(cherry picked from commit 5d8d2dc9)

Grant update_verifier the permissions to read /data/ota_package/
and the blocks on system partition.

The denial messages:
update_verifier: type=1400 audit(0.0:29): avc: denied { read }
scontext=u:r:update_verifier:s0 tcontext=u:object_r:ota_package_file:s0 tclass=file permissive=1

update_verifier: type=1400 audit(0.0:30): avc: denied { open }
scontext=u:r:update_verifier:s0 tcontext=u:object_r:ota_package_file:s0 tclass=file permissive=1

update_verifier: type=1400 audit(0.0:31): avc: denied { read } dev="tmpfs"
scontext=u:r:update_verifier:s0 tcontext=u:object_r:system_block_device:s0 tclass=blk_file permissive=1

update_verifier: type=1400 audit(0.0:32): avc: denied { open } dev="tmpfs"
scontext=u:r:update_verifier:s0 tcontext=u:object_r:system_block_device:s0 tclass=blk_file permissive=1

Test: On device, update_verifier reads the blocks successfully during boot time.
Bug: 30020920

Change-Id: I10777c1e6ba649b82c4a73171124742edeb05997

update_verifier calls bootcontrol HAL to mark the currently booting slot
as successfully booted.

avc: denied { search } for name="block" dev="tmpfs" scontext=u:r:update_verifier:s0 tcontext=u:object_r:block_device:s0 tclass=dir permissive=0
avc: denied { search } for name="block" dev="tmpfs" scontext=u:r:update_verifier:s0 tcontext=u:object_r:block_device:s0 tclass=dir permissive=0

Bug: 29569601
Test: Device boots up with no update_verifier denials and 'bootctl is-slot-marked-successful 0' returns 0.
Change-Id: I1baa7819bc829e3c4b83d7168008a5b06b01cc9f

(cherry picked from commit 23a276a2)

DRM 3rd party application with platform signature
requires the permission.

Bug: 30352348
Change-Id: Idd673506764ae435db1be8cc8c13658541ffa687

(cherry picked from commit f412cc62)

Bug: 31254800
Change-Id: If8708c8a4e0ea7655f31028881248a14cf2ba5f7

(cherry picked from commit 1617c0ce)

Addresses the following denial:
     avc: denied { setsched } for pid=1405 comm="Binder:1094_3" scontext=u:r:system_server:s0 tcontext=u:r:bootanim:s0 tclass=process permissive=0

Maybe fix bug 30118894.

Bug: 30118894
Change-Id: I29be26c68094c253778edc8e4fef2ef1a238ee2e

Add a macro to make this easier for other processes
as well.

Change-Id: I489d0ce042fe5ef88dc767a6fbdb9b795be91601
(cherry picked from commit c2b9c1561e4bd7ac86d78b44ca7927994e781da0)

Change-Id: I07d188e4dd8801a539db1e9f3edf82a1d662648e
(cherry picked from commit 61a082a55dbc2798d50d0d4b766151d69334729a)

(cherry picked from commit 88c51465)

Allow the otapreopt rename script to read file attributes. This is
being used to print the aggregate artifact size for diagnostic
purposes.

Bug: 30832951
Change-Id: Iee410adf59dcbb74fa4b49edb27d028025cd8bf9

(cherry picked from commit eb717421)

The new A/B OTA artifact naming scheme includes the target slot so
that the system is robust with respect to unexpected reboots. This
complicates the renaming code after reboot, so it is moved from the
zygote into a simple script (otapreopt_slot) that is hooked into
the startup sequence in init.

Give the script the subset of the rights that the zygote had so that
it can move the artifacts from /data/ota into /data/dalvik-cache.
Relabeling will be done in the init rc component, so relabeling
rights can be completely removed.

Bug: 25612095
Bug: 28069686
Change-Id: Iad56dc3d78ac759f4f2cce65633cdaf1cab7631b

(cherry picked from commit d2dbc899)

bug: 30087072
bug: 29937024
Change-Id: I8bf3032b8455556ff5332f538f43aeb514d3b290

Needed for legacy VPN access.

Note that ioctl whitelisting only uses the type and command fields
of the ioctl so only the last two bytes are necessary, thus 0x40047438
and 0x7438 are treated the same.

Bug: 30154346
Change-Id: I45bdc77ab666e05707729a114d933900655ba48b

(cherry picked from commit ec4b9d67)

Vendor apps are usually not preopted, so A/B dexopt should pick
them up. update_engine is not mounting the vendor partition, so
let otapreopt_chroot do the work.

This change gives otapreopt_chroot permission to mount /vendor
into the chroot environment.

Bug: 25612095
Bug: 29498238
Change-Id: I5a77bdb78a8e478ce10f6c1d0f911a8d6686becb

Isolated_app no longer has the domain_deprecated attribute.

Bug: 31364540
Change-Id: I37e39becf24f98d6ee427bc8d039852e6a322ca6

No "granted" messages for the removed permissions observed in three
months of log audits.

Bug: 28760354
Change-Id: I2b45284893e150575992befeef48e1bd53a2fba2

No "granted" messages for the removed permissions observed in three
months of log audits.

Bug: 28760354
Change-Id: I46b6b79b3a13108020114f3c3555adeac021b0a9

(cherry picked from commit 6c3f2831)

Allow priv_app, uncrypt, update_engine to access the OTA packages at
/data/ota_package (both A/B and non-A/B). GMSCore (priv_app) checks
the existence of the folder, and downloads the package there if present.

Bug: 28944800
Change-Id: I3c0717861fce7f93b33874a99f6a4a55567612a5

(cherry picked from commit e123f061)

b/30832947

Change-Id: Icd5117d655f1197524b39fe7bc1b11c4d920093c

(cherry picked from commit 8cac2586)

More read rights are required now.

Bug: 25612095
Change-Id: I766b3b56064ca2f265b9d60e532cd22712f95a42

(cherry picked from commit 63203a01)

bug: 30963384
Change-Id: I62b5ffd43469dbb0bba67e1bb1d3416e7354f9e5

(cherry picked from commit e01654f9)

For Retail Demo mode, we need to preload photos in
/data/preloads and allow regular apps to access the
photos returned by the media provider from the preloads
directory.

Bug: 29940807
Change-Id: Ic1061dac55ace1b125ae04b5b0c70aae9aa0c732