this is unacceptable.  Revert the
version-incompatible parts of the change, but keep the other parts to enable
existing system functionality to persist and become part of MR1.  Leave TODOs
to remove the other parts when a version bump is acceptable.

Bug: 38241921
Test: Policy builds and device boots with ASAN enabled.
Change-Id: I0dd3673b8ed7fb86abd79cd04982396000e986f1

Specify per-service rules for PDX transport. Now being able to
grant permissions to individual services provided by processes,
not all services of a process.

Also tighter control over which permissions are required for
client and server for individual components of IPC (endpoints,
channels, etc).

Bug: 37646189
Change-Id: I78eb8ae8b6e08105666445a66bfcbd2f1d69d0ea
Merged-Id: I78eb8ae8b6e08105666445a66bfcbd2f1d69d0ea