am: 8ad57ef6

Change-Id: Ia8b668f32c10343fc9704be791e35a84127dc4b0

Delete rule for permission_service since we use packages.list instead.

Test: adb shell storaged -u
Bug: 34198239
Change-Id: Ic69d0fe185e627a932bbf8e85fc13163077bbe6b

am: 94668169

Change-Id: Iedaf0cb27d1bf4b0cf21a8a827b26fa12dcd326e

Test: pass
Change-Id: Ie1a6513f8fa9cb4b007fccefe63ccb78fcd45578

am: 7d98edfb

Change-Id: I77e9a25e3f12da33babd5f4bfe8e5a2f12eae0a0

- Allow cameraservice to talk to hwbinder, hwservicemanager
- Allow hal_camera to talk to the same interfaces as cameraservice

Test: Compiles, confirmed that cameraservice can call hwservicemanager
Bug: 32991422

(cherry picked from commit 9c43a3ff)
Change-Id: Ied0a3f5f7149e29c468a13887510c78d555dcb2a

Change-Id: I49ec3c6970ef51a220dbb6d9ec3c6b2b0c94612b

In my commit f41d89eb I forgot to
switch rild and gatekeeperd rules from explicitly associating these
domains with the hal_telephony and hal_gatekeeper to using the
hal_impl_domain macro. As a result, the recent commit
a2519226 inadvertently revoked
HwBinder access from rild and gatekeeperd.

This commit fixes the issue by switching rild and gatekeeperd to the
hal_impl_domain macro.

Test: "sepolicy-analyze out/target/product/bullhead/root/sepolicy attribute haldomain"
      now lists rild and gatekeeperd
Test: "sepolicy-analyze out/target/product/bullhead/root/sepolicy attribute hal_telephony"
      still lists rild
Test: "sepolicy-analyze out/target/product/bullhead/root/sepolicy attribute hal_gatekeeper"
      still lists gatekeeperd
Bug: 34180936
Bug: 34470443
Change-Id: I7949556f58c36811205d5ea3ee78ea5708e95b45

am: 4eddb3e3

Change-Id: Ic3968a0a3fb4d932b9d05afd0d38a16c96f03388

Fix the following denial:

tombstoned: type=1400 audit(0.0:563): avc: denied { append } for path="/data/anr/traces.txt" dev="sda35" ino=679941 scontext=u:r:tombstoned:s0 tcontext=u:object_r:anr_data_file:s0 tclass=file permissive=0

Bug: http://b/34472671
Test: mma
Change-Id: Iab5fbaf50888aa0f195841cb7e718ff393e526dd

Test: No change to SELinux policy
Change-Id: I45d6d6ab0538b9d4768b922cfdc2c972272d0b18

am: 937be2b4

Change-Id: I39dcb15e40757ff4340f2c1996e09a1c8f0e1c58

am: 2b2c74f8

Change-Id: I00841b24d684efe788e7794038f98da55d4c75e9

am: d5b6043f

Change-Id: I95dfe4238c5029a54fcabe3345441fddbb246c5e

As of https://android-review.googlesource.com/324092, ephemeral_app is
now an appdomain, so places where both appdomain and ephemeral_app are
granted the same set of rules can be deleted.

Test: policy compiles.
Change-Id: Ideee710ea47af7303e5eb3af1331653afa698415

am: 47ab9eaf

Change-Id: I4cda4881143e2bcdc49e9e4c8d5ae4775adf0252

This fixes the following issues introduced in commit
d225b697:
* plat_file_contexts was empty because the target was referencing
  system/sepolicy/private/file_contexts via a misspelled variable
  name.
* plat_file_contexts wasn't marked as dirty and thus wasn't rebuilt
  when system/sepolicy/private/file_contexts changed. This is because
  the file_contexts dependency was referenced via a misspelled
  variable name.
* plat_file_contexts wasn't sorted (as opposed to other similar
  targets, such as nonplat_file_contexts and file_contexts.bin). This
  may lead to unnecessary non-determinism.
* nonplat_file_contexts wasn't marked dirty and thus wasn't rebuilt
  when device-specific file_contexts file(s) changed. This is because
  the file_contexts files were referenced via a misspelled variable
  name.

Test: "make plat_file_contexts" produces a non-empty file containing
      mappings from system/sepolicy/private/file_contexts
Test: "make plat_file_contexts" updates output when
      system/sepolicy/private/file_contexts changes
Test: "make plat_file_contexts" produces output which is sorted
      accroding to rules in fc_sort
Test: "make nonplat_file_contexts" updates output when
      device/lge/bullhead/sepolicy/file_contexts changes (tested on
      aosp_bullhead-eng)
Bug: 31363362
Change-Id: I540555651103f02c96cf958bb93618f600e47a75

wificond is a system_server service used by wifi, wifi doesnt start now

This reverts commit b68a0149.

Change-Id: If958c852e5d8adf8e8d82346554d2d6b3e8306c9

am: 7b8c0020

Change-Id: Ic2c4e8329045e1e05274ce7b03af06b7422ff2cb

/sys/class/leds is the standard location for linux files dealing with
leds, however the exact contents of this directory is non-standard
(hence the need for a hal).

Bug: 32022100
Test: compiles and works for the subset of common files
Change-Id: I7571d7267d5ed531c4cf95599d5f2acc22287ef4

am: 899287a5

Change-Id: I4ec7235b3c0efcc62d3eca99064a21b7acb76c16

am: b7f86a72

Change-Id: I921ded110052555f9209eadae4f1b42090c062b7

am: 2796009e

Change-Id: I93b92d5a95264b58f7f335962f9d74e6e77a27f3

wificond_service is not a system_server service, so drop the
typeattribute.

Test: compile
Change-Id: Ic212dd2c8bc897fbdc13ca33a9864ac8d4e68732
Signed-off-by: William Roberts <william.c.roberts@intel.com>

This fixes a bug introduced in the HIDL port where fingerprint no
longer notifies keystore of authentications.

Test: keyguard, FingerprintDialog

Fixes bug 34200870

Change-Id: I8b1aef9469ff4f4218573a6cde4c3a151512c226

am: 51c00faf

Change-Id: Ib179a0a42f5c2468c8a44cb80ccc35612b23c693

Ephemeral apps cannot open files from external storage, but can be given
access to files via the file picker.

Test: ACTION_OPEN_DOCUMENTS from an ephemeral app returns a readable fd.
Change-Id: Ie21b64a9633eff258be254b9cd86f282db1509e8

am: cde575d2

Change-Id: I9e787a2e5f852e67f708dc9c0f0ca780c88af889

am: a06807fd

Change-Id: I559d209a89833d7c2fc9bca29e6036f5c2bc44a2