The PackageManager now passes previous code paths to dex2oat as shared
libraries. dex2oat needs extra permissions in order to access and open
the oat files of these libraries (if they were compiled).

Part of a multi-project change.

Bug: 34169257
Test: cts-tradefed run singleCommand cts -d --module
CtsAppSecurityHostTestCases -t android.appsecurity.cts.SplitTests

Change-Id: I7b9cfd7f3c3509f3e41f0590ab650bd85faab340

am: d1ce5f9d

Change-Id: I6034e6abb15a62b85a36ba7cc57431f8d17aa35c

am: 64cd2970

Change-Id: I436ee925113f84f9cbe6443a4f50ec452c0c55b8

am: 93b97da8

Change-Id: Ia5492ebfb2e91577384fa79a5e1de6a2ade20466

am: c2239df3

Change-Id: I8c9bcef4db2cc6bd5d1c8f787f30ec9351e382f1

Test: mmm system/sepolicy -- no warnings
Bug: 3716915
Change-Id: I76886c2d09a70cbe6dc707dd0599217407bb63f7

Bug: 34766843
Test: Boot and call HAL from system_server
Change-Id: Ice78aedfdbe82477a84252499a76dad37887fe6b

am: be5e0eec

Change-Id: Ibbeca0b2e1fdb706028c40972d3a531b8078782a

am: b28ef526

Change-Id: I6b327525171e96f110df56156455ef6cdd296fb7

Renderscript drivers are loaded from /vendor/lib64 by following the
/system/vendor symlink. This change fixes a couple of things.
- Allows all domains access to follow the symlink
- Restores app domain permissions for /vendor for non-treble devices
- Allow app domains to peek into /vendor/lib64, but NOT grant 'execute'
  permissions for everything. Since RS drivers can be loaded into any
  process, their vendor implementation and dependencies have been
  marked as 'same process HALs' already.

Bug: 37169158
Test: Tested on sailfish (Treble) & Angler (non-treble)
      ./cts-tradefed run cts -m CtsRenderscriptTestCases \
      --skip-device-info --skip-preconditions --skip-connectivity-check \
      --abi arm64-v8a
      Result: Tests Passed: 743 Tests Failed: 0

Change-Id: I36f5523381428629126fc196f615063fc7a50b8e
Signed-off-by: Sandeep Patil <sspatil@google.com>

am: c1de2f31

Change-Id: I7febe6164813451ad38449642450e4bfee31480c

am: ba23c8fa

Change-Id: I9170ebe99c6fc5357ff3c92cb47476b85545b8d6

The concept of VNDK-stable set is gone because they no longer need to be
stable across several Android releases. Instead, they are just small set
of system libraries (other than Low-Level NDK) that can be used by
same-process HALs. They need to be stable only during an Android release
as other VNDK libraries. However, since they are eligible for double
loading, we still need to distinguish those libs from other VNDK
libraries. So we give them a name vndk-sp, which means VNDK designed for
same-process HALs.

Bug: 37139956
Test: booting successful with vndk-sp libs in /vendor/lib(64)?/vndk-sp
Change-Id: I892c4514deb3c6c8006e3659bed1ad3363420732

am: 78e8d073

Change-Id: Ia9314f41641d07f3216e82e0bd01b69a10f52d67

am: d0e9cb05

Change-Id: Iac4a9cc2ac78ba9b72a4bb72ff81f9fd98b34d4b

Add read rights for du.

Bug: 30832951
Test: m
Change-Id: I1186ff995684844e9c6092b5ae65c19172fefbbe

am: b9469075

Change-Id: I5da7d1b8ec4a16ee6bf38ed4bb12931dc25071f4

am: 86123070

Change-Id: I92cf85d8c6cd05bd76ab9745546ac8051535d2ca

am: 2f12ebf4

Change-Id: I18d8402f01f2d3c403a2993f9118c25afb014d57

am: 72126e1b

Change-Id: I58972c23929e81f27d28eff0dd66f21240311b7e

The sepolicy version takes SDK_INT.<minor> format. Make sure our
'current' policy version reflects the format and make it '100000.0'.
This ensures any vendor.img compiled with this will never work with
a production framework image either.

Make version_policy replace the '.' in version by '_' so secilc is
happy too.

This unblocks libvintf from giving out a runtme API to check vendor's
sepolicy version. The PLAT_PUBLIC_SEPOLICY_CURRENT_VERSION will
eventually be picked up from the build system.

Bug: 35217573
Test: Build and boot sailfish.
      Boot sailfish with sepolicy compilation on device.
Signed-off-by: Sandeep Patil <sspatil@google.com>

Change-Id: Ic8b6687c4e71227bf9090018999149cd9e11d63b

am: b3ebaef4

Change-Id: Idacaa3e366a4d754d9e645ee6cadca5504df0b1b

am: df720941

Change-Id: I4590b07ef09247aaf632a09f3247c2314d2a1a63

CTS includes general_sepolicy.conf built from this project. CTS then
tests this file's neverallow rules against the policy of the device
under test. Prior to this commit, neverallow rules which must be
enforced only for Treble devices we not included into
general_sepolicy.conf. As a result, these rules were not enforced for
Treble devices.

This commit fixes the issue as follows. Because CTS includes only one
policy, the policy now contains also the rules which are only for
Treble devices. To enable CTS to distinguish rules needed for all
devices from rules needed only on Treble devices, the latter rules are
contained in sections delimited with BEGIN_TREBLE_ONLY and
END_TREBLE_ONLY comments.

This commit also removes the unnecessary sepolicy.general target. This
target is not used anywhere and is causing trouble because it is
verifying neverallows of the policy meant to be used by CTS. This
policy can no longer be verified with checkpolicy without
conditionally including or excluding Treble-only neverallows.

Test: mmm system/sepolicy
Test: Device boots -- no new denials
Bug: 37082262
Change-Id: I15172a7efd9374543ba521e17aead1bdda7451bf

am: c28a5c5d

Change-Id: Idd1d93beb393a9cd31bc2cf35b722920f9e31855

am: b9bd6708

Change-Id: Ie76de5da8e9a370e2f744d158ead93bbc1d0a508

am: 9c7a0d8c

Change-Id: I139d43838b74a8e7340d145d7c644efa090457db

am: 82696dd1

Change-Id: Ib04932a421523eb50c2e40bf24000ae58ac7a535

am: 8ee64187

Change-Id: I6c035c3e696531297ff8a3c09045acf6d2c98cd0

am: 462cf398

Change-Id: I12d310b90e6863a56c1fc269ce237e93864d88f8

We want to track temperature metrics during an OTA update.

denial message:
denied  { search } for  pid=349 comm="recovery" name="thermal"
dev="sysfs" ino=18029 scontext=u:r:recovery:s0
tcontext=u:object_r:sysfs_thermal:s0 tclass=dir permissive=0

denied  { read } for  pid=326 comm="recovery" name="temp"
dev="sysfs" ino=18479 scontext=u:r:recovery:s0
tcontext=u:object_r:sysfs_thermal:s0 tclass=file permissive=0

Bug: 36920500
Bug: 32518487
Test: temperature logs on angler
Change-Id: Ib70c1c7b4e05f91a6360ff134a11c80537d6015e
(cherry picked from commit 3da2f21f)