am: f00d0563

Change-Id: Id6276f733fb5d52b2437927e13343d40c7d53007

am: 42f8d7b2

Change-Id: I76914b2339e3e1e53601ab2156a2fad6e70a6b46

am: 70d2bb43

Change-Id: I431de9cf6745203ef5c34b5c9e807df6bbac59f5

am: 43416421

Change-Id: I0c2dc5bb6385596b2eefadc26ade7cfe70bb9fe0

am: 98bc5730

Change-Id: I1af4b3012237e5ca48b3d382be4343e4d019093d

Update statsd sepolicies to avoid selinux violations during cts tests and pulling metrics am: e27af27f am: 955e543a
am: 941c04ac

Change-Id: I0b4408a14708e5cd657f483bb8802dc7e98ec913

am: 5f6aa039

Change-Id: I04ed395355e2f5244750585d26e5b4762a0c0a31

am: f9e7b002

Change-Id: I5749ef12d05909741209e012febdbb3a903932c9

Update statsd sepolicies to avoid selinux violations during cts tests and pulling metrics am: e27af27f
am: 955e543a

Change-Id: I8a9c4563ac6fc09e280e41c0bcef1d480f61e481

am: 73b9d8d8

Change-Id: Iaa17a95b76afdca7b7851728228b74b0d98a36fe

am: be7b1b4f

Change-Id: I58c660f564a39e2d60389d922a03966a9160e102

am: e27af27f

Change-Id: I40b4e204ec7d58c7d6971cf7e5e502e10011737a

* changes:
  vold_prepare_subdirs: grant chown
  statsd: annotate boot denials

Test: none
Change-Id: I42f2c2a09235d907b020c4924b91a3428f6c9d8e

Addresses:
avc: denied { chown } for comm="vold_prepare_su" capability=0
scontext=u:r:vold_prepare_subdirs:s0
tcontext=u:r:vold_prepare_subdirs:s0 tclass=capability

Bug: 71796118
Test: build
Change-Id: I64b2f1ad8d6e0748c5820b8a37a4fc4f4101d1fb

Point logspam to its owner.

Bug: 71537285
Test: build
Change-Id: I9db561ee6f2857214b7945b312e6d303630724ea

This CL lists all the exported platform properties in
private/exported_property_contexts.

Additionally accessing core_property_type from vendor components is
restricted.
Instead public_readable_property_type is used to allow vendor components
to read exported platform properties, and accessibility from
vendor_init is also specified explicitly.

Note that whitelisting would be applied only if
PRODUCT_COMPATIBLE_PROPERTY is set on.

Bug: 38146102
Test: tested on walleye with PRODUCT_COMPATIBLE_PROPERTY=true
Change-Id: I304ba428cc4ca82668fec2ddeb17c971e7ec065e

and pulling metrics

Bug: 63757906
Test: manual testing conducted
Change-Id: Ieba524ee676dfb4a457d39d025d203bf02a70831

am: 7c5113d7

Change-Id: I70969b44d0fe8cc732848453bcbb8657df7fd08c

am: 3ed0362a

Change-Id: I3b179791c46d07621c53f0e187b28c708ce46be0

am: c80f9e03

Change-Id: I1a9201094a3595e2db89688f9ab952453b424b63

Perfetto is a performance instrumentation and logging framework,
living in AOSP's /external/pefetto.
Perfetto introduces in the system one binary and two daemons
(the binary can specialize in either depending on the cmdline).

1) traced: unprivileged daemon. This is architecturally similar to logd.
   It exposes two UNIX sockets:
   - /dev/socket/traced_producer : world-accessible, allows to stream
     tracing data. A tmpfs file descriptor is sent via SCM_RIGHTS
     from traced to each client process, which needs to be able to
     mmap it R/W (but not X)
   - /dev/socket/traced_consumer : privilege-accessible (only from:
     shell, statsd). It allows to configure tracing and read the trace
     buffer.
2) traced_probes: privileged daemon. This needs to:
   - access tracingfs (/d/tracing) to turn tracing on and off.
   - exec atrace
   - connect to traced_producer to stream data to traced.

init.rc file:
https://android-review.googlesource.com/c/platform/external/perfetto/+/575382/14/perfetto.rc

Bug: 70942310
Change-Id: Ia3b5fdacbd5a8e6e23b82f1d6fabfa07e4abc405

Update priv_app selinux policy to allow gmscore to be able to communicate with statsd am: 31b11d8e am: 2722dd43
am: 64a01931

Change-Id: I4765ea7937590e10a5b5b7a7f095148694edb531

Update priv_app selinux policy to allow gmscore to be able to communicate with statsd am: 31b11d8e
am: 2722dd43

Change-Id: I7b480b4f6c1beca41c15f8ebd8e502bd1178196b

am: 31b11d8e

Change-Id: I39fd53f56099df371ec9f8ea8938b6aefb131f49

communicate with statsd

Test: manual testing conducted
Change-Id: Icd268e258f7cbdd9310baab53fe0c66f4f303d5e

Merge "Revert "Allow callers of uevent_kernel_*() access to /proc/sys/kernel/overflowuid"" am: 3ec0dbf7 am: df624b34
am: 45b0aa33

Change-Id: I9c08801a5fdf232f2e70d2d97e22e7d2e90dcbbb

am: 9690e8a8

Change-Id: I6ec5660254ca9a5a4d728ba435aab2ef2a79e657

am: 4e0f6546

Change-Id: I6fd4ce8b68e91ec4ae71809c056151367991e11b

am: 0b1ce9e5

Change-Id: I5bbe6ff9e173dffa67e60c4c43142505eac43699

Merge "Revert "Allow callers of uevent_kernel_*() access to /proc/sys/kernel/overflowuid"" am: 3ec0dbf7
am: df624b34

Change-Id: I86c278aa93c72a9c51335b1964bcf182c2fbb051

am: eeaed84e

Change-Id: I0a25153a1b0f725ce9e58b50b32d1bb474a4bfa2

am: b3b9475d

Change-Id: I8b293af18af8d65d9931e0d5cfb59d733e4c381e

am: d597857f

Change-Id: I8f835e0abc95c9b49a99dd903f3f1e6bfaf1cb60

am: 3ec0dbf7

Change-Id: I7425e40aa7fa6453597bd1ca11a2a7a7c0ed7889

This reverts commit d711d4d2.

Reason for revert: Shouldn't have submitted...

(cherry picked from commit e1b73b14)

Change-Id: I48054b667f5391d00ad40c43db5e23a4f42bbd2b

am: fbb05ff0

Change-Id: Iac6829e185218cb03dd5d430c25b43b61fc0ab13