Bug: 77816522
Bug: 73947096

Test: Flashed device, no denial seen
Change-Id: Ib2f1fc670c9a76abbb9ff6747fec00fa5bcde5af
(cherry picked from commit 62913dbf)

The 'sync' tracepoint was updated to be 'fence' in kernel 4.9, so this
change also adds that one to the list.

Bug: 79935503
Test: Took a trace using 'sync' in user mode and saw the tracepoints
being saved.

Change-Id: I793c6f54cd9364f33853983f8c5dfb28b98c2708

This is needed when ueventd needs to read device tree files
(/proc/device-tree). Prior to acccess, it tries to read
"androidboot.android_dt_dir" from kernel cmdline for a custom
Android DT path.

Bug: 78613232
Test: boot a device without unknown SELinux denials
Change-Id: Iff9c882b4fcad5e384757a1e42e4a1d1259bb574
(cherry picked from commit 98ef2abb)

Test: booted metadata-encrypted device
Bug: 79781913
Change-Id: Ib4cb4a04145e5619994083da055f06fe7ae0137a

This allows Android Keystore to statically register support for 3DES
during zygote initialization based on the device's support for hardware
backed 3DES keys.

Bug: b/79986680
Test: keystore CTS
Change-Id: Ic9a6653cdd623a3ab10e0efbcdb37c437e6c59b9

System properties can be abused to get around Treble requirements of
having a clean system/vendor split.  This CL seeks to prevent that by
neverallowing coredomain from writing vendor properties.

Bug: 78598545
Test: build 2017/2018 Pixels
Test: build aosp_arm64
Change-Id: I5e06894150ba121624d753228e550ba9b81f7677

to workaround some VTS VtsKernelLtp failures introduced by
change on vfs_iter_write here:
https://android.googlesource.com/kernel/hikey-linaro/+/abbb65899aecfc97bda64b6816d1e501754cfe1f%5E%21/#F3

for discussion please check threads here:
https://www.mail-archive.com/seandroid-list@tycho.nsa.gov/msg03348.html



Sandeep suggest to re-order the events in that thread,
that should be the right solution,
this change is only a tempory workaround before that change.

Bug: 79528964
Test: manually with -m VtsKernelLtp -t VtsKernelLtp#fs.fs_fill_64bit

Change-Id: I3f46ff874d3dbcc556cfbeb27be21878574877d1
Signed-off-by: Yongqin Liu <yongqin.liu@linaro.org>
(cherry picked from commit 64ff9e95)
Merged-In: I3f46ff874d3dbcc556cfbeb27be21878574877d1

Mtp needs access to this path in order to
change files on an sdcard.

Fixes denial:

05-14 17:40:58.803  3004  3004 W MtpServer: type=1400 audit(0.0:46):
avc: denied { search } for name="media_rw" dev="tmpfs" ino=10113
scontext=u:r:mediaprovider:s0:c512,c768
tcontext=u:object_r:mnt_media_rw_file:s0 tclass=dir permissive=0
b/77925342 app=com.android.providers.media

Bug: 77849654
Test: no denials using mtp with emulated sdcard
Change-Id: I27b5294fa211bb1eff6d011638b5fdc90334bc80

Add an exemption to neverallow rule to use sockets from HAL servers only
for automotive build

Bug: 78901167
Test: assign this attribute to hal_vehicle_default and try to open
socket from HAL implementation
Test: verify that new CTS test will fail for non-automotive build with
this attribute buing used
Test: make cts && cts-tradefed run singleCommand cts --skip-device-info
 --skip-preconditions --abi arm64-v8a --module CtsSecurityHostTestCases
 -t android.security.cts.SELinuxHostTest

Change-Id: I27976443dad4fc5b7425c089512cac65bb54d6d9

This relaxes the neverallow rule blocking vendor_init from doing
anything to vold_metadata_file.  The rules above it still prevent it
from doing anything other than relabelto and getattr.

Bug: 79681561
Test: Boot device and see no denials.
Change-Id: I1beb25bb9f8d69323c9fee53a140c2a084b12124

Bug: 78605339
Test: aosp_walleye-userdebug builds
Change-Id: I37c84e20f2284d50cbe29bfa1b7597dd2c01fb4b

[  196.680228] type=1400 audit(1526230655.786:26): avc: denied { getattr } for
 pid=7159 comm="df" path="/metadata" dev="sda20" ino=2 scontext=u:r:dumpstate:s0
 tcontext=u:object_r:metadata_file:s0 tclass=dir permissive=0

Bug: 66967195
Bug: 79552162
Test: adb bugreport
Change-Id: Ib2abbc35e04a69992fa09a596694f428d3adc7c1
Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>

The property is set on builds which profile the boot image.

Test: m
Bug: 73313191

(cherry-pick form commit d99f4acf2ddaeede543eba6fb78fe7931318d652)

Merged-In: Ie0cd54f23250df02850c38bb14e92d4b1fa04f16
Change-Id: Ie0cd54f23250df02850c38bb14e92d4b1fa04f16

Bug: 79228237
Test: audit2allow finds no relevant denials on boot
Change-Id: Ia80b77ba9a1ec2354127cd0ef68d50ebcf593fb0

The goal is to allow creating profile snapshots from the shell command in
order to be able to write CTS tests.

The system server will dump profiles for debuggable in /data/misc/profman
from where they will be pulled and verified by CTS tests.

Test: adb shell cmd package snapshot-profile com.android.vending
Bug: 74081010
Change-Id: I54690305284b92c0e759538303cb98c93ce92dd5

com.android.server.power.PowerManagerServiceTest#testGetLastShutdownReasonInternal due to "RuntimeException: failed to set system property"

W/roidJUnitRunner: type=1400 audit(0.0:6): avc: denied { write } for name="property_service" dev="tmpfs" ino=13178 scontext=u:r:platform_app:s0:c512,c768 tcontext=u:object_r:property_socket:s0 tclass=sock_file permissive=0
W/libc    : Unable to set property "test.sys.boot.reason" to "shutdown,thermal": connection failed; errno=13 (Permission denied)

Had to use precise property definition as com.android.phone accesses
test properties as well.

Test: compile
Bug: 78245377
Change-Id: I2cc810846f8615f2a2fae8e0d4f41de585b7abd7

This should help fix presubmit tests.

Bug: 79414024
Test: Built policy.
Change-Id: Ic840150767ff6c2799ac3b5ef22ba139108c94dd
(cherry picked from commit 06e09abd)

Bug: 71430241
Test: build/flash, grep for "avc: denied { read }" for mediacodec, should be empty on walleye
Change-Id: I12e1b11a969d3f979ca0cfbe4ca7db2bc5e46165

Let the audioserver record metrics with media.metrics service.
This is for 'audiopolicy' metrics.

Bug: 78595399
Test: record from different apps, see records in 'dumpsys media.metrics'
Change-Id: I63f9d4ad2d2b08eb98a49b8de5f86b6797ba2995

On userdebug builds we can now profile system server without disabling
selinux. This is the final piece, and allows the system server to save its
own profile.

Test: manual, on a device with system server profiling enabled
Bug: 73313191

(cherry picked from commit 71d8467b)

Change-Id: I93e7e01bfbd3146a8cfd26a1f6e88b640e9c4e0f

Bug: 78603347
Test: build and locally tested
Change-Id: I7e4eb8ebb2c1a0b7d684b471141da991a19bc98d

Bug: http://b/77729983
Test: treehugger
Change-Id: Ic8ce31396e5cad2e9b1f7aab2ace2f6c8e962d6d

It's used in build-time tests and in CTS.

Bug: 78898770
Test: build user-build
Change-Id: I254bf4d7ed0c0cb029b55110ceec982b84e4a91b
(cherry picked from commit beeb122405070a5b4cee326a0cdae92a1a791fbc)

vendor-init-settable|public-readable

Change-Id: I8262cc03150931080c0982350cd990ee8f5422bc
Fixes: 78636965
Test: adb shell getprop ro.oem.key1

Bug: 70637118
Test: m && emulator ; also verified on bat_land
Change-Id: I39dd17d20acc8d380f36e207679b8b1eba63a72e

Bug: 78205669
Bug: 78430613
Test: succeeded building
Change-Id: Ie098b839a050058424673f0d8961b7a194a2caab

Test: pass Multimedia File Compatibility test
Test: time to start playing mid file with GPM: ~10s => ~1.2s
Bug: 76422052, Bug: 67480585, Bug: 30751071
Change-Id: I4e9824b21dab1dafdcca5824367a7fe39a37e2f7

Update prebuilts for API 28.

Bug: 77958490
Test: m
Test: manual
Change-Id: Ic3f8599266ff8fffdff1492a5600a10f6fecbe88

Bug: 77589980
Test: diff -r system/sepolicy/public system/sepolicy/prebuilts/api/28.0/public is empty
Change-Id: I5ecb003e893d87e36e096208e505ad1264c288aa

Bug: 77589980
Test: Build
Change-Id: I5395314006f42dd3c925fed554c04d182ddde2c5

Bug: 77588754
Test: builds
Change-Id: I61ceb438cd532584847ddd55c0eeaefebdcfa51c

This file is /vendor/etc/selinux/nonplat_sepolicy.cil from aosp_arm64-eng
from mr1-dev

Bug: 69390067
Test: prebuilt only change
Change-Id: I717513ae66e806afe0071cf5b42e9f709264d0b6

Bug: 65551293
Bug: 69390067
Test: None. Prebuilt only change.
Change-Id: I62304b342a8b52fd505892cc2d4ebc882148224b

"storaged" service will be used by external clients, e.g. vold, dumpsys
"storaged_pri" service will only be used by storaged cmdline.

Bug: 63740245
Change-Id: I7a60eb4ce321aced9589bbb8474d2d9e75ab7042

Bug: 37916906
Test: Builds 'n' boots.
Change-Id: Ia1d86264446ebecc1ca79f32f11354921bc77668
Merged-In: I208ec6a864127a059fb389417a9c6b259d7474cb

The following commits were cherry-picked from internal master to AOSP,
but to avoid merge-conflicts we'll do a large diff instead of individual
cherry-picks:
521742e9
9aefc916
3686efca
de51e7de
fff3fe2f

Bug: 37916906
Test: angler builds and boots.
Merged-In: Ie010cc12ae866dbb97c387471f433158d3b699f3
Change-Id: I5126ebe88b9c76a74690ecf95851d389cfc22d1f

In order to bring AOSP development back in-line with master development,
some CLs were cherry-picked individually from internal master to AOSP,
which were then merged back into internal master (MERGED-IN was missing).
Due to merge-conflict pain, these are being reverted in favor of one
big diff.  This CL reverts the changes that were auto-merged in as a result,
and can be used as the target of MERGED-IN when reverting the individual
cherry-picks in AOSP.

This reverts commit a08fe91e, reversing
changes made to 11481d1d.

This reverts commit 7ec5ecfb, reversing
changes made to 6fecbbb2.

Bug: 37916906
Test: Builds 'n' boots.

Add /dev/kmsg_debug on userdebug devices, to allow crash_dump to log
crashes to dmesg when logd isn't up yet (or is the one crashing).

(Originally commited in a015186f)
(cherry-pick of commit: 3458ec13)

Bug: 37916906
Bug: 36574794
Bug: 62101480
Test: Builds and boots.
Change-Id: I83aa392f49bb412d96534925fb02921a8f4731fa

(cherry-pick of commit: 55c77504)

Bug: 37916906
Bug: 37896931
Test: none, just prebuilt update.
Change-Id: I55b5179f98703026699a59cce4b2e1afb166fd1d

More changes went into oc-dev after the freeze-date.  Reflect them.
(cherry-pick of commit: 148578a6)

Bug: 37916906
Bug: 37896931
Test: prebuilts - none.
Change-Id: I3300751ea7362d5d96b327138544be65eb9fc483