Update for debugfs labeling changes.

Update for simpleperf behavior with stack traces (temp file).

Bug: 73175642
Test: m
Test: manual - run profiling, look for logs
Change-Id: Ie000a00ef56cc603f498d48d89001f566c03b661

This reverts commit 942500b9.

Bug: 75287236
Test: boot a device
Change-Id: If81a2d2a46979ffbd536bb95528c3b4ebe3483df

See also go/perfetto-io-tracing-security.

* Grant CAP_DAC_READ_SEARCH to traced_probes.
* Allow traced_probes to list selected labels.
* Change ext4 and f2fs events to be available on user builds.

Bug: 74584014
Change-Id: I891a0209be981d760a828a69e4831e238248ebad

The kernel generates file creation audits when O_CREAT is passed even
if the file already exists - which it always does in the cgroup cases.

We add neverallow rules to prevent mistakenly allowing unnecessary
create access. We also suppress these denials, which just add noise to
the log, for the more common culprits.

Bug: 72643420
Bug: 74182216

Test: Ran build_policies.sh and checked failures were unrelated.
Test: Device still boots, denials gone.
Change-Id: I034b41ca70da1e73b81fe90090e656f4a3b542dc
(cherry picked from commit 92c149d0)

In permissive mode we get more spurious denials when O_CREAT is used
with an already-existing file. They're harmless so we don't need to
audit them.

Example denials:
denied { add_name } for name="trigger" scontext=u:r:init:s0 tcontext=u:object_r:sysfs_leds:s0 tclass=dir permissive=1
denied { create } for name="trigger" scontext=u:r:init:s0 tcontext=u:object_r:sysfs_leds:s0 tclass=file permissive=1

Bug: 72643420
Bug: 74182216

Test: Device boots, denials gone.
Change-Id: I54b1a0c138ff5167f1d1d12c4b0b9e9afaa5bca0
(cherry picked from commit 7d4294cb)

Bug: http://b/73140330
Test: boots
Change-Id: I8fd27c6eb8c99870cb77019ae06bdb46a934ffc9

We only need this change for aosp devices. Internal sepolicy for healthd
domain is different and does not need this.

Addresses this denial:
avc: denied { open } for path="/sys/class/power_supply" dev="sysfs"
ino=25340 scontext=u:r:healthd:s0 tcontext=u:object_r:sysfs:s0
tclass=dir permissive=1

Test: $OUT/vendor/etc/selinux/precompiled_sepolicy contains the new
permission.
Change-Id: Ie47c231af800026fd9d8a1f752253bb338768c13

The ConfirmationUI API has a callback interface by which confirmation
results are presented to the calling app. This requires keystore to call
into apps.

Test: Device boots and no more denials when call back is delivered to
      apps.
Bug: 63928580
Change-Id: Ie23211aeb74c39956c3c3b8b32843d35afa1315a

Give statsd rights to connect to perfprofd in userdebug.

Test: mmma system/extras/perfprofd
Change-Id: Idea0a6b757d1b16ec2e6c8719e24900f1e5518fd

A default value of persist.radio.multisim.config can be set by SoC
vendors, and so vendor-init-settable should be allowed to it.

Bug: 73871799
Test: succeeded building and tested with taimen
Change-Id: Ie62b91e7e3d7e05425b742838417f1cab7b3fed4

Suppress WAI denials from crashdump.

Test: build/flash Taimen. Verify no new denials.
Bug: 68319037
Change-Id: If39d057cb020def7afe89fd95e049e45cce2ae16
(cherry picked from commit cc0304cf)

This reverts commit 6f2040f8.

Reason for revert: not needed anymore after ag/3773705
This was meant to allow system_server toggling the property on/off.
Later we realized that we needed a separate property for that 
(see discussion in b/76077784) and system server happens to
have already permissions to write to sys.* properties even without
this CL.
Reverting because at this point this creates just unnecessary clutter.

Change-Id: Ia73d000aad3c4288a5652047dfe10896e231b0b1
Test: perfetto_integrationtests
Bug: 76077784

ro.config.low_ram should be set on Android Go devices by SoC vendors,
and the value can be read by vendor components.

Bug: 76132948
Bug: 75987246
Test: succeeded building and tested with taimen
Change-Id: I6ac98fa58cf641da4565d6277898fc5e5e6ceca1

Bug: 74182216
Test: build bullhead, sailfish sepolicy
Change-Id: I6d0635a49c025870c9ecb46147e6c9a1c407fe16

This reverts commit 09b1d962.

Reason for revert: bullhead broken

Change-Id: Ib4562f944cdc2618cc3ed3beb4f612f0ef8b3223

Test: manual
Bug: 75318418
Change-Id: I700c1b8b613dba1c99f4fbffdd905c0052c1b2e7

Kernel modules are not permitted to be on /system partition.
That was one of Treble requirements in O:
https://source.android.com/devices/architecture/kernel/modular-kernels#file-locations

Bug: 74069409
Test: pixel/nexus devices don't have LKMs in /system, so this change
shoudl be harmless.
Test: walleye boots without issues from modprobe.
Change-Id: I8b3aeb55aacb3c99e0486224161d09a64bb52cd1

This reverts commit 88cd813f.

Bug: 75287236
Test: boot a device
Change-Id: Id1bc324e7bd0722065d8a410af31fd6b7aaa9d1c

Bug: 74182216
Test: build policy
Change-Id: Idf90c1a96943266d52508ce72b8554d8b5c594c9

With this attribute it will be easier to reference /proc files.

Bug: 74182216
Test: policy builds
Change-Id: I5b7da508d821e45f122832261a742a201e8fdf2c

To enable/disable the traced and traced_probes deamons remotely we would
like system server to be able to set persist.traced.enable.
See also ag/3736001.

Denial:
selinux: avc: denied { set } for
property=persist.traced.enable
pid=1606 uid=1000 gid=1000
scontext=u:r:system_server:s0
tcontext=u:object_r:default_prop:s0 tclass=property_service
permissive=0\x0a

Run:
$ adb shell 'ps -A | grep traced'
Should see traced.
$ adb shell 'settings put global sys_traced 0'
$ adb shell 'ps -A | grep traced'
Should no longer see traced.

Test: See above.
Change-Id: I245b7df3853cabeb0e75db41fb4facaa178ab8f1

Several /odm/* symlinks are added in the following change, to fallback
to /vendor/odm/* when there is no /odm partition on the device.

  https://android-review.googlesource.com/#/c/platform/system/sepolicy/+/638159/

This change allows dexopt operations to 'getattr' those symlinks during
OTA.

Bug: 75287236
Test: boot a device
Change-Id: I2710ce5e2c47eb1a3432123ab49f1b6f3dcb4ffe

Bug: 74586749
Test: build policy
Change-Id: I72a3b7c38eb9030ffac0d2dde23a9ff7c26fd70a

Bug: 74866333
Test: succeeded building and tested with taimen
Change-Id: Id19fec168ab266e386ea4c710a4c5cedfc4df33c

Allow init the ability to relabel recovery block devices. In the case
where we have recovery as a chain partition, due to its presence in
early mount node, init, in first stage itself would require relabel
permissions for the restorecon operation on recovery block device.

Bug: 73642793
Test: On bootup, recovery partition gets the appropriate se-label.
      Perform OTA on non-A/B device with recovery as chain partition,
      now the recovery partition gets upgraded successfully, now that
      it has the correct se-label.

Change-Id: I370c510320e78ab78c9c55573073415b4983d0f6

Bug: 64195575
Test: boot a device
Change-Id: I7f7deb5e2c5c6e0a75cf22eb610a7973b5be0d7e

vendor-init-settable should be allowed to ro.enable_boot_charger_mode so
that SoC vendors can set its default value.

Bug: 74421250
Test: succeeded building and tested with taimen
Change-Id: I2859aab29fefb7882989413a089b0de55142d2f1

Add rule to allow Binder call from Bluetooth process to Bluetooth
audio HIDL interface running in audio HAL service process.

Bug: 72242910
Test: Manual; TestTracker/148125
Change-Id: I1981a78bece10b8e516f218d3edde8b77943d130
(cherry picked from commit e8cfac90e8bf14466b6431a21bc5ccd4bf6ca3ea)

This reverts commit 016f0a58.

Reason for revert: Was temporarily reverted, merging back in with fix.

Test: Basic telephony sanity, treehugger
Bug: 74486619
Bug: 36427227
Merged-in: Ide68726a90d5485c2758673079427407aee1e4f2
Change-Id: Ide68726a90d5485c2758673079427407aee1e4f2
(cherry picked from commit 312248ff)

Bug: 69623109
Change-Id: I7d194a3489fc5ff278cef7bebe9bfe6c39d3b2b8

This reverts commit aed57d4e.

Reason for revert: This CL is expected to break pre-submit tests (b/74486619)

Merged-in: I103c3faa1604fddc27b3b4602b587f2d733827b1
Change-Id: I0eb7a744e0d43ab15fc490e7e7c870d0f44e1401

/odm partition isn't mandatory and the following symlinks will exist on
a device without /odm partition.

  /odm/app ->/vendor/odm/app
  /odm/bin ->/vendor/odm/bin
  /odm/etc ->/vendor/odm/etc
  /odm/firmware ->/vendor/odm/firmware
  /odm/framework ->/vendor/odm/framework
  /odm/lib -> /vendor/odm/lib
  /odm/lib64 -> /vendor/odm/lib64
  /odm/overlay -> /vendor/odm/overlay
  /odm/priv-app -> /vendor/odm/priv-app

This CL allows all domains to access the symlinks, also removes the
Treble compliance neverallows on them because the actual restrictions
should apply to the real path directly.

Bug: 70678783
Test: boot a device
Change-Id: If1522780a13710d8a592272dc688685cbae29f52

Also change the neverallow exceptions to be for hal_telephony_server
instead of rild.

Test: Basic telephony sanity, treehugger
Bug: 36427227
Merged-in: If892b28416d98ca1f9c241c5fcec70fbae35c82e
Change-Id: If892b28416d98ca1f9c241c5fcec70fbae35c82e

Bug: 74266614
Test: succeeded building and tested on pixel
PRODUCT_COMPATIBLE_PROPERTY_OVERRIDE=true

Change-Id: I926eb4316c178a39693300fe983176acfb9cabec
Merged-In: I926eb4316c178a39693300fe983176acfb9cabec
(cherry picked from commit 9ddba296)

Test: eSE initializes at boot
Bug: 64881253
Change-Id: Ib2388b7368c790c402c000adddf1488bee492cce

ADB is being separated from USB service since it's not tied to the USB
transport. This duplicates the usb_service's settings to adb_service for
this purpose.

Bug: 63820489
Test: make
Change-Id: Idbcfbe470d7568f9cba51f0c8d4a8ee9503db93d

We already grant rw file access, but without dir search it's not much
use.

denied { search } for name="vibrator" dev="sysfs" ino=49606 scontext=u:r:hal_vibrator_default:s0 tcontext=u:object_r:sysfs_vibrator:s0 tclass=dir permissive=0

Bug: 72643420
Test: Builds, denial gone
Change-Id: I3513c0a14f0ac1e60517009046e2654f1fc45c66

Bug: 73952536
Test: run cts -m CtsCameraTestCases -t android.hardware.camera2.cts.IdleUidTest#testCameraAccessBecomingInactiveUid
Change-Id: I508352671367dfa106e80108c3a5c0255b5273b2

The kernel is unusual in that it's both a core process, but vendor
provided. Exempt it from the restriction against accessing files from
on /vendor. Also, rework the neverallow rule so that it disallows
opening/modifying files, but allows reading files passed over IPC.

Bug: 68213100
Test: build (this is a build-time test)
Change-Id: I2f6b2698ec45d2e8480dc1de47bf12b9b53c4446

Allow hal audio to use vndbinder

Change-Id: I83fc8d5b873bfc4e36f44e423d5740cb5e9739ee