Test: manual
Bug: 78318738
Change-Id: I45c3511860fbe6a1de45c6930052a8865b38986a

With this attribute it will be easier to reference /proc files.

Bug: 74182216
Test: policy builds
Change-Id: I5b7da508d821e45f122832261a742a201e8fdf2c

Instead of having statsd linking the perfetto client library
and talk directly to its socket, we let just statsd exec()
the /system/bin/perfetto cmdline client.

There are two reasons for this:
1) Simplify the interaction between statsd and perfetto, reduce
  dependencies, binary size bloat and isolate faults.
2) The cmdline client also takes care of handing the trace to
  Dropbox. This allows to expose the binder interaction surface
  to the short-lived cmdline client and avoid to grant binder
  access to the perfetto traced daemon.

This cmdline client will be used by:
 - statsd
 - the shell user (for our UI and Studio)

Bug: 70942310
Change-Id: I8cdde181481ad0a1a5cae5937ac446cedac54a1f

Bug: 63757906
Test: manual testing conducted
Change-Id: Id03413ce82b5646d4bceddc59e16c7d5ee5bc193

This reverts commit 5744cbdf.

Reason for revert: aosp_dragon-userdebug build broken

Change-Id: I5f8180273c32119ae9839f31610bbca37cd05c65

Test: manual testing conducted see if it interfere's with AOSP

Change-Id: If47a663557b2ebf825fc082edb838ae085ec66b3

- Allow system_server to create and write to /data/misc/wmtrace/*
- Allow surfaceflinger to create and write files from /data/misc/wmtrace/*
- Allow dumpstate to read files from /data/misc/wmtrace/*
permissions are restricted to userdebug or eng builds

Bug: 64831661

Test: adb shell cmd window tracing start && adb shell cmd window tracing stop
Test: adb shell su root service call SurfaceFlinger 1025 i32 1 >/dev/null && adb shell su root service call SurfaceFlinger 1025 i32 0 >/dev/null
Test: adb bugreport ~/tmp.zip && adb shell su root dmesg | grep 'avc: '

Change-Id: I0b15166560739d73d7749201f3ad197dbcf5791c

These are no longer used.

Test: build aosp_marlin
Bug: 34980020
Change-Id: I04e4aa2322fcdf5945b99967d88287c353b9a6ae

Bug: 37916906
Test: Builds 'n' boots.
Change-Id: Ia1d86264446ebecc1ca79f32f11354921bc77668
Merged-In: I208ec6a864127a059fb389417a9c6b259d7474cb

Bug: 37916906
Test: Builds 'n' boots.
Change-Id: Ia1d86264446ebecc1ca79f32f11354921bc77668
Merged-In: I208ec6a864127a059fb389417a9c6b259d7474cb

Add a label to /proc/config.gz, so we can distinguish this file from
other /proc files in security policy.

For now, only init is allowed read access. All others are denied.
TODO: clarify exactly who needs access. Further access will be granted
in a future commit.

Bug: 35126415
Test: policy compiles and no device boot problems.
Change-Id: I8b480890495ce5b8aa3f8c7eb00e14159f177860

In order to support platform changes without simultaneous updates from
non-platform components, the platform and non-platform policies must be
split.  In order to provide a guarantee that policy written for
non-platform objects continues to provide the same access, all types
exposed to non-platform policy are versioned by converting them and the
policy using them into attributes.

This change performs that split, the subsequent versioning and also
generates a mapping file to glue the different policy components
together.

Test: Device boots and runs.
Bug: 31369363
Change-Id: Ibfd3eb077bd9b8e2ff3b2e6a0ca87e44d78b1317