Test: booted metadata-encrypted device
Bug: 79781913
Change-Id: Ib4cb4a04145e5619994083da055f06fe7ae0137a

to workaround some VTS VtsKernelLtp failures introduced by
change on vfs_iter_write here:
https://android.googlesource.com/kernel/hikey-linaro/+/abbb65899aecfc97bda64b6816d1e501754cfe1f%5E%21/#F3

for discussion please check threads here:
https://www.mail-archive.com/seandroid-list@tycho.nsa.gov/msg03348.html



Sandeep suggest to re-order the events in that thread,
that should be the right solution,
this change is only a tempory workaround before that change.

Bug: 79528964
Test: manually with -m VtsKernelLtp -t VtsKernelLtp#fs.fs_fill_64bit

Change-Id: I3f46ff874d3dbcc556cfbeb27be21878574877d1
Signed-off-by: Yongqin Liu <yongqin.liu@linaro.org>
(cherry picked from commit 64ff9e95)
Merged-In: I3f46ff874d3dbcc556cfbeb27be21878574877d1

Mtp needs access to this path in order to
change files on an sdcard.

Fixes denial:

05-14 17:40:58.803  3004  3004 W MtpServer: type=1400 audit(0.0:46):
avc: denied { search } for name="media_rw" dev="tmpfs" ino=10113
scontext=u:r:mediaprovider:s0:c512,c768
tcontext=u:object_r:mnt_media_rw_file:s0 tclass=dir permissive=0
b/77925342 app=com.android.providers.media

Bug: 77849654
Test: no denials using mtp with emulated sdcard
Change-Id: I27b5294fa211bb1eff6d011638b5fdc90334bc80

Add an exemption to neverallow rule to use sockets from HAL servers only
for automotive build

Bug: 78901167
Test: assign this attribute to hal_vehicle_default and try to open
socket from HAL implementation
Test: verify that new CTS test will fail for non-automotive build with
this attribute buing used
Test: make cts && cts-tradefed run singleCommand cts --skip-device-info
 --skip-preconditions --abi arm64-v8a --module CtsSecurityHostTestCases
 -t android.security.cts.SELinuxHostTest

Change-Id: I27976443dad4fc5b7425c089512cac65bb54d6d9

This relaxes the neverallow rule blocking vendor_init from doing
anything to vold_metadata_file.  The rules above it still prevent it
from doing anything other than relabelto and getattr.

Bug: 79681561
Test: Boot device and see no denials.
Change-Id: I1beb25bb9f8d69323c9fee53a140c2a084b12124

Bug: 78605339
Test: aosp_walleye-userdebug builds
Change-Id: I37c84e20f2284d50cbe29bfa1b7597dd2c01fb4b

The property is set on builds which profile the boot image.

Test: m
Bug: 73313191

(cherry-pick form commit d99f4acf2ddaeede543eba6fb78fe7931318d652)

Merged-In: Ie0cd54f23250df02850c38bb14e92d4b1fa04f16
Change-Id: Ie0cd54f23250df02850c38bb14e92d4b1fa04f16

Bug: 79228237
Test: audit2allow finds no relevant denials on boot
Change-Id: Ia80b77ba9a1ec2354127cd0ef68d50ebcf593fb0

The goal is to allow creating profile snapshots from the shell command in
order to be able to write CTS tests.

The system server will dump profiles for debuggable in /data/misc/profman
from where they will be pulled and verified by CTS tests.

Test: adb shell cmd package snapshot-profile com.android.vending
Bug: 74081010
Change-Id: I54690305284b92c0e759538303cb98c93ce92dd5

com.android.server.power.PowerManagerServiceTest#testGetLastShutdownReasonInternal due to "RuntimeException: failed to set system property"

W/roidJUnitRunner: type=1400 audit(0.0:6): avc: denied { write } for name="property_service" dev="tmpfs" ino=13178 scontext=u:r:platform_app:s0:c512,c768 tcontext=u:object_r:property_socket:s0 tclass=sock_file permissive=0
W/libc    : Unable to set property "test.sys.boot.reason" to "shutdown,thermal": connection failed; errno=13 (Permission denied)

Had to use precise property definition as com.android.phone accesses
test properties as well.

Test: compile
Bug: 78245377
Change-Id: I2cc810846f8615f2a2fae8e0d4f41de585b7abd7

This should help fix presubmit tests.

Bug: 79414024
Test: Built policy.
Change-Id: Ic840150767ff6c2799ac3b5ef22ba139108c94dd
(cherry picked from commit 06e09abd)

Bug: 71430241
Test: build/flash, grep for "avc: denied { read }" for mediacodec, should be empty on walleye
Change-Id: I12e1b11a969d3f979ca0cfbe4ca7db2bc5e46165

Let the audioserver record metrics with media.metrics service.
This is for 'audiopolicy' metrics.

Bug: 78595399
Test: record from different apps, see records in 'dumpsys media.metrics'
Change-Id: I63f9d4ad2d2b08eb98a49b8de5f86b6797ba2995

On userdebug builds we can now profile system server without disabling
selinux. This is the final piece, and allows the system server to save its
own profile.

Test: manual, on a device with system server profiling enabled
Bug: 73313191

(cherry picked from commit 71d8467b)

Change-Id: I93e7e01bfbd3146a8cfd26a1f6e88b640e9c4e0f

Bug: 78603347
Test: build and locally tested
Change-Id: I7e4eb8ebb2c1a0b7d684b471141da991a19bc98d

Bug: http://b/77729983
Test: treehugger
Change-Id: Ic8ce31396e5cad2e9b1f7aab2ace2f6c8e962d6d

It's used in build-time tests and in CTS.

Bug: 78898770
Test: build user-build
Change-Id: I254bf4d7ed0c0cb029b55110ceec982b84e4a91b
(cherry picked from commit beeb122405070a5b4cee326a0cdae92a1a791fbc)

vendor-init-settable|public-readable

Change-Id: I8262cc03150931080c0982350cd990ee8f5422bc
Fixes: 78636965
Test: adb shell getprop ro.oem.key1

Bug: 70637118
Test: m && emulator ; also verified on bat_land
Change-Id: I39dd17d20acc8d380f36e207679b8b1eba63a72e

Bug: 78205669
Bug: 78430613
Test: succeeded building
Change-Id: Ie098b839a050058424673f0d8961b7a194a2caab

Test: pass Multimedia File Compatibility test
Test: time to start playing mid file with GPM: ~10s => ~1.2s
Bug: 76422052, Bug: 67480585, Bug: 30751071
Change-Id: I4e9824b21dab1dafdcca5824367a7fe39a37e2f7

Update prebuilts for API 28.

Bug: 77958490
Test: m
Test: manual
Change-Id: Ic3f8599266ff8fffdff1492a5600a10f6fecbe88

Bug: 77589980
Test: diff -r system/sepolicy/public system/sepolicy/prebuilts/api/28.0/public is empty
Change-Id: I5ecb003e893d87e36e096208e505ad1264c288aa

Bug: 77589980
Test: Build
Change-Id: I5395314006f42dd3c925fed554c04d182ddde2c5

Bug: 77588754
Test: builds
Change-Id: I61ceb438cd532584847ddd55c0eeaefebdcfa51c

This file is /vendor/etc/selinux/nonplat_sepolicy.cil from aosp_arm64-eng
from mr1-dev

Bug: 69390067
Test: prebuilt only change
Change-Id: I717513ae66e806afe0071cf5b42e9f709264d0b6

Bug: 65551293
Bug: 69390067
Test: None. Prebuilt only change.
Change-Id: I62304b342a8b52fd505892cc2d4ebc882148224b

"storaged" service will be used by external clients, e.g. vold, dumpsys
"storaged_pri" service will only be used by storaged cmdline.

Bug: 63740245
Change-Id: I7a60eb4ce321aced9589bbb8474d2d9e75ab7042

Bug: 37916906
Test: Builds 'n' boots.
Change-Id: Ia1d86264446ebecc1ca79f32f11354921bc77668
Merged-In: I208ec6a864127a059fb389417a9c6b259d7474cb

The following commits were cherry-picked from internal master to AOSP,
but to avoid merge-conflicts we'll do a large diff instead of individual
cherry-picks:
521742e9
9aefc916
3686efca
de51e7de
fff3fe2f

Bug: 37916906
Test: angler builds and boots.
Merged-In: Ie010cc12ae866dbb97c387471f433158d3b699f3
Change-Id: I5126ebe88b9c76a74690ecf95851d389cfc22d1f

In order to bring AOSP development back in-line with master development,
some CLs were cherry-picked individually from internal master to AOSP,
which were then merged back into internal master (MERGED-IN was missing).
Due to merge-conflict pain, these are being reverted in favor of one
big diff.  This CL reverts the changes that were auto-merged in as a result,
and can be used as the target of MERGED-IN when reverting the individual
cherry-picks in AOSP.

This reverts commit a08fe91e, reversing
changes made to 11481d1d.

This reverts commit 7ec5ecfb, reversing
changes made to 6fecbbb2.

Bug: 37916906
Test: Builds 'n' boots.

Add /dev/kmsg_debug on userdebug devices, to allow crash_dump to log
crashes to dmesg when logd isn't up yet (or is the one crashing).

(Originally commited in a015186f)
(cherry-pick of commit: 3458ec13)

Bug: 37916906
Bug: 36574794
Bug: 62101480
Test: Builds and boots.
Change-Id: I83aa392f49bb412d96534925fb02921a8f4731fa

(cherry-pick of commit: 55c77504)

Bug: 37916906
Bug: 37896931
Test: none, just prebuilt update.
Change-Id: I55b5179f98703026699a59cce4b2e1afb166fd1d

More changes went into oc-dev after the freeze-date.  Reflect them.
(cherry-pick of commit: 148578a6)

Bug: 37916906
Bug: 37896931
Test: prebuilts - none.
Change-Id: I3300751ea7362d5d96b327138544be65eb9fc483

commit: 5c6a227e added the oc-dev
sepolicy prebuilts (api 26.0), but did not include the corresponding
base mapping file, which is to be maintained along with current
platform development in order to ensure backwards compatibility.
(cherry-pick of commit: 5e4e0d7f)

Bug: 37916906
Bug: 37896931
Test: none, this just copies the old mapping file to prebuilts.
Change-Id: Ia5c36ddab036352845878178fa9c6a9d649d238f

Copy the final system sepolicy from oc-dev to its prebuilt dir
corresponding to its version (26.0) so that we can uprev policy and
start maintaining compatibility files, as well as use it for CTS
tests targeting future platforms.

(cherry-pick of commit: 5c6a227e)

Bug: 37896931
Bug: 37916906
Test: none, this just copies the old policy.
Change-Id: Ib069d505e42595c467e5d1164fb16fcb0286ab93

The treble compatibility tests check for policy differences between old
and new policy.  To do this correctly, we must not modify the policy which
represents the older policies.  Move the files meant to be changed to a
different location from the ones that are not meant to be touched to avoid
any undesired changes to old policy, e.g. commit:
2bdefd65078d890889672938c6f0d2accdd25bc5

Bug: 36899958
Test: Build-time tests build.
Change-Id: I8fa3947cfae756f37556fb34e1654382e2e48372

untrusted_app_visible_hwservice was an attribute that was meant to
give partners time to add their HALs to AOSP.  It was removed from mr1
and so needs to be accounted for in the compatibility mapping.

Bug: 64321916
Test: Builds with treble policy tests.
Change-Id: I359a842083016f0cf6c9d7ffed2116feb9e159c6

Only seeing this denial in permissive:
allow shell screencap_exec:file getattr;

Bug: 37565047
Test: adb shell screencap w/o root
Test: cts-tradefed run cts-dev --module CtsAadbHostTestCases
Change-Id: I9f31d2067e002e7042646ee38dbfc06687481ac7

On Full Treble devices, servicemanager should only service
services from the platform service_contexts file.

Created new type to separate plat_ and nonplat_service_contexts,
and added new type to mapping (although I don't think this type
should have been used by vendors).

Bug: 36866029
Test: Marlin/Taimen boot
Change-Id: Ied112c64f22f8486a7415197660faa029add82d9