am: c2dbce06

Change-Id: Ic14be85edfefc7ec65614fdd811a5f9cb8f37f38

am: 66334bd0

Change-Id: I0062431fcb446d9377297b074145c7a8bad01aa1

am: 7f82c3eb

Change-Id: Ia2b34d40119a04f80c677c64b24549294c39e3d3

am: ecccfc84

Change-Id: Ie03c9a3df54c840b6f658c0387b4958e307a6269

am: 42abd423

Change-Id: I50471d01ded8896d617522e2168ebaecec2d77cf

am: 66f75b69

Change-Id: Ide6874b7889363a6a78e35adb5637c085e83a12e

It doesn't seem like any of our (Google's) devices use
BOARD_ODM_SEPOLICY_DIRS, but this will be helpful for partners.

Also, use BOARD_VENDOR_SEPOLICY_DIRS instead BOARD_SEPOLICY_DIRS for
readability.

Bug: n/a
Test: m selinux_policy
Change-Id: I23f64a24d51ccdb8aa616d0fd8a06d70b6efed32

am: f523218d

Change-Id: I891c0d542d3157eaa94007d14892ff0044ee5cd5

Bug: 111789719
Test: manual
Change-Id: I5a5c1da69fd5d55e3276bb7384a94b9831e3cccd

Test: Compiles - neverallow rules are compile time checks
Change-Id: I2e1177897d2697cde8a190228ba83381d9a1877a

Bug: 112260995
Bug: 120277977
Test: atest VtsHalGnssV2_0TargetTest
Change-Id: I196d8506b2f7c2153e1f647ea5ba61b81bf3d881

Remove the ability for applications to dlopen() executable code from
their home directory for newer API versions. API versions <= 28 are
uneffected by this change.

Bug: 112357170
Test: cts-tradefed run cts -m CtsRenderscriptTestCases
Change-Id: I1d7f3a1015d54b8610d1c561f38a1a3c2bcf79e4

When an app uses renderscript to compile a Script instance,
renderscript compiles and links the script using /system/bin/bcc and
/system/bin/ld.mc, then places the resulting shared library into the
application's code_cache directory. The application then dlopen()s the
resulting shared library.

Currently, this executable code is writable to the application. This
violates the W^X property (https://en.wikipedia.org/wiki/W%5EX), which
requires any executable code be immutable.

This change introduces a new label "rs_data_file". Files created by
/system/bin/bcc and /system/bin/ld.mc in the application's home
directory assume this label. This allows us to differentiate in
security policy between app created files, and files created by
renderscript on behalf of the application.

Apps are allowed to delete these files, but cannot create or write these
files. This is enforced through a neverallow compile time assertion.

Several exceptions are added to Treble neverallow assertions to support
this functionality. However, because renderscript was previously invoked
from an application context, this is not a Treble separation regression.

This change is needed to support blocking dlopen() for non-renderscript
/data/data files, which will be submitted in a followup change.

Bug: 112357170
Test: cts-tradefed run cts -m CtsRenderscriptTestCases
Change-Id: Ie38bbd94d26db8a418c2a049c24500a5463698a3

am: c32ca901

Change-Id: Ifa37f085f897789fc93a7e7ac7f41890f60e42bc

This is analoguous to what Perfetto does with persist.traced.enable.

Test: m
Test: flash walleye
Test: setprop persist.heapprofd.enable 1
      setprop persist.heapprofd.enable 0

Change-Id: I997272ef8c6fe078aca2388ed0cf2ecc3de612a5

am: a0718293

Change-Id: I53e93a5dd95a68f68307c692e0e86a063be8e99d

am: 2a2d638e

Change-Id: I90adc2757fca945d19414adbe6c8cc0ccd198439

- Update policy for new system service, used for SystemUI/Apps to
  present predicted apps in their UI.

Bug: 111701043
Test: manual verification
Change-Id: Ia3b5db987097d2d71bf774ca550041e03214471d

am: 85762ff9

Change-Id: Iedcbbf94650f6ece6b10603fb15df15f4de5f207

am: 144607d1

Change-Id: I7273682203fac176afa5409b395cf85c7b24a238

These address the following denials:

avc: denied { getattr } for pid=547 comm="fastbootd"
path="/dev/block" dev="tmpfs" ino=18532 scontext=u:r:fastbootd:s0
tcontext=u:object_r:block_device:s0 tclass=dir permissive=1␍

avc: denied { read } for pid=547 comm="fastbootd" name="fstab"
dev="sysfs" ino=25820 scontext=u:r:fastbootd:s0
tcontext=u:object_r:sysfs_dt_firmware_android:s0 tclass=dir permissive=1␍␊

avc: denied { open } for pid=547 comm="fastbootd"
path="/sys/firmware/devicetree/base/firmware/android/fstab" dev="sysfs"]
ino=25820 scontext=u:r:fastbootd:s0
tcontext=u:object_r:sysfs_dt_firmware_android:s0 tclass=dir permissive=1

Bug: 119115481
Test: fastboot flashall
Change-Id: I97dc783ceef396145e3baa5d79194560fc0634f7

am: 65b9e66f

Change-Id: I70436a5debf12a97f55085df461ab8791a238370

am: a939eca2

Change-Id: I97e83a84533e040e4109c93d038debae598670e3

* changes:
  Revert "Move thermal service into system_server"
  Revert "Expose thermal service to all apps"

This reverts commit 461d91fe.

Reason for revert: breaks git_pi-dev-plus-aosp

Change-Id: I8a42dc040a112f0774f31486a8da2a26e1e68a30

This reverts commit 52611966.

Reason for revert: breaks git_pi-dev-plus-aosp

Change-Id: Iddddb77e2d567002aed3844360284c4aeac4088d

am: 2169472f

Change-Id: I7d810cb07323cb878f53cfdfea6676b576319f9a

* changes:
  Expose thermal service to all apps
  Move thermal service into system_server

am: 76d70460

Change-Id: I5f915b166845a3d05c019e4c7426bb54eb6d3336