These denials occur fairly often, causing some logspam.

Bug: 77225170
Test: Boot device.
Change-Id: Icd73a992aee44007d0873743f706758f9a19a112

In permissive mode we get more spurious denials when O_CREAT is used
with an already-existing file. They're harmless so we don't need to
audit them.

Example denials:
denied { add_name } for name="trigger" scontext=u:r:init:s0 tcontext=u:object_r:sysfs_leds:s0 tclass=dir permissive=1
denied { create } for name="trigger" scontext=u:r:init:s0 tcontext=u:object_r:sysfs_leds:s0 tclass=file permissive=1

Bug: 72643420
Bug: 74182216

Test: Device boots, denials gone.
Change-Id: I54b1a0c138ff5167f1d1d12c4b0b9e9afaa5bca0

A default value of persist.radio.multisim.config can be set by SoC
vendors, and so vendor-init-settable should be allowed to it.

Bug: 73871799
Test: succeeded building and tested with taimen
Change-Id: Ie62b91e7e3d7e05425b742838417f1cab7b3fed4
Merged-In: Ie62b91e7e3d7e05425b742838417f1cab7b3fed4
(cherry picked from commit ac8c6e3d)

The ConfirmationUI API has a callback interface by which confirmation
results are presented to the calling app. This requires keystore to call
into apps.

Test: Device boots and no more denials when call back is delivered to
      apps.
Bug: 63928580
Change-Id: Ie23211aeb74c39956c3c3b8b32843d35afa1315a

Use the user policy when running the compatibility tests.

Bug: 74344625
Test: Built policy for many devices.  Booted one device.
Test: Delete some compat rules, verify error on userdebug.
Change-Id: Ib2df2dfc06cdf55a839011e9a528e76160a9e436
(cherry picked from commit c1486218)

Verify that the SELabels used in property_contexts correspond to a
real type in the SEPolicy and that this type has the property_type attribute.

Additionally add a check that vendor property_context files do not
duplicate entries in plat property_contexts, and a similar check that
odm property_contexts doesn't duplicate either plat or vendor
property_contexts.

Bug: 74078792
Test: Build property_contexts on bullhead successfully
Test: See failure when using a faulty SELabel in property_contexts
Test: See failure when duplicating label in vendor and plat property_contexts
Change-Id: I4d2338dab68f1c5a8ed110aa7821f0677f61bafb
(cherry picked from commit a15df75d)

Suppress WAI denials from crashdump.

Test: build/flash Taimen. Verify no new denials.
Bug: 68319037
Change-Id: If39d057cb020def7afe89fd95e049e45cce2ae16

This allows an optimization that consists in the "perfetto" cmdline
client passing directly the file descriptor for the output trace
to traced (as opposite to having traced streaming back the trace
data to "perfetto" and having that one doing the write() into file).
This reduces sensibly the memory traffic and CPU overhead of traces
with a minor change.

Bug: 73625179
Test: builds + perfetto_integrationtests w/ long_trace.cfg
Change-Id: I81f5a230338ced20dc543fd91c5a0bd0e58725f2
Merged-In: I81f5a230338ced20dc543fd91c5a0bd0e58725f2
(cherry picked from aosp/648831)

The permission to allow system_server to access sys/fs/bpf/ directory
is missing. Add it back so it can get the bpf maps from the bpf_fs.

Test: device boot and no more denial information of system_server try to
searcg in fs_bpf
      atest android.net.cts.TrafficStatsTest
Bug: 75285088

Change-Id: I1040cde6c038eccc4e91c69a10b20aa7a18b19f6
(cherry picked from aosp commit f83bbd17)

Kernel modules are not permitted to be on /system partition.
That was one of Treble requirements in O:
https://source.android.com/devices/architecture/kernel/modular-kernels#file-locations

Bug: 74069409
Test: pixel/nexus devices don't have LKMs in /system, so this change
shoudl be harmless.
Test: walleye boots without issues from modprobe.
Merged-In: I8b3aeb55aacb3c99e0486224161d09a64bb52cd1
Change-Id: I8b3aeb55aacb3c99e0486224161d09a64bb52cd1

(cherry picked from commit 6ef9f523)

ro.config.low_ram should be set on Android Go devices by SoC vendors,
and the value can be read by vendor components.

Bug: 76132948
Bug: 75987246
Test: succeeded building and tested with taimen
Change-Id: I6ac98fa58cf641da4565d6277898fc5e5e6ceca1
Merged-In: I6ac98fa58cf641da4565d6277898fc5e5e6ceca1
(cherry picked from commit 7dd2e025)

So that perfprofd can send larger packets to dropbox.

Follow-up of commit 3fa95acb.

(cherry picked from commit c9df8437)

Bug: 73175642
Test: m
Test: manual
Merged-In: I88d1f83962243589909ff1ce3d02195e7c494256
Change-Id: I88d1f83962243589909ff1ce3d02195e7c494256

Based on the following audit message:

type=1400 audit(1521738979.005:385): avc: denied { write } for pid=1269
comm="Binder:1269_B" name="timerslack_ns" dev="proc" ino=254190
scontext=u:r:system_server:s0 tcontext=u:r:hal_audio_default:s0
tclass=file permissive=1

Bug: 74110604
Test: adb shell dmesg | grep hal_audio_default
Change-Id: I4c2e787588eb9d223d5e50e1bc8f67876de97c2e

This CL adds the SELinux permissions required to execute
atrace and get userspace tracing events from system services.
This is to enable tracing of events coming from surfaceflinger,
audio HAL, etc.
atrace, when executed, sets a bunch of debug.atrace. properties
and sends an IPC via binder/hwbinder to tell the services to
reload that property.

This CL does NOT affect systrace. In that case (i.e. when
atrace is executed from adb/shell) atrace still runs in
the shell domain and none of those changes apply.

Change-Id: I11b096d5c5c5593f18bce87f06c1a7b1ffa7910e
Merged-In: I11b096d5c5c5593f18bce87f06c1a7b1ffa7910e
Merged-In: Iba195d571aec9579195d79d4970f760e417608c6
Bug: b/73340039

To better record the network traffic stats for each network interface.
We use xt_bpf netfilter module to do the iface stats accounting instead
of the cgroup bpf filter we currently use for per uid stats accounting.
The xt_bpf module will take pinned eBPF program as iptables rule and run
the program when packet pass through the netfilter hook. To setup the
iptables rules. netd need to be able to access bpf filesystem and run the
bpf program at boot time. The program used will still be created and
pinned by the bpfloader process.

Test: With selinux enforced, run "iptables -L -t raw" should show the
xt_bpf related rule present in bw_raw_PREROUTING chain.
Bug: 72111305

Change-Id: I11efe158d6bd5499df6adf15e8123a76cd67de04
(cherry picked from aosp commit 5c95c168)

* changes:
  Add /odm/etc/selinux/odm_mac_permissions.xml
  Add /odm/etc/selinux/odm_hwservice_contexts
  Add /odm/etc/selinux/odm_property_contexts
  Add /odm/etc/selinux/odm_seapp_contexts
  Add /odm/etc/selinux/odm_file_contexts
  Add /odm/etc/selinux/odm_sepolicy.cil

Test: manual
Bug: 75318418
Merged-In: I700c1b8b613dba1c99f4fbffdd905c0052c1b2e7
Change-Id: I700c1b8b613dba1c99f4fbffdd905c0052c1b2e7

* changes:
  silence innocuous denials to /proc and /sys
  proc_type attribute for files under /proc.

Bug: 74182216
Test: build policy
Change-Id: Idf90c1a96943266d52508ce72b8554d8b5c594c9
(cherry picked from commit 09b1d962)

With this attribute it will be easier to reference /proc files.

Bug: 74182216
Test: policy builds
Change-Id: I5b7da508d821e45f122832261a742a201e8fdf2c
(cherry picked from commit 41bf08e5)

This should fix audio on non-Treble devices.

Bug: 75949883
Test: Built policy.
Merged-In: I90a4648aaf975d59be36afd5f62c88a015af10f7
Change-Id: I90a4648aaf975d59be36afd5f62c88a015af10f7
(cherry picked from commit 6e8bfa2d)

Bug: 72643420
Test: n/a
Change-Id: Iba86b7d77582e85de7469bedaf31465205e42433

Bug: 64240127
Test: normal boot a device
Change-Id: I276ba6bc88eabb0d5562e4e96d3860eedb76aed5
Merged-In: I276ba6bc88eabb0d5562e4e96d3860eedb76aed5
(cherry picked from commit af7d85f8)

Bug: 64240127
Test: normal boot and recovery boot a device
Change-Id: I22d29e8476380d19aca1be359e0228ab6bbc3b0f
Merged-In: I22d29e8476380d19aca1be359e0228ab6bbc3b0f
(cherry picked from commit ad6231f5)

Bug: 64240127
Test: normal boot and recovery boot a device
Change-Id: Ibd71219f60644e57370c0293decf11d82f1cb35c
Merged-In: Ibd71219f60644e57370c0293decf11d82f1cb35c
(cherry picked from commit 1f717b10)

Bug: 64240127
Test: normal boot a device
Change-Id: I3626357237cc18a99511f1ebd9dd3ff5a7655963
Merged-In: I3626357237cc18a99511f1ebd9dd3ff5a7655963
(cherry picked from commit ecf656b0)

Bug: 64240127
Test: normal boot and recovery boot a device
Change-Id: I087292fb23d05fc17272778d668ac78a721b2593
Merged-In: I087292fb23d05fc17272778d668ac78a721b2593
(cherry picked from commit bae1517a)

This change adds the support of odm sepolicy customization, which can
be configured through the newly added build varaible:
    - BOARD_ODM_SEPOLICY_DIRS += device/${ODM_NAME}/${BOM_NAME}/sepolicy

Also moving precompiled sepolicy to /odm when BOARD_ODM_SEPOLICY_DIRS
is set. On a DUT, precompiled sepolicy on /odm will override the one in
/vendor. This is intentional because /odm is the hardware customization
for /vendor and both should be updated together if desired.

Bug: 64240127
Test: boot a device with /odm partition
Change-Id: Ia8f81a78c88cbfefb3ff19e2ccd2648da6284d09
Merged-In: Ia8f81a78c88cbfefb3ff19e2ccd2648da6284d09
(cherry picked from commit 45457e3a)