am: 282d599f

Change-Id: I0dd51bc443866c43407f72ccf1da55fb85833abf

am: 51572137

Change-Id: I2137c4aff726537196f6799d5368fa2391e7f019

am: 7c55e171

Change-Id: I266e4a9374fa256adfba46a51325478e288fd22c

Performanced needs to talk to the permission service to verify
permissions of clients to access certain restricted scheduler
policies.

Bug: 64337476
Test: performance_service_tests passes; logs do not contain avc
      denials for performanced -> permission service.

Change-Id: I31618ab1d3e79c3c10138d567b0f5606527020f9

Make sure that any attributes removed from policy are declared
in the mapping file, in case they are relied upon by vendor
policy.

Bug: 36899958
Test: Builds successfull, but not with removed attribute not
in mapping file.
Change-Id: I25526cd88a50e90513ae298ccf4f2660e4627fb4

Test: gts-tradefed run gts-dev --module=GtsSecurityHostTestCases
Bug: 64127136
Change-Id: Ib50294488bb1a5d46faed00d6954db64648fed20

am: 1d5131e9

Change-Id: Ib7c75f525c905b0bbdb2a9dae43ba2fe4a209122

am: 78b3d573

Change-Id: I097dadd96f4b1c73e0092ac57e4e4d126461cc8a

The treble compatibility tests check for policy differences between old
and new policy.  To do this correctly, we must not modify the policy which
represents the older policies.  Move the files meant to be changed to a
different location from the ones that are not meant to be touched to avoid
any undesired changes to old policy, e.g. commit:
2bdefd65078d890889672938c6f0d2accdd25bc5

Bug: 36899958
Test: Build-time tests build.
Change-Id: I8fa3947cfae756f37556fb34e1654382e2e48372

am: 124e1f65

Change-Id: Iba3dd4ccfd1335d5cdb6b686865096f60daaae39

am: 346a913c

Change-Id: If186db958ffcdb22d68e8a4cd6dd9b9f07e43e91

am: 12d1c4f7

Change-Id: Ifbdf852456a7fdfd13b03ae307c9716a7b35701a

am: f27bba93

Change-Id: I402b01b2930ba30293c441f413c7b40f5abdf469

untrusted_app_visible_hwservice was an attribute that was meant to
give partners time to add their HALs to AOSP.  It was removed from mr1
and so needs to be accounted for in the compatibility mapping.

Bug: 64321916
Test: Builds with treble policy tests.
Change-Id: I359a842083016f0cf6c9d7ffed2116feb9e159c6

Only seeing this denial in permissive:
allow shell screencap_exec:file getattr;

Bug: 37565047
Test: adb shell screencap w/o root
Test: cts-tradefed run cts-dev --module CtsAadbHostTestCases
Change-Id: I9f31d2067e002e7042646ee38dbfc06687481ac7

On Full Treble devices, servicemanager should only service
services from the platform service_contexts file.

Created new type to separate plat_ and nonplat_service_contexts,
and added new type to mapping (although I don't think this type
should have been used by vendors).

Bug: 36866029
Test: Marlin/Taimen boot
Change-Id: Ied112c64f22f8486a7415197660faa029add82d9

Allow vendors to extend e2fs rules to format other partitions.

Bug: 64430395
Change-Id: I51566f72dea814af97b1fedbd4618cd4095d64c3

Also fix up set() additions in mini_parser.py and add global reference to
the parser in tests for clarity.

Bug: 36899958
Test: rm public type in old policy from policy and observe test failure.
Change-Id: I6cba2473526798be871cd69249c9bbc6df2c5b4c

am: 7f7c3b82

Change-Id: I837282bfcae027b959405db611639a203e37bdfe

Add support to the treble_sepolicy_tests suite that explicitly look at
the old and current policy versions, as well as the compatibility file,
to determine if any new types have been added without a compatibility
entry.  This first test catches the most common and likely changes that
could change the type label of an object for which vendor policy may have
needed access.  It also should prove the basis for additional compatibility
checks between old and new policies.

Bug: 36899958
Test: Policy builds and tests pass.
Change-Id: I609c913e6354eb10a04cc1a029ddd9fa0e592a4c

am: aaa94fa9

Change-Id: I2c7517758d6839f127f8a077f7719e2bf4922a49

Commit: 2490f1ad meant to add
thermalserviced_tmpfs to the new_object list in the mapping file,
but copy-paste error resulted in thermalserviced_exec_tmpfs being
recorded instead.  Fix this.

(cherry-pick of commit: fbacc656)

Bug: 62573845
Test: None. prebuilt change.
Change-Id: Iab4eaef04742187d6397a539aae854651caa9935

am: 0e4e784c

Change-Id: I1b17dabba275688ef478654a8556cf587826a06c

am: e772a5cf

Change-Id: I529b863d3cbd4cbf1a925da451d55e1a3b62fd40

am: e9b2def7

Change-Id: I529939bc42f4e5a6331e1326350019281b44c4b2

A new API [getNamesForUids] was recently added to the PackageManager
and this API needs to be accessible to native code. However, there
were two constraints:
1) Instead of hand-rolling the binder, we wanted to auto generate
the bindings directly from the AIDL compiler.
2) We didn't want to expose/annotate all 180+ PackageManager APIs
when only a single API is needed.
So, we chose to create a parallel API that can be used explicitly
for native bindings without exposing the entirety of the
PackageManager.

Bug: 62805090
Test: Manual
Test: Create a native application that calls into the new service
Test: See the call works and data and returned
Change-Id: I0d469854eeddfa1a4fd04b5c53b7a71ba3ab1f41

Commit: ec3b6b7e added a new daemon
and corresponding types to sepolicy.  The explicitly declared types
were added to 26.0.ignore.cil to reflect the labeling of new objects,
but another type, thermalserviced_tmpfs was created by macro and was
missed in code review.  Add it as well.

Bug: 62573845
Test: None. prebuilt change.
Change-Id: Ia8968448eea0be889911f46fe255f581659eb548
(cherry picked from commit 2490f1ad)

Add sepolicy for thermalserviced daemon, IThermalService binder
service, IThermalCallback hwservice, and Thermal HAL revision 1.1.

Test: manual: marlin with modified thermal-engine.conf
Bug: 30982366
Change-Id: I207fa0f922a4e658338af91dea28c497781e8fe9
(cherry picked from commit ec3b6b7e)

am: 420be61f

Change-Id: I3a8adea22d24046301506d2143885a5e4b2f2b7a

am: 50e798e0

Change-Id: I299ff631812a45cbe40fc54d03e18d64a4293f99