am: ef1fd98b

Change-Id: I6d5e2f4b43b3b52708190e8111828e54a252d5a7

This is used to persist RFC 7217 stable secrets across device reboots.

Test: as follows
    - Manually tested that stable_secret is generated on first use and
      persists until reset of user data partition (factory reset).
    - Tested that "adb shell getprop" was denied access to
      persist.netd.stable_secret after running "adb unroot".
Bug: 17613910

Change-Id: I4dad00fb189d697aceaffae49ad63987c7e45054

am: 1847a38b

Change-Id: I8c8351da5f2c41a284a6c6aa05e268f209242e00

This is to Allow commands like `adb shell run-as ...`.

Bug: http://b/62358246
Test: run commands manually.
Change-Id: I7bb6c79a6e27ff1224a80c6ddeffb7f27f492bb2

am: 7aa08523

Change-Id: I9fcf646602327f1c54d28c3fabf19741a6b72ef4

It appears that selinux requires the write permission to receive
a writable pipe from dumpstate, for unclear reasons. Add the permission
for now.

Bug: http://b/62297059
Test: dumpstate
Change-Id: I0f25682177115aacd5c2203ddc0008228b0380ad

am: e77d9eea

Change-Id: I3e4c83d962b1a4c9fbfba83ffd0df5fc8d59c8fc

Owners are selected from top CL approvals or owners.
They will be suggested to review/approve future CLs.

Test: build/make/tools/checkowners.py -c -v OWNERS
Change-Id: I3d7f4c06209c22dea0d824429d68997f7179985f

am: 17885f14

Change-Id: I46546950720c4d3fa907f32a2af9ab42caa448ba

Bug: http://b/62297059
Test: mma
Change-Id: Ibcd93e5554a9c2dd75fbfb42294fbc9b96ebc8cc

am: 34b4b737

Change-Id: If25147ce3439abd0ab4a3abc1e330b373e43d9cb

Add policy changes to enable a new service. The service
is currently switched off in config, but this change is
needed before it could be enabled.

Bug: 31008728
Test: make droid
Merged-In: I29c4509304978afb2187fe2e7f401144c6c3b4c6
Change-Id: I29c4509304978afb2187fe2e7f401144c6c3b4c6

am: a34781ae

Change-Id: Ic4103ff418e69f000198bb588f0cfccc578ba324

tombstoned allows dumpstate to install "intercepts" to java trace
requests for a given process. When an "intercept" is installed, all
trace output is redirected to a pipe provided by dumpstate instead
of the default location (usually in /data/anr or /data/tombstone).

Note that these processes are already granted "write" and "getattr"
on dumpstate:fifo_file in order to communicate with dumpstate; this
change adds "append" to the existing set of permissions.

Bug: 32064548
Test: manual
Change-Id: Iccbd78c59071252fef318589f3e55ece51a3c64c

am: e628cb5b

Change-Id: If2ce6fbf2b897d58da78430a7bae0fd6fb6e5a49

Applications connect to tombstoned via a unix domain socket and request
an open FD to which they can write their traces. This socket has a new
label (tombstoned_java_trace_socket) and appdomain and system_server are
given permissions to connect and write to it.

Apps no longer need permissions to open files under /data/anr/ and
these permissions will be withdrawn in a future change.

Bug: 32064548
Test: Manual

Merged-In: I70a3e6e230268d12b454e849fa88418082269c4f
Change-Id: Ib4b73fc130f4993c44d96c8d68f61b6d9bb2c7d5

am: c3f4afef

Change-Id: I8810383b62d3c678c289867a0e17732242ee6679

am: 9ac5d01f

Change-Id: I31b6b74e498efd2a6f6795f91d6a39a000886061

This reverts commit a015186f.

Bug: http://b/62101480
Change-Id: I8e889e3d50cf1749168acc526f8a8901717feb46

SELinux : avc:  denied  { find } for service=vrmanager pid=2364 uid=1027
scontext=u:r:nfc:s0 tcontext=u:object_r:vr_manager_service:s0
tclass=service_manager permissive=0

Test: manual
Bug: 35889571
Change-Id: If95bb5c286def99a0439b36a31b52fa9dfd4a2f4
Signed-off-by: Ruchi Kandoi <kandoiruchi@google.com>

am: 4a608d31

Change-Id: I1ac7b6ddaa3f6c7ee88426cf5ec6e6dec7bc8767

Fix the following denial:
    avc: denied { append } for pid=1093 comm="mediaextractor" path="pipe:[68438]" dev="pipefs" ino=68438 scontext=u:r:mediaextractor:s0 tcontext=u:r:dumpstate:s0 tclass=fifo_file permissive=1 ppid=1 pcomm="init" pgid=1 pgcomm="init"

Bug: http://b/38444258
Test: none
Change-Id: I58162e3a28b744a58396e77d6b0e2becb5633d6a

am: de5db3ab

Change-Id: If61aa850ab0f6060ec7a863cc0107f68f1db9400

Test: manual
Bug: 37014702
Change-Id: Id43dc7a8506fe60015c2f82242ba45cf85d3e74b

am: e3be5d6b

Change-Id: I6f3544a3803217bd6380ebb9d7d0b84c403e60c2

am: c4055f0d

Change-Id: I4f307d49476c1e84d8dd17d02f383d7c10a959fc

Specify per-service rules for PDX transport. Now being able to
grant permissions to individual services provided by processes,
not all services of a process.

Also tighter control over which permissions are required for
client and server for individual components of IPC (endpoints,
channels, etc).

Bug: 37646189
Change-Id: I78eb8ae8b6e08105666445a66bfcbd2f1d69d0ea
Merged-Id: I78eb8ae8b6e08105666445a66bfcbd2f1d69d0ea

am: fcfda81b

Change-Id: Iefe805a99749c29865b7f871cd4fc3fe11e1e536

This reverts commit 8c60f74d.

Bug: 38242876
Change-Id: Iba5a94d16901dc0c52f1941972c26877baa4805c

am: 216b377d

Change-Id: I2ff6397f145424266cd1091e338323cff283397c

Node for /dev/uhid driver needs to be accessible
by shell for the 'hid' command in frameworks/base/cmds.
This CL is in support of another CL c/2048848, topic
'Refactor hid command in /frameworks/base/cmds'
in internal master.

Bug: 34052337
Test: CTS test for GamepadTestCase#testButtonA; Checked that
cat /dev/uhid does not raise permission error.

Change-Id: I861c1226b4a67272af7c2a93d7811bf87a083478

am: ce5ca4d0

Change-Id: I7f9cfa0a144ddfd796897446990f2b61108755c1

This is needed for devices using configfs, where init listens for
sys.usb.ffs.ready=1 to config usb_gadget. When recovery starts
sideloading, minadbd (forked from recovery) sets the property to trigger
that action.

avc:  denied  { set } for property=sys.usb.ffs.ready pid=541 uid=0 gid=0
scontext=u:r:recovery:s0 tcontext=u:object_r:ffs_prop:s0
tclass=property_service

Bug: 35803743
Test: Device shows up in sideload mode.
Change-Id: Ie7f1224d3a8650160ac29811f73b8286fbced4f4