This is needed to allow it to log audit events, e.g. cert
validation failure.

Bug: 70886042
Test: manual, attempt connecting to EAP-TLS wifi with bad cert.
Change-Id: Ia1b0f3c6e02697fdb5018082d5c851f116013fb1

am: f5574d1b

Change-Id: I8c70a9fbeffe2236255f67cc0218c7c51e97d074

am: 587349ea

Change-Id: I78c821f69203937273240cfa3e3ffdd722b89a06

am: 72527282

Change-Id: I82b742a07554cc8795e5797c1811c4c13cfd3e33

am: d16b2042

Change-Id: Ib80347beb47af7669c6414451346f197c299b53a

am: 40ec83ce

Change-Id: I46f17e0dade926056c4ab9f39a9ec4064d12e597

am: 1f447485

Change-Id: Ia504ee90ef703fd46f6021e2b893f8f4104a4b65

am: 56de7f37

Change-Id: If90c563eb92b1c1a1a3078d77ec6e38b03793d70

am: 73a2cf20

Change-Id: Iae2c40185b51dfb87c7e444483efde7641cf4d59

am: 5670dd1f

Change-Id: I13a91e18ba39271693fa7d2cdae641882e533806

Bug: 30561479

Test: Booted on walleye and verified that read denials of the property
Test: do not generate warnings.
Change-Id: I61a4a7d3a360a6d27d8986eb8f3f9662272233b1
(cherry picked from commit 2f35f5ca)

Test: n/a
Change-Id: I7041cc0f17ece86c01db1d9c17f68b58473cf27c

To areas need better coverage:
1. Tests are not verifying that files in /data/vendor do not have the
core_data_file_type attribute.
2. No error is thrown if a type lives in both /data/vendor
/data/<not vendor>.

Bug: 72998741
Test: build all selinux policies on master (assert build time tests)
Test: build and boot Marlin and Taimen, verify no selinux denials and
    everything works as expected.

Change-Id: I133a068123139a599b9b81ddcc254616894621eb

am: 4eb7864e

Change-Id: Ieb789cd2a32566befb14d9ce9de13c687e5d3282

am: 5a0e658f

Change-Id: I35b03c9600d9c94a1be98e145a62570e073a52c5

am: 2732f149

Change-Id: Icaf1a00c58252fa8aee8aefd4b25df5dafb94107

CTS tests need to be able to call, from hostside:
adb shell cmd stats dump-report (and others)
On a user build, this will fail because of an selinux policy violation
from shell. This cl fixes this by granting shell permission.

Similarly, Settings needs to communicate with statsd, so
system_app-statsd binder calls are given permission.

Bug: 72961153
Bug: 73255014
Test: run cts-dev -m CtsStatsdHostTestCases -t android.cts.statsd.atom.HostAtomTests
Test: manual confirmation
Change-Id: I6589ab4ef5c91a4a7f78eb97b63d9bb43e3d8f02

Allows the traced_probes daemon to access the core ftrace
functionalities on user builds. Specifically this involves:
- Whitelisting the per_cpu/ subdirectory to access:
  1) trace_pipe_raw file to allow perfetto to read the raw
     ftrace buffer (rather than the text-based /trace endpoint)
  2) cpuX/stats and cpuX/buffer_size_kb that allow to
     tune the buffer size per-cpu pipe and to get basic
     statistics about the ftrace buffer (#events, overruns)
- Whitelistiing the full event directories rather than the
  /enable files. This gives also access to the /format files
  for the events that are already enabled on user builds.
  /format files simply describe the memory layout
  of the binary logs. Example: https://ghostbin.com/paste/f8m4k

This still does NOT allow enabling the events labeled as
"_debug" (mostly events that return activity on inodes).
We'll deal with that separately as soon as we get a POC
of inode resolution and a sensible blacklist/whitelist model.

Bug: 70942310
Change-Id: Ic15cca0a9d7bc0e45aa48097a94eadef44c333f8

Bug: 30561479

Test: Booted on walleye and verified that read denials of the property
Test: do not generate warnings.
Change-Id: I61a4a7d3a360a6d27d8986eb8f3f9662272233b1

am: 3536edcf

Change-Id: Ie4d290a45e6563f3c238909d7a1baab6aa139601

am: 17777d53

Change-Id: Ib9f522a40252df20ce13cd29f50060db6d2a8c36

am: 7a567e3a

Change-Id: I729a92e34531f6726372b5639c94dcbd49edbe25

am: 4f0b721c

Change-Id: I904afb67ec4c38e5c1d214edfd9f34473e92c6ba

am: 40e15ab3

Change-Id: I486933e6d02f1905c31c336d12ee4e5bf9802d95

am: a099830e

Change-Id: Ia34c9097e45d7d68dfffc2a90cf1306ff2ce0e9c

This should fix presubmit tests.

Bug: 72550646
Test: Built policy.
Change-Id: Ib17d2a5e1635ff661d39d14169652f88b7a6e4f5

Bug: 72809699
Test: build
Change-Id: Ifb66ad13557af7d2dc6d3ef823e326a5fba51b24

The file under /proc/net/xt_qtaguid is going away in future release.
Apps should use the provided public api instead of directly reading the
proc file. This change will block apps that based on SDK 28 or above to
directly read that file and we will delete that file after apps move
away from it.

Test: Flashed with master branch on marlin, verified phone boot, can
      browse web, watch youtube video, make phone call and use google
      map for navigation with wifi on and off.
      run cts -m CtsNetTestCases -t android.net.cts.TrafficStatsTest
      run cts -m CtsAppSecurityHostTestCases -t \
      		android.appsecurity.cts.AppSecurityTests

Change-Id: I4c4d6c9ab28b426acef23db53f171de8f20be1dc

am: b695ad4e

Change-Id: I8d0d12de8a5ced1a7290867c01709fa6c41af81c

am: 5f51fc76

Change-Id: Ie3f9b5172ec6dd17dd4803e5b425b5799e982530

am: d388f370

Change-Id: Id3a7f0adc0ee9c20a219174c90a184d8d50acfc8